Re: [libvirt PATCH v6 32/36] qemu: implement keyfile auth for ssh disks with nbdkit

Mon, 21 Aug 2023 05:44:23 -0700 

On Thu, Jul 20, 2023 at 17:19:59 -0500, Jonathon Jongsma wrote:
> For ssh disks that are served by nbdkit, we can support logging in with
> an ssh key file. Pass the path to the configured key file and the
> username to the nbdkit process.
> 
> Signed-off-by: Jonathon Jongsma <[email protected]>
> ---
>  src/conf/domain_conf.c                        | 32 ++++++++++++++----
>  src/conf/storage_source_conf.c                |  1 +
>  src/conf/storage_source_conf.h                |  5 ++-
>  src/qemu/qemu_nbdkit.c                        | 15 +++++++--
>  .../disk-network-ssh-key.args.disk0           |  9 +++++
>  .../disk-network-ssh.args.disk2               |  9 +++++
>  tests/qemunbdkittest.c                        |  1 +
>  .../qemuxml2argvdata/disk-network-ssh-key.xml | 33 +++++++++++++++++++
>  8 files changed, 94 insertions(+), 11 deletions(-)
>  create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0
>  create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2
>  create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml



> @@ -22164,8 +22172,20 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf,
>      if (src->timeout)
>          virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", 
> src->timeout);
>  
> -    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && 
> src->ssh_known_hosts_file)
> -        virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", 
> src->ssh_known_hosts_file);
> +    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH) {
> +        if (src->ssh_known_hosts_file)
> +            virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", 
> src->ssh_known_hosts_file);
> +        if (src->ssh_keyfile) {
> +            virBufferAddLit(childBuf, "<identity");
> +
> +            if (src->ssh_user)
> +                virBufferEscapeString(childBuf, " username='%s'", 
> src->ssh_user);

virBufferEscapeString skips the formatting of the whole XL parameter if
the 3rd argument is NULL, so the NULL checks here ..

> +            if (src->ssh_keyfile)

... and here are not needed.

> +                virBufferEscapeString(childBuf, " keyfile='%s'", 
> src->ssh_keyfile);
> +
> +            virBufferAddLit(childBuf, "/>\n");
> +        }
> +    }
>  }



> diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
> index 8a9c7d07e2..8c805664af 100644
> --- a/src/conf/storage_source_conf.h
> +++ b/src/conf/storage_source_conf.h
> @@ -406,12 +406,11 @@ struct _virStorageSource {
>  
>      bool hostcdrom; /* backing device is a cdrom */
>  
> -    /* passthrough variables for the ssh driver which we don't handle 
> properly */
> -    /* these must not be used apart from formatting the output JSON in the 
> qemu driver */
> +    /* ssh variables */
>      char *ssh_user;
>      bool ssh_host_key_check_disabled;
> -    /* additional ssh variables */
>      char *ssh_known_hosts_file;
> +    char *ssh_keyfile;

The new field *MUST* be copied in virStorageSourceCopy.


Reviewed-by: Peter Krempa <[email protected]>

Reply via email to