[libvirt PATCH v8 32/37] schema: add keyfile configuration for ssh disks

Jonathon Jongsma <jjongsma@xxxxxxxxxx> · Thu, 31 Aug 2023 16:40:12 -0500

Authenticating via key file to an ssh server is often preferable to
logging in via password. In order to support this functionality add a
new <identity> xml element for ssh disks that allows the user to specify
a keyfile and username. Example configuration:

    <disk type='network'>
      <source protocol='ssh' ...>
        <identity keyfile='/path/to/id_rsa' username='myusername'/>
        ...
      </source>
    ...
    </disk>

Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 docs/formatdomain.rst             |  7 +++++++
 src/conf/schemas/domaincommon.rng | 19 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 496a8ebfbe..baa2fdce7d 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3005,6 +3005,13 @@ paravirtualized driver is specified via the ``disk`` element.
       of these attributes is omitted, then that field is assumed to be the
       default value for the current system. If both ``user`` and ``group``
       are intended to be default, then the entire element may be omitted.
+
+      When using an ``ssh`` protocol, this element is used to enable
+      authentication via ssh keys. In this configuration, the element has two
+      attributes. The ``username`` attribute specifies the name of the user on
+      the remote server and the ``keyfile`` attribute specifies the path to the
+      keyfile. Note that this only works for ssh keys that are not
+      password-protected.
    ``reconnect``
       For disk type ``vhostuser`` configures reconnect timeout if the connection
       is lost. This is set with the two mandatory attributes ``enabled`` and
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index ca43586323..47c5ee2a31 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2180,6 +2180,19 @@
     </element>
   </define>
 
+  <define name="diskSourceNetworkProtocolSSHKeyDef">
+    <element name="identity">
+      <interleave>
+        <attribute name="username">
+          <ref name="genericName"/>
+        </attribute>
+        <attribute name="keyfile">
+          <ref name="absFilePath"/>
+        </attribute>
+      </interleave>
+    </element>
+  </define>
+
   <define name="diskSourceNetworkProtocolSSH">
     <element name="source">
       <interleave>
@@ -2199,11 +2212,15 @@
           <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
         </optional>
         <optional>
-          <ref name="diskAuth"/>
+          <choice>
+            <ref name="diskSourceNetworkProtocolSSHKeyDef"/>
+            <ref name="diskAuth"/>
+          </choice>
         </optional>
       </interleave>
     </element>
   </define>
+
   <define name="diskSourceNetworkProtocolSimple">
     <element name="source">
       <interleave>
-- 
2.41.0







