mirror of https://github.com/apache/cloudstack.git
b46e4d4bbf
- mTLS implementation for cluster service communication
- Listen only on the specified cluster node IP address instead of all interfaces
- Validate incoming cluster service requests are from peer management servers based on the server's certificate dns name which can be through global config - ca.framework.cert.management.custom.san
- Hardening of KVM command wrapper script execution
- Improve API server integration port check
- cloudstack-management.default: don't have JMX configuration if not needed. JMX is used for instrumentation; users who need to use it should enable it explicitly
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| acl | ||
| affinity-group-processors | ||
| alert-handlers | ||
| api | ||
| backup | ||
| ca/root-ca | ||
| database | ||
| dedicated-resources | ||
| deployment-planners | ||
| event-bus | ||
| ha-planners/skip-heurestics | ||
| host-allocators/random | ||
| hypervisors | ||
| integrations | ||
| metrics | ||
| network-elements | ||
| outofbandmanagement-drivers | ||
| storage | ||
| storage-allocators/random | ||
| user-authenticators | ||
| user-two-factor-authenticators | ||
| pom.xml | ||