schema: add keyfile configuration for ssh disks

Authenticating via key file to an ssh server is often preferable to
logging in via password. In order to support this functionality add a
new <identity> xml element for ssh disks that allows the user to specify
a keyfile and username. Example configuration:

    <disk type='network'>
      <source protocol='ssh' ...>
        <identity keyfile='/path/to/id_rsa' username='myusername'/>
        ...
      </source>
    ...
    </disk>

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3469908959b9f1e021efcb5974b91bba96d96e16..74c714fef0812243b49a510d2f0968e64c4e4d9c 100644 (file)
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3020,6 +3020,13 @@ paravirtualized driver is specified via the ``disk`` element.
       of these attributes is omitted, then that field is assumed to be the
       default value for the current system. If both ``user`` and ``group``
       are intended to be default, then the entire element may be omitted.
+
+      When using an ``ssh`` protocol, this element is used to enable
+      authentication via ssh keys. In this configuration, the element has two
+      attributes. The ``username`` attribute specifies the name of the user on
+      the remote server and the ``keyfile`` attribute specifies the path to the
+      keyfile. Note that this only works for ssh keys that are not
+      password-protected.
    ``reconnect``
       For disk type ``vhostuser`` configures reconnect timeout if the connection
       is lost. This is set with the two mandatory attributes ``enabled`` and

diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 29d2f5db92ad5d673da3bad1e56355e9ef830107..1a99a0c4e384ff57f9f5d0d5801216c58b559794 100644 (file)
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -2181,6 +2181,19 @@
     </element>
   </define>
 
+  <define name="diskSourceNetworkProtocolSSHKeyDef">
+    <element name="identity">
+      <interleave>
+        <attribute name="username">
+          <ref name="genericName"/>
+        </attribute>
+        <attribute name="keyfile">
+          <ref name="absFilePath"/>
+        </attribute>
+      </interleave>
+    </element>
+  </define>
+
   <define name="diskSourceNetworkProtocolSSH">
     <element name="source">
       <interleave>
@@ -2200,11 +2213,15 @@
           <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
         </optional>
         <optional>
-          <ref name="diskAuth"/>
+          <choice>
+            <ref name="diskSourceNetworkProtocolSSHKeyDef"/>
+            <ref name="diskAuth"/>
+          </choice>
         </optional>
       </interleave>
     </element>
   </define>
+
   <define name="diskSourceNetworkProtocolSimple">
     <element name="source">
       <interleave>