Red Hat Training

A Red Hat training course is available for Red Hat Virtualization

D.3. Manually Setting Up Encrypted Communication for VDSM

You can manually set up encrypted communication for VDSM with the Manager and with other VDSM instances.

Only hosts in clusters with cluster level 3.6, 4.0, and 4.1 require manual configuration. Hosts in clusters with level 4.2 are automatically reconfigured for strong encryption during host reinstallation.

Note

RHVH 3.6, 4.0, and 4.1 hosts do not support strong encryption. RHVH 4.2 and RHEL hosts do support it.

If you have 3.6, 4.0, or 4.1 clusters with RHVH 4.2 hosts, you can use strong encryption.

Procedure

  1. Click ComputeHosts and select the host.
  2. Click ManagementMaintenance to open the Maintenance Host(s) confirmation window.
  3. Click OK to initiate maintenance mode.
  4. On the host, create /etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf with the following setting:

    [vars]
    ssl_ciphers = HIGH

    See OpenSSL Cipher Strings for more information.

  5. Restart VDSM:

    # systemctl restart vdsm
  6. Click ComputeHosts and select the host.
  7. Click ManagementActivate to reactivate the host.