Re: [libvirt PATCH v6 32/36] qemu: implement keyfile auth for ssh disks with nbdkit

For ssh disks that are served by nbdkit, we can support logging in with an ssh key file. Pass the path to the configured key file and the username to the nbdkit process. Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com&gt; --- src/conf/domain_conf.c | 32 ++++++++++++++---- src/conf/storage_source_conf.c | 1 + src/conf/storage_source_conf.h | 5 ++- src/qemu/qemu_nbdkit.c | 15 +++++++-- .../disk-network-ssh-key.args.disk0 | 9 +++++ .../disk-network-ssh.args.disk2 | 9 +++++ tests/qemunbdkittest.c | 1 + .../qemuxml2argvdata/disk-network-ssh-key.xml | 33 +++++++++++++++++++ 8 files changed, 94 insertions(+), 11 deletions(-) create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0 create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2 create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml

@@ -22164,8 +22172,20 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf, if (src->timeout) virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout); - if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && src->ssh_known_hosts_file) - virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file); + if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH) { + if (src->ssh_known_hosts_file) + virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file); + if (src->ssh_keyfile) { + virBufferAddLit(childBuf, "<identity"); + + if (src->ssh_user) + virBufferEscapeString(childBuf, " username='%s'", src->ssh_user);

+ if (src->ssh_keyfile)

+ virBufferEscapeString(childBuf, " keyfile='%s'", src->ssh_keyfile); + + virBufferAddLit(childBuf, "/>\n"); + } + } }

diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h index 8a9c7d07e2..8c805664af 100644 --- a/src/conf/storage_source_conf.h +++ b/src/conf/storage_source_conf.h @@ -406,12 +406,11 @@ struct _virStorageSource { bool hostcdrom; /* backing device is a cdrom */ - /* passthrough variables for the ssh driver which we don't handle properly */ - /* these must not be used apart from formatting the output JSON in the qemu driver */ + /* ssh variables */ char *ssh_user; bool ssh_host_key_check_disabled; - /* additional ssh variables */ char *ssh_known_hosts_file; + char *ssh_keyfile;