[libvirt PATCH v4 30/31] schema: add keyfile configuration for ssh disks

Jonathon Jongsma <jjongsma@xxxxxxxxxx> · Fri, 20 Jan 2023 16:03:24 -0600

Authenticating via key file to an ssh server is often preferable to
logging in via password. In order to support this functionality add a
new <identity> xml element for ssh disks that allows the user to specify
a keyfile, username and optional ssh-agent socket location. Example
configuration:

    <disk type='network'>
      <source protocol='ssh' ...>
        <identity keyfile='/path/to/id_rsa' username='myusername'/>
        ...
      </source>
    ...
    </disk>

Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
---
 docs/formatdomain.rst             |  8 ++++++++
 src/conf/schemas/domaincommon.rng | 22 +++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 2a4d19dcd3..3952da79d5 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -2945,6 +2945,14 @@ paravirtualized driver is specified via the ``disk`` element.
       of these attributes is omitted, then that field is assumed to be the
       default value for the current system. If both ``user`` and ``group``
       are intended to be default, then the entire element may be omitted.
+
+      When using an ``ssh`` protocol, this element is used to enable
+      authentication via ssh keys. In this configuration, the element has three
+      attributes. The ``username`` attribute specifies the name of the user on
+      the remote server. A path to an ssh key can be specified in the
+      ``keyfile`` attribute. If the ssh key is password-protected, the key can
+      be added to an ssh-agent and the path to the ssh-agent socket can be
+      specified in the ``agentsock`` attribute.
    ``reconnect``
       For disk type ``vhostuser`` configures reconnect timeout if the connection
       is lost. It has two mandatory attributes:
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index a632e04c3b..be212ae75b 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2156,6 +2156,22 @@
     </element>
   </define>
 
+  <define name="diskSourceNetworkProtocolSSHKeyDef">
+    <element name="identity">
+      <attribute name="keyfile">
+        <ref name="absFilePath"/>
+      </attribute>
+      <attribute name="username">
+        <ref name="genericName"/>
+      </attribute>
+      <optional>
+        <attribute name="agentsock">
+          <ref name="absFilePath"/>
+        </attribute>
+      </optional>
+    </element>
+  </define>
+
   <define name="diskSourceNetworkProtocolSSH">
     <element name="source">
       <interleave>
@@ -2175,11 +2191,15 @@
           <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
         </optional>
         <optional>
-          <ref name="diskAuth"/>
+          <choice>
+            <ref name="diskSourceNetworkProtocolSSHKeyDef"/>
+            <ref name="diskAuth"/>
+          </choice>
         </optional>
       </interleave>
     </element>
   </define>
+
   <define name="diskSourceNetworkProtocolSimple">
     <element name="source">
       <interleave>
-- 
2.39.0







