Uploaded image for project: 'Migration Toolkit for Virtualization'
  1. Migration Toolkit for Virtualization
  2. MTV-530

Secure cold-migrations from vSphere

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 2.6.0
    • None
    • None
    • None

      Since we started to use virt-v2v on el9 for cold migrations (to the local cluster) from vSphere, secure migration practically stopped working as the fingerprint is not enough, we should rather get a certificate and set it for virt-v2v (for dropping the no_verify=1 parameter) for certificate authorities that are not in the system pool.

      This should be verified by migrating from a vSphere provider (with SDK endpoint of vCenter or ESXi) that is not set with the "skip certificate validation" property (via the API, the provider should be set with insecureSkipVerify=false or without specifying insecureSkipVerify). The certificate can be either retrieved from the `services` service that returns a certificate for a given URL or from the vCenter/ESXi directly.

            ahadas@redhat.com Arik Hadas
            ahadas@redhat.com Arik Hadas
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: