[libvirt PATCH v5 30/32] qemu: implement knownHosts for ssh disks with nbdkit

Jonathon Jongsma jjongsma at redhat.com
Tue Feb 14 17:08:17 UTC 2023 

For ssh disks that are served by nbdkit, use the configured value for
knownHosts and pass it to the nbdkit process.

Signed-off-by: Jonathon Jongsma <jjongsma at redhat.com>
---
 src/conf/domain_conf.c                                    | 8 ++++++++
 src/conf/storage_source_conf.c                            | 1 +
 src/conf/storage_source_conf.h                            | 2 ++
 src/qemu/qemu_nbdkit.c                                    | 3 +++
 tests/qemunbdkitdata/disk-network-ssh-password.args.disk0 | 3 ++-
 tests/qemunbdkitdata/disk-network-ssh.args.disk0          | 3 ++-
 tests/qemuxml2argvdata/disk-network-ssh-password.xml      | 1 +
 tests/qemuxml2argvdata/disk-network-ssh.xml               | 1 +
 8 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a5578324b9..cb9d01dc6d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7214,6 +7214,11 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node,
             return -1;
         }
     }
+    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH &&
+        (tmpnode = virXPathNode("./knownHosts", ctxt))) {
+        if (!(src->ssh_known_hosts_file = virXMLPropStringRequired(tmpnode, "path")))
+            return -1;
+    }
 
     return 0;
 }
@@ -22091,6 +22096,9 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf,
 
     if (src->timeout)
         virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout);
+
+    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && src->ssh_known_hosts_file)
+        virBufferAsprintf(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file);
 }
 
 
diff --git a/src/conf/storage_source_conf.c b/src/conf/storage_source_conf.c
index cecd7e811e..5d60c46cfc 100644
--- a/src/conf/storage_source_conf.c
+++ b/src/conf/storage_source_conf.c
@@ -1167,6 +1167,7 @@ virStorageSourceClear(virStorageSource *def)
     VIR_FREE(def->tlsHostname);
 
     VIR_FREE(def->ssh_user);
+    VIR_FREE(def->ssh_known_hosts_file);
 
     VIR_FREE(def->nfs_user);
     VIR_FREE(def->nfs_group);
diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
index 14a6825d54..a2d8b1f8bd 100644
--- a/src/conf/storage_source_conf.h
+++ b/src/conf/storage_source_conf.h
@@ -405,6 +405,8 @@ struct _virStorageSource {
     /* these must not be used apart from formatting the output JSON in the qemu driver */
     char *ssh_user;
     bool ssh_host_key_check_disabled;
+    /* additional ssh variables */
+    char *ssh_known_hosts_file;
 
     /* nfs_user and nfs_group store the strings passed in by the user for NFS params.
      * nfs_uid and nfs_gid represent the converted/looked up ID numbers which are used
diff --git a/src/qemu/qemu_nbdkit.c b/src/qemu/qemu_nbdkit.c
index 14e31ec186..dbbe71944f 100644
--- a/src/qemu/qemu_nbdkit.c
+++ b/src/qemu/qemu_nbdkit.c
@@ -1078,6 +1078,9 @@ qemuNbdkitProcessBuildCommandSSH(qemuNbdkitProcess *proc,
     if (proc->source->ssh_host_key_check_disabled)
         virCommandAddArgPair(cmd, "verify-remote-host", "false");
 
+    if (proc->source->ssh_known_hosts_file)
+        virCommandAddArgPair(cmd, "known-hosts", proc->source->ssh_known_hosts_file);
+
     return 0;
 }
 
diff --git a/tests/qemunbdkitdata/disk-network-ssh-password.args.disk0 b/tests/qemunbdkitdata/disk-network-ssh-password.args.disk0
index 30711f7f07..ee2d7c3343 100644
--- a/tests/qemunbdkitdata/disk-network-ssh-password.args.disk0
+++ b/tests/qemunbdkitdata/disk-network-ssh-password.args.disk0
@@ -5,4 +5,5 @@ host=example.org \
 port=2222 \
 path=test2.img \
 user=testuser \
-password=-777
+password=-777 \
+known-hosts=/path/to/knownhosts
diff --git a/tests/qemunbdkitdata/disk-network-ssh.args.disk0 b/tests/qemunbdkitdata/disk-network-ssh.args.disk0
index c04dc8bb03..481b218936 100644
--- a/tests/qemunbdkitdata/disk-network-ssh.args.disk0
+++ b/tests/qemunbdkitdata/disk-network-ssh.args.disk0
@@ -3,4 +3,5 @@ nbdkit \
 --foreground ssh \
 host=example.org \
 port=2222 \
-path=test.img
+path=test.img \
+known-hosts=/path/to/ssh_known_hosts
diff --git a/tests/qemuxml2argvdata/disk-network-ssh-password.xml b/tests/qemuxml2argvdata/disk-network-ssh-password.xml
index 266acb761f..bdb4cf6e35 100644
--- a/tests/qemuxml2argvdata/disk-network-ssh-password.xml
+++ b/tests/qemuxml2argvdata/disk-network-ssh-password.xml
@@ -22,6 +22,7 @@
         <auth username='testuser'>
           <secret type='iscsi' usage='mycluster_myname'/>
         </auth>
+        <knownHosts path='/path/to/knownhosts'/>
       </source>
       <target dev='vda' bus='virtio'/>
     </disk>
diff --git a/tests/qemuxml2argvdata/disk-network-ssh.xml b/tests/qemuxml2argvdata/disk-network-ssh.xml
index 355add4fea..a3aeca0c99 100644
--- a/tests/qemuxml2argvdata/disk-network-ssh.xml
+++ b/tests/qemuxml2argvdata/disk-network-ssh.xml
@@ -19,6 +19,7 @@
         <host name='example.org' port='2222'/>
         <timeout seconds='1234'/>
         <readahead size='1024'/>
+        <knownHosts path="/path/to/ssh_known_hosts"/>
       </source>
       <target dev='vda' bus='virtio'/>
     </disk>
-- 
2.39.1

More information about the libvir-list mailing list