git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure hosts communications


Hi Richard,


Please read: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security


4.11.2 is out, please consider using it instead of 4.11.1 as it has several bugfixes etc.

In short, with all of your KVM hosts up and connected to mgmt server, first change the auth strictness global setting to true, then using API secure the hosts using the provisionCertificate API. In the UI, go to your hosts that don't show up as secure and click on the key button (a new button) to secure the host which calls the provisionCertificate API as well.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <richard.persaud@xxxxxxxxx>
Sent: Monday, November 26, 2018 8:19:56 PM
To: users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: secure hosts communications

Thank you, Rohit.

I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness set to true.

What configuration needs to be adjusted to have the KVM hosts show secure?

Regards,

Richard Persaud

From: Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx>
Sent: Saturday, November 24, 2018 2:02 PM
To: users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: secure hosts communications

⚠ EXT MSG:

Richard,


Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <richard.persaud@xxxxxxxxx<mailto:richard.persaud@xxxxxxxxx>>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: users@xxxxxxxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxxxxxxx>
Subject: secure hosts communications

Hello,

Is there straight-forward to enable secure communications between the management and the hosts?

I have looked at many documentations but am still unable to get the hosts to show a "secure" state.

Regards,

Richard Persaud


rohit.yadav@xxxxxxxxxxxxx<mailto:rohit.yadav@xxxxxxxxxxxxx>
www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




* This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments.

rohit.yadav@xxxxxxxxxxxxx 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue