From nobody Tue Feb 10 07:41:10 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1693518072; cv=none;
	d=zohomail.com; s=zohoarc;
	b=J/4L8HhYaG33ET4Z2QyS39N0zEooX79qmCySfUX1UxKGP+0k/JK3eawvAc0oRy7SNsoQqO/l7Neknr3WWEvVO8NRnIiaZAFxjNwhD7c9N422HeRcA7k4x7qeSbU01w/D6JXA/IwWo+iBNO4r8u2TP4u4vm6l/YL/ih0bDqDUzDY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1693518072;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=QVnwMQj4A9bInJGBWZcOJYNJbuE3qAXypiNX8smZyPI=;
	b=iVW8CFzj/SA9eeh7S85FiPW6ksWSTL4MuGkbiH8nSMPL6xBoF2OkHqYmKWpgOAf6tVPur3Eb2i7FgkpOXsKx7RdS+vDc8HAWOpWkPnuf0TMW0b1DG4aKFtSUxnnY4dCHeVHEudSg6DiLLHW6adtKDA+KoZJZtb1nJAzchNKbkvU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jjongsma@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1693518072444537.7943959550735;
 Thu, 31 Aug 2023 14:41:12 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-320-gb_oUWfvNeip6m757XOgDg-1; Thu, 31 Aug 2023 17:40:55 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0199485CBF9;
	Thu, 31 Aug 2023 21:40:49 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D6EA140D283C;
	Thu, 31 Aug 2023 21:40:48 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id DC1C2194E013;
	Thu, 31 Aug 2023 21:40:31 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 0425A1946587 for <libvir-list@listman.corp.redhat.com>;
 Thu, 31 Aug 2023 21:40:26 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id EB20F492C18; Thu, 31 Aug 2023 21:40:25 +0000 (UTC)
Received: from himantopus.redhat.com (unknown [10.22.17.68])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id C039A492C13;
 Thu, 31 Aug 2023 21:40:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1693518071;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=QVnwMQj4A9bInJGBWZcOJYNJbuE3qAXypiNX8smZyPI=;
	b=hPrDCztiWYHIweFOMlLdwsJpNIoFZzx1lgmSywgmxlE8TrEHJEqqZfbktqXfRRLRFcTzZi
	EtTSpDF6j9iJGMbwtihV0uCxkLLs7jSW/+6PSq/pNP3DLdVcNwlL910RfCxzmq7PMg6KFP
	bmnQEPzYoXW4cd2METqoXsCbGFf1/ro=
X-MC-Unique: gb_oUWfvNeip6m757XOgDg-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Jonathon Jongsma <jjongsma@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v8 28/37] schema: add password configuration for ssh
 disk
Date: Thu, 31 Aug 2023 16:40:08 -0500
Message-ID: <20230831214017.1536388-29-jjongsma@redhat.com>
In-Reply-To: <20230831214017.1536388-1-jjongsma@redhat.com>
References: <20230831214017.1536388-1-jjongsma@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: Peter Krempa <pkrempa@redhat.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1693518074690100005
Content-Type: text/plain; charset="utf-8"; x-default="true"

Right now, ssh network disks are not usable. There is some basic support
in libvirt that is meant to support disk chains that have backing disks
located at ssh urls, but there is no real way for a user to configure a
ssh-based disk.  This commit allows users to configure an ssh disk with
password authentication. Implementation will follow.

<disk type=3D'network'>
  <source  protocol=3D'ssh' ...>
    <auth username=3D'myusername'>
      <secret type=3D'iscsi' usage=3D'secretname'/>
    </auth>
</disk>

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatdomain.rst             | 27 ++++++++++++++-------------
 src/conf/schemas/domaincommon.rng | 23 ++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 68f54ab3ed..39d4230ec0 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2778,7 +2778,7 @@ paravirtualized driver is specified via the ``disk`` =
element.
    ``network``
       The ``protocol`` attribute specifies the protocol to access to the
       requested image. Possible values are "nbd", "iscsi", "rbd", "sheepdo=
g",
-      "gluster", "vxhs", "nfs", "http", "https", "ftp", ftps", or "tftp".
+      "gluster", "vxhs", "nfs", "http", "https", "ftp", ftps", "tftp", or =
"ssh".
=20
       For any ``protocol`` other than ``nbd`` an additional attribute ``na=
me``
       is mandatory to specify which volume/image will be used.
@@ -2930,18 +2930,19 @@ paravirtualized driver is specified via the ``disk`=
` element.
    ``auth``
       :since:`Since libvirt 3.9.0` , the ``auth`` element is supported for=
 a
       disk ``type`` "network" that is using a ``source`` element with the
-      ``protocol`` attributes "rbd" or "iscsi". If present, the ``auth`` e=
lement
-      provides the authentication credentials needed to access the source.=
 It
-      includes a mandatory attribute ``username``, which identifies the us=
ername
-      to use during authentication, as well as a sub-element ``secret`` wi=
th
-      mandatory attribute ``type``, to tie back to a `libvirt secret
-      object <formatsecret.html>`__ that holds the actual password or other
-      credentials (the domain XML intentionally does not expose the passwo=
rd,
-      only the reference to the object that does manage the password). Kno=
wn
-      secret types are "ceph" for Ceph RBD network sources and "iscsi" for=
 CHAP
-      authentication of iSCSI targets. Both will require either a ``uuid``
-      attribute with the UUID of the secret object or a ``usage`` attribute
-      matching the key that was specified in the secret object.
+      ``protocol`` attributes "rbd", "iscsi", or "ssh". If present, the
+      ``auth`` element provides the authentication credentials needed to a=
ccess
+      the source. It includes a mandatory attribute ``username``, which
+      identifies the username to use during authentication, as well as a
+      sub-element ``secret`` with mandatory attribute ``type``, to tie bac=
k to
+      a `libvirt secret object <formatsecret.html>`__ that holds the actual
+      password or other credentials (the domain XML intentionally does not
+      expose the password, only the reference to the object that does mana=
ge
+      the password). Known secret types are "ceph" for Ceph RBD network so=
urces
+      and "iscsi" for CHAP authentication of iSCSI targets. Both will requ=
ire
+      either a ``uuid`` attribute with the UUID of the secret object or a
+      ``usage`` attribute matching the key that was specified in the secret
+      object.
    ``encryption``
       :since:`Since libvirt 3.9.0` , the ``encryption`` can be a sub-eleme=
nt of
       the ``source`` element for encrypted storage sources. If present,
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom=
mon.rng
index 4a475f5c36..cd838a475c 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2172,6 +2172,27 @@
     </element>
   </define>
=20
+  <define name=3D"diskSourceNetworkProtocolSSH">
+    <element name=3D"source">
+      <interleave>
+        <attribute name=3D"protocol">
+          <choice>
+            <value>ssh</value>
+          </choice>
+        </attribute>
+        <attribute name=3D"name"/>
+        <ref name=3D"diskSourceCommon"/>
+        <ref name=3D"diskSourceNetworkHost"/>
+        <optional>
+          <ref name=3D"encryption"/>
+        </optional>
+        <ref name=3D"diskSourceNetworkProtocolPropsCommon"/>
+        <optional>
+          <ref name=3D"diskAuth"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
   <define name=3D"diskSourceNetworkProtocolSimple">
     <element name=3D"source">
       <interleave>
@@ -2179,7 +2200,6 @@
           <choice>
             <value>sheepdog</value>
             <value>tftp</value>
-            <value>ssh</value>
           </choice>
         </attribute>
         <attribute name=3D"name"/>
@@ -2289,6 +2309,7 @@
       <ref name=3D"diskSourceNetworkProtocolHTTPS"/>
       <ref name=3D"diskSourceNetworkProtocolFTPS"/>
       <ref name=3D"diskSourceNetworkProtocolFTP"/>
+      <ref name=3D"diskSourceNetworkProtocolSSH"/>
       <ref name=3D"diskSourceNetworkProtocolSimple"/>
       <ref name=3D"diskSourceNetworkProtocolVxHS"/>
       <ref name=3D"diskSourceNetworkProtocolNFS"/>
--=20
2.41.0