On 29.07.19 13:08, Kevin Wolf wrote: > Am 26.07.2019 um 16:24 hat Eric Blake geschrieben: >> On 7/26/19 9:09 AM, Pino Toscano wrote: >>> Add a 'private-key' option which represents the path of a private key >>> to use for authentication, and 'private-key-secret' as the name of an >>> object with its passphrase. >>> >>> Signed-off-by: Pino Toscano <ptosc...@redhat.com> >> >>> +++ b/qapi/block-core.json >>> @@ -3226,6 +3226,11 @@ >>> # @password-secret: ID of a QCryptoSecret object providing a password >>> # for authentication (since 4.2) >>> # >>> +# @private-key: path to the private key (since 4.2) >>> +# >>> +# @private-key-secret: ID of a QCryptoSecret object providing the >>> passphrase >>> +# for 'private-key' (since 4.2) >> >> Is password-secret intended to be mutually-exclusive with >> private-key/private-key-secret? If so, this should probably utilize an >> enum for a discriminator >> { 'enum': 'SshAuth', 'data': ['ssh-agent', 'password', 'private'key'] } >> >> then update BlockdevOptionsSsh to be a union type with an optional >> discriminator (defaulting to ssh-agent) for back-compat, where >> 'auth':'ssh-agent' needs no further fields, 'auth':'password' adds in a >> 'secret' field for use as password, or where 'auth':'private-key' adds >> in both 'key-file' and 'secret' for use as the two pieces needed for >> private key use. > > Can we actually support optional discriminators when we don't have > defaults in the QAPI schema yet?
Just chiming in here, because I wanted to throw in that v4 of my “block: Try to create well-typed json:{} filenames” series adds that. >> On a different topic, how much of this work overlaps with the nbdkit ssh >> plugin? Should we be duplicating efforts with both projects supporting >> ssh natively, or is it worth considering getting qemu out of the ssh >> business and instead connecting to an nbd device provided by nbdkit >> connecting to ssh? > > ssh behaves essentially like a filesystem whereas NBD behaves like a > block device. This is especially relevant for everything related to the > file size. As far as I know, using an image format like qcow2 that wants > to grow the image file isn't possible over NBD, whereas I expect it to > work with the ssh block driver. Just using sshfs and file-posix would seem simpler to me, by the way. Max
signature.asc
Description: OpenPGP digital signature