[libvirt PATCH v6 31/36] schema: add keyfile configuration for ssh disks
Authenticating via key file to an ssh server is often preferable to
logging in via password. In order to support this functionality add a
new <identity> xml element for ssh disks that allows the user to specify
a keyfile and username. Example configuration:
<disk type='network'>
<source protocol='ssh' ...>
<identity keyfile='/path/to/id_rsa' username='myusername'/>
...
</source>
...
</disk>
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/formatdomain.rst | 7 +++++++
src/conf/schemas/domaincommon.rng | 19 ++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 1d30eb5016..364fe285a3 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2987,6 +2987,13 @@ paravirtualized driver is specified via the ``disk`` element.
of these attributes is omitted, then that field is assumed to be the
default value for the current system. If both ``user`` and ``group``
are intended to be default, then the entire element may be omitted.
+
+ When using an ``ssh`` protocol, this element is used to enable
+ authentication via ssh keys. In this configuration, the element has two
+ attributes. The ``username`` attribute specifies the name of the user on
+ the remote server and the ``keyfile`` attribute specifies the path to the
+ keyfile. Note that this only works for ssh keys that are not
+ password-protected.
``reconnect``
For disk type ``vhostuser`` configures reconnect timeout if the connection
is lost. This is set with the two mandatory attributes ``enabled`` and
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index aa6f39bd2d..5b90b71dff 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2195,6 +2195,19 @@
</element>
</define>
+ <define name="diskSourceNetworkProtocolSSHKeyDef">
+ <element name="identity">
+ <interleave>
+ <attribute name="username">
+ <ref name="genericName"/>
+ </attribute>
+ <attribute name="keyfile">
+ <ref name="absFilePath"/>
+ </attribute>
+ </interleave>
+ </element>
+ </define>
+
<define name="diskSourceNetworkProtocolSSH">
<element name="source">
<interleave>
@@ -2214,11 +2227,15 @@
<ref name="diskSourceNetworkProtocolSSHHostVerify"/>
</optional>
<optional>
- <ref name="diskAuth"/>
+ <choice>
+ <ref name="diskSourceNetworkProtocolSSHKeyDef"/>
+ <ref name="diskAuth"/>
+ </choice>
</optional>
</interleave>
</element>
</define>
+
<define name="diskSourceNetworkProtocolSimple">
<element name="source">
<interleave>
--
2.41.0