[Libvirt-cim] [PATCH V5 15/15] migration: allow ssh based migration with non root's key file
John Ferlan
jferlan at redhat.com
Thu Mar 21 23:07:48 UTC 2013
On 03/20/2013 11:39 PM, Wenchao Xia wrote:
> This patch allow libvirt-cim to use non-root's ssh key in migration
> to avoid exposing root's ssh login on server. In some case server are
> forbidden to expose or provide any root ssh login, and still use ssh
> encryption between two migration nodes with key of special account
> created for virtual machine management.
>
> When it is enabled in config file:
> 1 MigrateSSHKeyCopy, use string property [SSH_Key_Src] to tell which key
> to be copied. It will be copied to [migrate_ssh_temp_key].
> 2 MigrateVirtualSystemToHost and CheckVirtualSystemIsMigratableToHost,
> use bool property [MigrationWithoutRootKey], to tell whether to use the key
> as [migrate_ssh_temp_key].
> 3 MigrateSSHKeyDelete, when it is called [migrate_ssh_temp_key] will be
> deleted.
>
> Details:
> libvirt-cim would run shell command "cp -f [SSH_Key_Src]
> [migrate_ssh_temp_key]", then use [migrate_ssh_temp_key] to generate uri
> suffix for remote connection to migration destination.
>
> Signed-off-by: Wenchao Xia <xiawenc at linux.vnet.ibm.com>
> ---
> libvirt-cim.conf | 19 +++
> libxkutil/misc_util.c | 9 ++
> libxkutil/misc_util.h | 3 +
> src/Virt_VSMigrationService.c | 263 ++++++++++++++++++++++++++++++++++++++++-
> 4 files changed, 289 insertions(+), 5 deletions(-)
>
Need some more time to look at this - first pass seems OK, but it's late
and I'll pick it up again tomorrow.
John
More information about the Libvirt-cim
mailing list