schema: add keyfile configuration for ssh disks

Authenticating via key file to an ssh server is often preferable to logging in via password. In order to support this functionality add a new <identity> xml element for ssh disks that allows the user to specify a keyfile and username. Example configuration: <disk type='network'> <source protocol='ssh' ...> <identity keyfile='/path/to/id_rsa' username='myusername'/> ... </source> ... </disk> Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2025-01-03 03:25:20 +00:00 · 2023-01-19 15:52:20 -06:00 · 2023-01-19 15:52:20 -06:00 · 1e2fa6d524
commit 1e2fa6d524
parent 21b377a31b
2 changed files with 25 additions and 1 deletions
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@ -3020,6 +3020,13 @@ paravirtualized driver is specified via the ``disk`` element.
      of these attributes is omitted, then that field is assumed to be the
      default value for the current system. If both ``user`` and ``group``
      are intended to be default, then the entire element may be omitted.
+
+      When using an ``ssh`` protocol, this element is used to enable
+      authentication via ssh keys. In this configuration, the element has two
+      attributes. The ``username`` attribute specifies the name of the user on
+      the remote server and the ``keyfile`` attribute specifies the path to the
+      keyfile. Note that this only works for ssh keys that are not
+      password-protected.
   ``reconnect``
      For disk type ``vhostuser`` configures reconnect timeout if the connection
      is lost. This is set with the two mandatory attributes ``enabled`` and
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@ -2181,6 +2181,19 @@
    </element>
  </define>

+  <define name="diskSourceNetworkProtocolSSHKeyDef">
+    <element name="identity">
+      <interleave>
+        <attribute name="username">
+          <ref name="genericName"/>
+        </attribute>
+        <attribute name="keyfile">
+          <ref name="absFilePath"/>
+        </attribute>
+      </interleave>
+    </element>
+  </define>
+
  <define name="diskSourceNetworkProtocolSSH">
    <element name="source">
      <interleave>
@ -2200,11 +2213,15 @@
          <ref name="diskSourceNetworkProtocolSSHHostVerify"/>
        </optional>
        <optional>
-          <ref name="diskAuth"/>
+          <choice>
+            <ref name="diskSourceNetworkProtocolSSHKeyDef"/>
+            <ref name="diskAuth"/>
+          </choice>
        </optional>
      </interleave>
    </element>
  </define>
+
  <define name="diskSourceNetworkProtocolSimple">
    <element name="source">
      <interleave>