D.3. Manually Setting Up Encrypted Communication for VDSM
You can manually set up encrypted communication for VDSM with the Manager and with other VDSM instances.
Only hosts in clusters with cluster level 3.6, 4.0, and 4.1 require manual configuration. Hosts in clusters with level 4.2 are automatically reconfigured for strong encryption during host reinstallation.
RHVH 3.6, 4.0, and 4.1 hosts do not support strong encryption. RHVH 4.2 and RHEL hosts do support it.
If you have 3.6, 4.0, or 4.1 clusters with RHVH 4.2 hosts, you can use strong encryption.
Procedure
-
Click
and select the host. -
Click
to open the Maintenance Host(s) confirmation window. - Click OK to initiate maintenance mode.
On the host, create
/etc/vdsm/vdsm.conf.d/99-custom-ciphers.conf
with the following setting:[vars] ssl_ciphers = HIGH
See OpenSSL Cipher Strings for more information.
Restart VDSM:
# systemctl restart vdsm
-
Click
and select the host. -
Click
to reactivate the host.