[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 0/1] qemu: Add Secure Shell (ssh) network block device.



This patch allows you to use the qemu Secure Shell (ssh) block device.
This is not upstream yet, but you can find my latest version here:

  http://lists.nongnu.org/archive/html/qemu-devel/2013-04/threads.html#01703

This patch lets you specify a ssh device like this:

    <disk type='network' device='disk'>
      <source protocol='ssh' name='/remote/path/to/disk/image'>
        <host name='remote-server.example.com'/>
      </source>
      <driver name='qemu' type='raw'/>
      <target dev='vda' bus='virtio'/>
    </disk>

Patched qemu will connect to remote-server.example.com using libssh2,
and access /remote/path/to/disk/image using the sftp protocol.  This
works for both read and write.

Of course, since you'll have to use a patched qemu, you will also need
to fiddle with the <emulator> setting.

One current problem with this patch is that you have to manually set
the SSH_AUTH_SOCK environment variable to point at your ssh-agent
(since qemu's ssh block device requires ssh-agent authentication).  I
added the following to my XML, your value will be different:

  <qemu:commandline>
    <qemu:env name="SSH_AUTH_SOCK" value="/tmp/ssh-DThteVfEeOq3/agent.1773" />
  </qemu:commandline>

Some shortcomings:

 - Does not allow you to specify the host_key_check parameter.

 - No tests.

 - Not sure how best to deal with the ssh-agent authentication socket
   problem.  Use libvirt secrets?  If so, how?

 - I did not test if you can specify an alternate remote user.

 - I did not test (or care) if parsing qemu command lines works.

Rich.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]