search for: nbd_tls

...nd default_tls_x509_verify = 1 (and directories as required see 1), virsh initiated migrations with --tls flag succeed and captures show that it's using TLS. However, they equally succeed without the flag. Is there a way to ensure that only TLS communication is permitted between QEMUs? I tried nbd_tls, but that did not seem to have any effect. Thanks a lot for your help!

...ses TLS. Without the --tls flag, neither of them uses it. If your tls environment is setup properly there isn't any user visible difference, but the traffic is encrypted only when --tls is used. > Is there a way to ensure that only TLS communication is permitted > between QEMUs? I tried nbd_tls, but that did not seem to have any > effect. Unfortunately the 'nbd_tls' field is named a bit misleadingly. The setting refers to forcing TLS for NBD connections corresponding to <disk> device which is accessed via NBD. The NBD connection used for the non-shared-storage migration...

...ht be various requirements for various use cases. > protocol (BTW not spice?), so I am confused. > should I configure in /etc/libvirt/qemu.conf > There is default_tls which should be enough to start, then you need to turn on tls usage for want. There's vnc_tls, spice_tls, vxhs_tls, nbd_tls, migrate_tls, backup_tls, and you can even configure different certificates for each of them. >spice_tls option and certificates ? > That, and also don't forget to configure the domain XML so that it uses what you want, probably something like: <graphics type='spice' tlsPort...

(Posted few days ago on qemu group but no reactions) Do I understand correctly that ssl shoudl be configured independently for libvirt and each hypervisor? I asked because I configured libvirt connection as qemu+tls://bambus.kjonca/system?pkipath=... (and on bambus in /etc/libvirt/libvirtd.conf) I set key_file = ... cert_file = ... ca_file = ... But after connect and lauching (on bambus) vm I