On 03/20/2013 11:39 PM, Wenchao Xia wrote:
This patch allow libvirt-cim to use non-root's ssh key in migration to avoid exposing root's ssh login on server. In some case server are forbidden to expose or provide any root ssh login, and still use ssh encryption between two migration nodes with key of special account created for virtual machine management.
When it is enabled in config file: 1 MigrateSSHKeyCopy, use string property [SSH_Key_Src] to tell which key to be copied. It will be copied to [migrate_ssh_temp_key]. 2 MigrateVirtualSystemToHost and CheckVirtualSystemIsMigratableToHost, use bool property [MigrationWithoutRootKey], to tell whether to use the key as [migrate_ssh_temp_key]. 3 MigrateSSHKeyDelete, when it is called [migrate_ssh_temp_key] will be deleted.
Details: libvirt-cim would run shell command "cp -f [SSH_Key_Src] [migrate_ssh_temp_key]", then use [migrate_ssh_temp_key] to generate uri suffix for remote connection to migration destination.
Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> --- libvirt-cim.conf | 19 +++ libxkutil/misc_util.c | 9 ++ libxkutil/misc_util.h | 3 + src/Virt_VSMigrationService.c | 263 ++++++++++++++++++++++++++++++++++++++++- 4 files changed, 289 insertions(+), 5 deletions(-)
Need some more time to look at this - first pass seems OK, but it's late and I'll pick it up again tomorrow. John