Commit Graph

8 Commits

Author SHA1 Message Date
Andrea Bolognani
8a743a598b tests: Ensure test files are newline-terminated
Currently we only append a newline to 'actual' if 'expected'
(as loaded from file) already ends in a newline, but that
results in inconsistent behavior.

For example, some of the test files used by virhostcputest are
newline-terminated and some aren't. If we were to remove
existing newlines from those files or add them where they
aren't present, the test would still pass, and even using
VIR_TEST_REGENERATE_OUTPUT=1 wouldn't change them back.

Make things consistent by ensuring that 'actual' is always
newline-terminated. The only exception is when 'actual' is
completely empty: in that case, we want the file to be actually
empty, not contain a single empty line. query-jobs-empty.result
in qemumonitorjsondata/ is an example of this being used.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-01-05 14:38:49 +01:00
Andrea Bolognani
2439e7135c tests: Drop some unused qemunbdkit data files
The test still passes after deleting them, which seems to
indicate that they're unnecessary.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-01-05 14:38:46 +01:00
Jonathon Jongsma
3310b12d52 qemu: implement ssh-agent auth for ssh disks with nbdkit
It's not possible to use password-protected ssh keys directly with
libvirt because libvirt doesn't have any way to prompt a user for the
password. To accomodate password-protected key files, an administrator
can add these keys to an ssh agent and then configure the domain with
the path to the ssh-agent socket.

Note that this requires an administrator or management app to
configure the ssh-agent with an appropriate socket path and add the
necessary keys to it. In addition, it does not currently work with
selinux enabled. The ssh-agent socket would need a label that libvirt
would be allowed to access rather than unconfined_t.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
68599168ea qemu: implement keyfile auth for ssh disks with nbdkit
For ssh disks that are served by nbdkit, we can support logging in with
an ssh key file. Pass the path to the configured key file and the
username to the nbdkit process.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
21b377a31b qemu: implement knownHosts for ssh disks with nbdkit
For ssh disks that are served by nbdkit, use the configured value for
knownHosts and pass it to the nbdkit process.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
36f591402f qemu: implement password auth for ssh disks with nbdkit
For ssh disks that are served by nbdkit, lookup the password from the
configured secret and securely pass it to the nbdkit process using fd
passing.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
0993f9f905 qemu: add test for authenticating a https network disk
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00
Jonathon Jongsma
e7a9a2ae62 tests: add tests for nbdkit invocation
We were testing the arguments that were being passed to qemu when a disk
was being served by nbdkit, but the arguments used to start nbdkit
itself were not testable. This adds a test to ensure that we're invoking
nbdkit correctly for various disk source definitions.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-09-19 14:28:50 -05:00