[libvirt] [PATCH 0/1] qemu: Add Secure Shell (ssh) network block device.

Richard W.M. Jones rjones at redhat.com
Wed Apr 10 14:09:18 UTC 2013


This patch allows you to use the qemu Secure Shell (ssh) block device.
This is not upstream yet, but you can find my latest version here:

  http://lists.nongnu.org/archive/html/qemu-devel/2013-04/threads.html#01703

This patch lets you specify a ssh device like this:

    <disk type='network' device='disk'>
      <source protocol='ssh' name='/remote/path/to/disk/image'>
        <host name='remote-server.example.com'/>
      </source>
      <driver name='qemu' type='raw'/>
      <target dev='vda' bus='virtio'/>
    </disk>

Patched qemu will connect to remote-server.example.com using libssh2,
and access /remote/path/to/disk/image using the sftp protocol.  This
works for both read and write.

Of course, since you'll have to use a patched qemu, you will also need
to fiddle with the <emulator> setting.

One current problem with this patch is that you have to manually set
the SSH_AUTH_SOCK environment variable to point at your ssh-agent
(since qemu's ssh block device requires ssh-agent authentication).  I
added the following to my XML, your value will be different:

  <qemu:commandline>
    <qemu:env name="SSH_AUTH_SOCK" value="/tmp/ssh-DThteVfEeOq3/agent.1773" />
  </qemu:commandline>

Some shortcomings:

 - Does not allow you to specify the host_key_check parameter.

 - No tests.

 - Not sure how best to deal with the ssh-agent authentication socket
   problem.  Use libvirt secrets?  If so, how?

 - I did not test if you can specify an alternate remote user.

 - I did not test (or care) if parsing qemu command lines works.

Rich.




More information about the libvir-list mailing list