[v6] Use nbdkit for http/ftp/ssh network drives in libvirt

[libvirt PATCH v6 33/36] schema: add ssh-agent configuration for ssh disks

Posted by Jonathon Jongsma 2 years, 6 months ago

Add the ability to specify a path to a ssh-agent socket in order to use
the ssh-agent to authenticate to remote ssh disks. Example
configuration:

    <disk type='network'>
        </source protocol='ssh' ...>
            <identity username='myusername' agentsock='/path/to/socket'/>
            ...
        </source>
        ...
    </disk>

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
---
 docs/formatdomain.rst             | 13 ++++++++-----
 src/conf/schemas/domaincommon.rng | 11 ++++++++---
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 364fe285a3..e7b14503b2 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2989,11 +2989,14 @@ paravirtualized driver is specified via the ``disk`` element.
       are intended to be default, then the entire element may be omitted.
 
       When using an ``ssh`` protocol, this element is used to enable
-      authentication via ssh keys. In this configuration, the element has two
-      attributes. The ``username`` attribute specifies the name of the user on
-      the remote server and the ``keyfile`` attribute specifies the path to the
-      keyfile. Note that this only works for ssh keys that are not
-      password-protected.
+      authentication via ssh keys. In this configuration, the element has three
+      possible attributes. The ``username`` attribute is required and specifies
+      the name of the user on the remote server. ssh keys can be specified in
+      one of two ways. The first way is by adding them to an ssh-agent and
+      providing the path to the ssh-agent socket in the ``agentsock``
+      attribute. This method works for ssh keys with or without password
+      protection. Alternatively, for ssh keys without a password, the ssh key
+      can be specified directly by setting the ``keyfile`` attribute.
    ``reconnect``
       For disk type ``vhostuser`` configures reconnect timeout if the connection
       is lost. This is set with the two mandatory attributes ``enabled`` and
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 5b90b71dff..91f399e057 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2201,9 +2201,14 @@
         <attribute name="username">
           <ref name="genericName"/>
         </attribute>
-        <attribute name="keyfile">
-          <ref name="absFilePath"/>
-        </attribute>
+        <choice>
+          <attribute name="keyfile">
+            <ref name="absFilePath"/>
+          </attribute>
+          <attribute name="agentsock">
+            <ref name="absFilePath"/>
+          </attribute>
+        </choice>
       </interleave>
     </element>
   </define>
-- 
2.41.0

Re: [libvirt PATCH v6 33/36] schema: add ssh-agent configuration for ssh disks

Posted by Peter Krempa 2 years, 5 months ago

On Thu, Jul 20, 2023 at 17:20:00 -0500, Jonathon Jongsma wrote:
> Add the ability to specify a path to a ssh-agent socket in order to use
> the ssh-agent to authenticate to remote ssh disks. Example
> configuration:
> 
>     <disk type='network'>
>         </source protocol='ssh' ...>
>             <identity username='myusername' agentsock='/path/to/socket'/>
>             ...
>         </source>
>         ...
>     </disk>
> 
> Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
> ---
>  docs/formatdomain.rst             | 13 ++++++++-----
>  src/conf/schemas/domaincommon.rng | 11 ++++++++---
>  2 files changed, 16 insertions(+), 8 deletions(-)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>