On 7/26/19 9:09 AM, Pino Toscano wrote: > Add a 'private-key' option which represents the path of a private key > to use for authentication, and 'private-key-secret' as the name of an > object with its passphrase. > > Signed-off-by: Pino Toscano <ptosc...@redhat.com>
> +++ b/qapi/block-core.json > @@ -3226,6 +3226,11 @@ > # @password-secret: ID of a QCryptoSecret object providing a password > # for authentication (since 4.2) > # > +# @private-key: path to the private key (since 4.2) > +# > +# @private-key-secret: ID of a QCryptoSecret object providing the passphrase > +# for 'private-key' (since 4.2) Is password-secret intended to be mutually-exclusive with private-key/private-key-secret? If so, this should probably utilize an enum for a discriminator { 'enum': 'SshAuth', 'data': ['ssh-agent', 'password', 'private'key'] } then update BlockdevOptionsSsh to be a union type with an optional discriminator (defaulting to ssh-agent) for back-compat, where 'auth':'ssh-agent' needs no further fields, 'auth':'password' adds in a 'secret' field for use as password, or where 'auth':'private-key' adds in both 'key-file' and 'secret' for use as the two pieces needed for private key use. Markus may have other suggestions on how best to represent this sort of union type in QAPI. > +# > # Since: 2.9 > ## > { 'struct': 'BlockdevOptionsSsh', > @@ -3233,7 +3238,9 @@ > 'path': 'str', > '*user': 'str', > '*host-key-check': 'SshHostKeyCheck', > - '*password-secret': 'str' } } > + '*password-secret': 'str', > + '*private-key': 'str', > + '*private-key-secret': 'str' } } > > > ## > On a different topic, how much of this work overlaps with the nbdkit ssh plugin? Should we be duplicating efforts with both projects supporting ssh natively, or is it worth considering getting qemu out of the ssh business and instead connecting to an nbd device provided by nbdkit connecting to ssh? (For comparison, we've already decided that nbdkit does not plan on writing a qcow2 plugin, because it defers to qemu to be the expert there; or in the other direction, qemu-nbd has deprecated its partial support for exposing only a partition of a disk in favor of qemu-nbd having much more partition support through its filters) -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature