return -1;
}
}
+ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH &&
+ (tmpnode = virXPathNode("./knownHosts", ctxt))) {
+ if (!(src->ssh_known_hosts_file = virXMLPropStringRequired(tmpnode, "path")))
+ return -1;
+ }
return 0;
}
if (src->timeout)
virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout);
+
+ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && src->ssh_known_hosts_file)
+ virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file);
}
/* ssh config passthrough for libguestfs */
def->ssh_host_key_check_disabled = src->ssh_host_key_check_disabled;
def->ssh_user = g_strdup(src->ssh_user);
+ def->ssh_known_hosts_file = g_strdup(src->ssh_known_hosts_file);
def->nfs_user = g_strdup(src->nfs_user);
def->nfs_group = g_strdup(src->nfs_group);
VIR_FREE(def->tlsHostname);
VIR_FREE(def->ssh_user);
+ VIR_FREE(def->ssh_known_hosts_file);
VIR_FREE(def->nfs_user);
VIR_FREE(def->nfs_group);
/* these must not be used apart from formatting the output JSON in the qemu driver */
char *ssh_user;
bool ssh_host_key_check_disabled;
+ /* additional ssh variables */
+ char *ssh_known_hosts_file;
/* nfs_user and nfs_group store the strings passed in by the user for NFS params.
* nfs_uid and nfs_gid represent the converted/looked up ID numbers which are used
for (i = 0; i < def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i];
- qemuNbdkitStopStorageSource(disk->src);
+ qemuNbdkitStopStorageSource(disk->src, vm);
}
if (def->os.loader && def->os.loader->nvram)
- qemuNbdkitStopStorageSource(def->os.loader->nvram);
+ qemuNbdkitStopStorageSource(def->os.loader->nvram, vm);
}
if (virStorageSourceChainHasManagedPR(disk->src))
ignore_value(qemuHotplugRemoveManagedPR(vm, VIR_ASYNC_JOB_NONE));
- qemuNbdkitStopStorageSource(disk->src);
+ qemuNbdkitStopStorageSource(disk->src, vm);
}
qemuDomainSecretDiskDestroy(disk);
qemuDomainCleanupStorageSourceFD(disk->src);
qemuHotplugRemoveManagedPR(vm, VIR_ASYNC_JOB_NONE) < 0)
goto cleanup;
- qemuNbdkitStopStorageSource(disk->src);
+ qemuNbdkitStopStorageSource(disk->src, vm);
if (disk->transient) {
VIR_DEBUG("Removing transient overlay '%s' of disk '%s'",
virQEMUDriver *driver = vmpriv->driver;
/* clean up resources associated with process */
- qemuNbdkitProcessStop(proc);
+ qemuNbdkitProcessStop(proc, vm);
return qemuNbdkitProcessStart(proc, vm, driver);
}
void
-qemuNbdkitStopStorageSource(virStorageSource *src)
+qemuNbdkitStopStorageSource(virStorageSource *src,
+ virDomainObj *vm)
{
virStorageSource *backing;
qemuDomainStorageSourcePrivate *priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
if (priv && priv->nbdkitProcess &&
- qemuNbdkitProcessStop(priv->nbdkitProcess) < 0)
+ qemuNbdkitProcessStop(priv->nbdkitProcess, vm) < 0)
VIR_WARN("Unable to stop nbdkit for storage source '%s'", src->nodestorage);
}
}
if (proc->source->ssh_host_key_check_disabled)
virCommandAddArgPair(cmd, "verify-remote-host", "false");
+ if (proc->source->ssh_known_hosts_file)
+ virCommandAddArgPair(cmd, "known-hosts", proc->source->ssh_known_hosts_file);
+
return 0;
}
if (qemuExtDeviceLogCommand(driver, vm, cmd, "nbdkit") < 0)
goto error;
+ if (proc->source->ssh_known_hosts_file &&
+ qemuSecurityDomainSetPathLabel(driver, vm, proc->source->ssh_known_hosts_file, false) < 0)
+ goto error;
+
if (qemuSecurityCommandRun(driver, vm, cmd, proc->user, proc->group, true, &exitstatus) < 0)
goto error;
NULLSTR(uristring), NULLSTR(errbuf));
error:
- qemuNbdkitProcessStop(proc);
+ qemuNbdkitProcessStop(proc, vm);
return -1;
}
int
-qemuNbdkitProcessStop(qemuNbdkitProcess *proc)
+qemuNbdkitProcessStop(qemuNbdkitProcess *proc,
+ virDomainObj *vm)
{
+ qemuDomainObjPrivate *vmpriv = vm->privateData;
+ virQEMUDriver *driver = vmpriv->driver;
+
qemuNbdkitProcessStopMonitor(proc);
+ if (proc->source->ssh_known_hosts_file)
+ qemuSecurityDomainRestorePathLabel(driver, vm, proc->source->ssh_known_hosts_file);
+
if (proc->pid < 0)
return 0;
virStorageSource *src);
void
-qemuNbdkitStopStorageSource(virStorageSource *src);
+qemuNbdkitStopStorageSource(virStorageSource *src,
+ virDomainObj *vm);
int
qemuNbdkitStorageSourceManageProcess(virStorageSource *src,
virDomainObj *vm);
int
-qemuNbdkitProcessStop(qemuNbdkitProcess *proc);
+qemuNbdkitProcessStop(qemuNbdkitProcess *proc,
+ virDomainObj *vm);
void
qemuNbdkitProcessFree(qemuNbdkitProcess *proc);
port=2222 \
path=test2.img \
user=testuser \
-password=-777
+password=-777 \
+known-hosts=/path/to/knownhosts
--foreground ssh \
host=example.org \
port=2222 \
-path=test.img
+path=test.img \
+known-hosts=/path/to/ssh_known_hosts
<auth username='testuser'>
<secret type='iscsi' usage='mycluster_myname'/>
</auth>
+ <knownHosts path='/path/to/knownhosts'/>
</source>
<target dev='vda' bus='virtio'/>
</disk>
<host name='example.org' port='2222'/>
<timeout seconds='1234'/>
<readahead size='1024'/>
+ <knownHosts path="/path/to/ssh_known_hosts"/>
</source>
<target dev='vda' bus='virtio'/>
</disk>
projects / libvirt.git / commitdiff