On 03/20/2013 11:39 PM, Wenchao Xia wrote: > This patch allow libvirt-cim to use non-root's ssh key in migration > to avoid exposing root's ssh login on server. In some case server are > forbidden to expose or provide any root ssh login, and still use ssh > encryption between two migration nodes with key of special account > created for virtual machine management. > > When it is enabled in config file: > 1 MigrateSSHKeyCopy, use string property [SSH_Key_Src] to tell which key > to be copied. It will be copied to [migrate_ssh_temp_key]. > 2 MigrateVirtualSystemToHost and CheckVirtualSystemIsMigratableToHost, > use bool property [MigrationWithoutRootKey], to tell whether to use the key > as [migrate_ssh_temp_key]. > 3 MigrateSSHKeyDelete, when it is called [migrate_ssh_temp_key] will be > deleted. > > Details: > libvirt-cim would run shell command "cp -f [SSH_Key_Src] > [migrate_ssh_temp_key]", then use [migrate_ssh_temp_key] to generate uri > suffix for remote connection to migration destination. > > Signed-off-by: Wenchao Xia <[email protected]> > --- > libvirt-cim.conf | 19 +++ > libxkutil/misc_util.c | 9 ++ > libxkutil/misc_util.h | 3 + > src/Virt_VSMigrationService.c | 263 > ++++++++++++++++++++++++++++++++++++++++- > 4 files changed, 289 insertions(+), 5 deletions(-) >
Need some more time to look at this - first pass seems OK, but it's late and I'll pick it up again tomorrow. John _______________________________________________ Libvirt-cim mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvirt-cim
