qemu: implement knownHosts for ssh disks with nbdkit

For ssh disks that are served by nbdkit, use the configured value for
knownHosts and pass it to the nbdkit process.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

src/conf/domain_conf.c

@@ -7219,6 +7219,11 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node,
             return -1;
         }
     }
+    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH &&
+        (tmpnode = virXPathNode("./knownHosts", ctxt))) {
+        if (!(src->ssh_known_hosts_file = virXMLPropStringRequired(tmpnode, "path")))
+            return -1;
+    }
 
     return 0;
 }
@@ -22205,6 +22210,9 @@ virDomainDiskSourceFormatNetwork(virBuffer *attrBuf,
 
     if (src->timeout)
         virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout);
+
+    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_SSH && src->ssh_known_hosts_file)
+        virBufferEscapeString(childBuf, "<knownHosts path='%s'/>\n", src->ssh_known_hosts_file);
 }
 
 

src/conf/storage_source_conf.c

@@ -897,6 +897,7 @@ virStorageSourceCopy(const virStorageSource *src,
     /* ssh config passthrough for libguestfs */
     def->ssh_host_key_check_disabled = src->ssh_host_key_check_disabled;
     def->ssh_user = g_strdup(src->ssh_user);
+    def->ssh_known_hosts_file = g_strdup(src->ssh_known_hosts_file);
 
     def->nfs_user = g_strdup(src->nfs_user);
     def->nfs_group = g_strdup(src->nfs_group);
@@ -1175,6 +1176,7 @@ virStorageSourceClear(virStorageSource *def)
     VIR_FREE(def->tlsHostname);
 
     VIR_FREE(def->ssh_user);
+    VIR_FREE(def->ssh_known_hosts_file);
 
     VIR_FREE(def->nfs_user);
     VIR_FREE(def->nfs_group);

src/conf/storage_source_conf.h

@@ -412,6 +412,8 @@ struct _virStorageSource {
     /* these must not be used apart from formatting the output JSON in the qemu driver */
     char *ssh_user;
     bool ssh_host_key_check_disabled;
+    /* additional ssh variables */
+    char *ssh_known_hosts_file;
 
     /* nfs_user and nfs_group store the strings passed in by the user for NFS params.
      * nfs_uid and nfs_gid represent the converted/looked up ID numbers which are used

src/qemu/qemu_extdevice.c

@@ -297,11 +297,11 @@ qemuExtDevicesStop(virQEMUDriver *driver,
 
     for (i = 0; i < def->ndisks; i++) {
         virDomainDiskDef *disk = def->disks[i];
-        qemuNbdkitStopStorageSource(disk->src);
+        qemuNbdkitStopStorageSource(disk->src, vm);
     }
 
     if (def->os.loader && def->os.loader->nvram)
-        qemuNbdkitStopStorageSource(def->os.loader->nvram);
+        qemuNbdkitStopStorageSource(def->os.loader->nvram, vm);
 }
 
 

src/qemu/qemu_hotplug.c

@@ -1036,7 +1036,7 @@ qemuDomainAttachDeviceDiskLiveInternal(virQEMUDriver *driver,
         if (virStorageSourceChainHasManagedPR(disk->src))
             ignore_value(qemuHotplugRemoveManagedPR(vm, VIR_ASYNC_JOB_NONE));
 
-        qemuNbdkitStopStorageSource(disk->src);
+        qemuNbdkitStopStorageSource(disk->src, vm);
     }
     qemuDomainSecretDiskDestroy(disk);
     qemuDomainCleanupStorageSourceFD(disk->src);
@@ -4497,7 +4497,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriver *driver,
         qemuHotplugRemoveManagedPR(vm, VIR_ASYNC_JOB_NONE) < 0)
         goto cleanup;
 
-    qemuNbdkitStopStorageSource(disk->src);
+    qemuNbdkitStopStorageSource(disk->src, vm);
 
     if (disk->transient) {
         VIR_DEBUG("Removing transient overlay '%s' of disk '%s'",

src/qemu/qemu_nbdkit.c

@@ -630,7 +630,7 @@ qemuNbdkitProcessRestart(qemuNbdkitProcess *proc,
     virQEMUDriver *driver = vmpriv->driver;
 
     /* clean up resources associated with process */
-    qemuNbdkitProcessStop(proc);
+    qemuNbdkitProcessStop(proc, vm);
 
     return qemuNbdkitProcessStart(proc, vm, driver);
 }
@@ -913,7 +913,8 @@ qemuNbdkitStartStorageSource(virQEMUDriver *driver,
 
 
 void
-qemuNbdkitStopStorageSource(virStorageSource *src)
+qemuNbdkitStopStorageSource(virStorageSource *src,
+                            virDomainObj *vm)
 {
     virStorageSource *backing;
 
@@ -921,7 +922,7 @@ qemuNbdkitStopStorageSource(virStorageSource *src)
         qemuDomainStorageSourcePrivate *priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
 
         if (priv && priv->nbdkitProcess &&
-            qemuNbdkitProcessStop(priv->nbdkitProcess) < 0)
+            qemuNbdkitProcessStop(priv->nbdkitProcess, vm) < 0)
             VIR_WARN("Unable to stop nbdkit for storage source '%s'", src->nodestorage);
     }
 }
@@ -1055,6 +1056,9 @@ qemuNbdkitProcessBuildCommandSSH(qemuNbdkitProcess *proc,
     if (proc->source->ssh_host_key_check_disabled)
         virCommandAddArgPair(cmd, "verify-remote-host", "false");
 
+    if (proc->source->ssh_known_hosts_file)
+        virCommandAddArgPair(cmd, "known-hosts", proc->source->ssh_known_hosts_file);
+
     return 0;
 }
 
@@ -1167,6 +1171,10 @@ qemuNbdkitProcessStart(qemuNbdkitProcess *proc,
     if (qemuExtDeviceLogCommand(driver, vm, cmd, "nbdkit") < 0)
         goto error;
 
+    if (proc->source->ssh_known_hosts_file &&
+        qemuSecurityDomainSetPathLabel(driver, vm, proc->source->ssh_known_hosts_file, false) < 0)
+        goto error;
+
     if (qemuSecurityCommandRun(driver, vm, cmd, proc->user, proc->group, true, &exitstatus) < 0)
         goto error;
 
@@ -1231,16 +1239,23 @@ qemuNbdkitProcessStart(qemuNbdkitProcess *proc,
                    NULLSTR(uristring), NULLSTR(errbuf));
 
  error:
-    qemuNbdkitProcessStop(proc);
+    qemuNbdkitProcessStop(proc, vm);
     return -1;
 }
 
 
 int
-qemuNbdkitProcessStop(qemuNbdkitProcess *proc)
+qemuNbdkitProcessStop(qemuNbdkitProcess *proc,
+                      virDomainObj *vm)
 {
+    qemuDomainObjPrivate *vmpriv = vm->privateData;
+    virQEMUDriver *driver = vmpriv->driver;
+
     qemuNbdkitProcessStopMonitor(proc);
 
+    if (proc->source->ssh_known_hosts_file)
+        qemuSecurityDomainRestorePathLabel(driver, vm, proc->source->ssh_known_hosts_file);
+
     if (proc->pid < 0)
         return 0;
 

src/qemu/qemu_nbdkit.h

@@ -66,7 +66,8 @@ qemuNbdkitStartStorageSource(virQEMUDriver *driver,
                              virStorageSource *src);
 
 void
-qemuNbdkitStopStorageSource(virStorageSource *src);
+qemuNbdkitStopStorageSource(virStorageSource *src,
+                            virDomainObj *vm);
 
 int
 qemuNbdkitStorageSourceManageProcess(virStorageSource *src,
@@ -105,7 +106,8 @@ qemuNbdkitProcessRestart(qemuNbdkitProcess *proc,
                          virDomainObj *vm);
 
 int
-qemuNbdkitProcessStop(qemuNbdkitProcess *proc);
+qemuNbdkitProcessStop(qemuNbdkitProcess *proc,
+                      virDomainObj *vm);
 
 void
 qemuNbdkitProcessFree(qemuNbdkitProcess *proc);

tests/qemunbdkitdata/disk-network-ssh-password.args.disk0

@@ -5,4 +5,5 @@ host=example.org \
 port=2222 \
 path=test2.img \
 user=testuser \
-password=-777
+password=-777 \
+known-hosts=/path/to/knownhosts

tests/qemunbdkitdata/disk-network-ssh.args.disk0

@@ -3,4 +3,5 @@ nbdkit \
 --foreground ssh \
 host=example.org \
 port=2222 \
-path=test.img
+path=test.img \
+known-hosts=/path/to/ssh_known_hosts

tests/qemuxml2argvdata/disk-network-ssh-password.xml

@@ -22,6 +22,7 @@
         <auth username='testuser'>
           <secret type='iscsi' usage='mycluster_myname'/>
         </auth>
+        <knownHosts path='/path/to/knownhosts'/>
       </source>
       <target dev='vda' bus='virtio'/>
     </disk>

tests/qemuxml2argvdata/disk-network-ssh.xml

@@ -19,6 +19,7 @@
         <host name='example.org' port='2222'/>
         <timeout seconds='1234'/>
         <readahead size='1024'/>
+        <knownHosts path="/path/to/ssh_known_hosts"/>
       </source>
       <target dev='vda' bus='virtio'/>
     </disk>