Re: [libvirt PATCH v6 32/36] qemu: implement keyfile auth for ssh disks with nbdkit

Peter Krempa <pkrempa@xxxxxxxxxx> · Mon, 21 Aug 2023 14:44:00 +0200

On Thu, Jul 20, 2023 at 17:19:59 -0500, Jonathon Jongsma wrote:
> For ssh disks that are served by nbdkit, we can support logging in with
> an ssh key file. Pass the path to the configured key file and the
> username to the nbdkit process.
> 
> Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
> ---
>  src/conf/domain_conf.c                        | 32 ++++++++++++++----
>  src/conf/storage_source_conf.c                |  1 +
>  src/conf/storage_source_conf.h                |  5 ++-
>  src/qemu/qemu_nbdkit.c                        | 15 +++++++--
>  .../disk-network-ssh-key.args.disk0           |  9 +++++
>  .../disk-network-ssh.args.disk2               |  9 +++++
>  tests/qemunbdkittest.c                        |  1 +
>  .../qemuxml2argvdata/disk-network-ssh-key.xml | 33 +++++++++++++++++++
>  8 files changed, 94 insertions(+), 11 deletions(-)
>  create mode 100644 tests/qemunbdkitdata/disk-network-ssh-key.args.disk0
>  create mode 100644 tests/qemunbdkitdata/disk-network-ssh.args.disk2
>  create mode 100644 tests/qemuxml2argvdata/disk-network-ssh-key.xml

> @@ -22164,8 +22172,20 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf,
>      if (src->timeout)
>          virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout);
>  
> -    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && src->ssh_known_hosts_file)
> -        virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file);
> +    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH) {
> +        if (src->ssh_known_hosts_file)
> +            virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file);
> +        if (src->ssh_keyfile) {
> +            virBufferAddLit(childBuf, "<identity");
> +
> +            if (src->ssh_user)
> +                virBufferEscapeString(childBuf, " username='%s'", src->ssh_user);

virBufferEscapeString skips the formatting of the whole XL parameter if
the 3rd argument is NULL, so the NULL checks here ..

> +            if (src->ssh_keyfile)

... and here are not needed.

> +                virBufferEscapeString(childBuf, " keyfile='%s'", src->ssh_keyfile);
> +
> +            virBufferAddLit(childBuf, "/>\n");
> +        }
> +    }
>  }

> diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
> index 8a9c7d07e2..8c805664af 100644
> --- a/src/conf/storage_source_conf.h
> +++ b/src/conf/storage_source_conf.h
> @@ -406,12 +406,11 @@ struct _virStorageSource {
>  
>      bool hostcdrom; /* backing device is a cdrom */
>  
> -    /* passthrough variables for the ssh driver which we don't handle properly */
> -    /* these must not be used apart from formatting the output JSON in the qemu driver */
> +    /* ssh variables */
>      char *ssh_user;
>      bool ssh_host_key_check_disabled;
> -    /* additional ssh variables */
>      char *ssh_known_hosts_file;
> +    char *ssh_keyfile;

The new field *MUST* be copied in virStorageSourceCopy.

Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>