[libvirt PATCH v6 29/36] schema: add configuration for host verification of ssh disks
In order to make ssh disks usable, we need to be able to validate a
remote host. To do this, add a <knownHosts> xml element for ssh disks to
allow the user to specify a location for a file that contains known host
keys. Implementation to follow.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/formatdomain.rst | 8 ++++++++
src/conf/schemas/domaincommon.rng | 11 +++++++++++
2 files changed, 19 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 7a5cb1cf22..1d30eb5016 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3003,6 +3003,14 @@ paravirtualized driver is specified via the ``disk`` element.
paused and will be rerun after a successful reconnect. After that time, any
delayed requests and all future requests before a successful reconnect
will immediately fail. If not set the default QEMU value is 0.
+ ``knownHosts``
+ For storage accessed via the ``ssh`` protocol, this element configures a
+ path to a file that will be used to verify the remote host. This file
+ must contain the expected host key for the remote host or the connection
+ will fail. The location of the file is specified via the ``path``
+ attribute.
+ :since:`Since 9.6.0`
+
For a "file" or "volume" disk type which represents a cdrom or
floppy (the
``device`` attribute), it is possible to define policy what to do with the
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 9fcf59268d..aa6f39bd2d 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2187,6 +2187,14 @@
</element>
</define>
+ <define name="diskSourceNetworkProtocolSSHHostVerify">
+ <element name="knownHosts">
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </element>
+ </define>
+
<define name="diskSourceNetworkProtocolSSH">
<element name="source">
<interleave>
@@ -2202,6 +2210,9 @@
<ref name="encryption"/>
</optional>
<ref name="diskSourceNetworkProtocolPropsCommon"/>
+ <optional>
+ <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
+ </optional>
<optional>
<ref name="diskAuth"/>
</optional>
--
2.41.0