xenbits.xensource.com Git - libvirt.git/commit

author	Jonathon Jongsma <jjongsma@redhat.com>
	Fri, 14 Jul 2023 20:54:03 +0000 (15:54 -0500)
committer	Jonathon Jongsma <jjongsma@redhat.com>
	Tue, 19 Sep 2023 19:28:50 +0000 (14:28 -0500)
commit	3310b12d5249ae4c1768fca32ebced2d1003a31a
tree	382c32284b3787abcee2ced57fe5355e9fef48a6	tree
parent	1195403c43181889f169f4a6632d334589f7db65	commit \| diff

qemu: implement ssh-agent auth for ssh disks with nbdkit

It's not possible to use password-protected ssh keys directly with
libvirt because libvirt doesn't have any way to prompt a user for the
password. To accomodate password-protected key files, an administrator
can add these keys to an ssh agent and then configure the domain with
the path to the ssh-agent socket.

Note that this requires an administrator or management app to
configure the ssh-agent with an appropriate socket path and add the
necessary keys to it. In addition, it does not currently work with
selinux enabled. The ssh-agent socket would need a label that libvirt
would be allowed to access rather than unconfined_t.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

src/conf/domain_conf.c		diff \| blob \| blame \| history
src/conf/storage_source_conf.c		diff \| blob \| blame \| history
src/conf/storage_source_conf.h		diff \| blob \| blame \| history
src/qemu/qemu_nbdkit.c		diff \| blob \| blame \| history
tests/qemunbdkitdata/disk-network-ssh-key.args.disk0		diff \| blob \| blame \| history
tests/qemunbdkitdata/disk-network-ssh-key.args.disk1	[new file with mode: 0644]	blob
tests/qemuxml2argvdata/disk-network-ssh-key.xml		diff \| blob \| blame \| history