Am 26.07.2019 um 16:24 hat Eric Blake geschrieben: > On 7/26/19 9:09 AM, Pino Toscano wrote: > > Add a 'private-key' option which represents the path of a private key > > to use for authentication, and 'private-key-secret' as the name of an > > object with its passphrase. > > > > Signed-off-by: Pino Toscano <ptosc...@redhat.com> > > > +++ b/qapi/block-core.json > > @@ -3226,6 +3226,11 @@ > > # @password-secret: ID of a QCryptoSecret object providing a password > > # for authentication (since 4.2) > > # > > +# @private-key: path to the private key (since 4.2) > > +# > > +# @private-key-secret: ID of a QCryptoSecret object providing the > > passphrase > > +# for 'private-key' (since 4.2) > > Is password-secret intended to be mutually-exclusive with > private-key/private-key-secret? If so, this should probably utilize an > enum for a discriminator > { 'enum': 'SshAuth', 'data': ['ssh-agent', 'password', 'private'key'] } > > then update BlockdevOptionsSsh to be a union type with an optional > discriminator (defaulting to ssh-agent) for back-compat, where > 'auth':'ssh-agent' needs no further fields, 'auth':'password' adds in a > 'secret' field for use as password, or where 'auth':'private-key' adds > in both 'key-file' and 'secret' for use as the two pieces needed for > private key use.
Can we actually support optional discriminators when we don't have defaults in the QAPI schema yet? > On a different topic, how much of this work overlaps with the nbdkit ssh > plugin? Should we be duplicating efforts with both projects supporting > ssh natively, or is it worth considering getting qemu out of the ssh > business and instead connecting to an nbd device provided by nbdkit > connecting to ssh? ssh behaves essentially like a filesystem whereas NBD behaves like a block device. This is especially relevant for everything related to the file size. As far as I know, using an image format like qcow2 that wants to grow the image file isn't possible over NBD, whereas I expect it to work with the ssh block driver. Kevin
signature.asc
Description: PGP signature