Re: [Qemu-devel] [PATCH] block: Add support for Secure Shell (ssh) block device.

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Richard W.M. Jones" <rjones@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] block: Add support for Secure Shell (ssh) block device.
Date: Thu, 21 Mar 2013 15:39:07 +0000	[thread overview]
Message-ID: <20130321153907.GG1504@rhmail.home.annexia.org> (raw)
In-Reply-To: <20130321152623.GC16677@stefanha-thinkpad.redhat.com>

On Thu, Mar 21, 2013 at 04:26:23PM +0100, Stefan Hajnoczi wrote:
> On Thu, Mar 21, 2013 at 01:38:58PM +0000, Richard W.M. Jones wrote:
> > From: "Richard W.M. Jones" <rjones@redhat.com>
> > 
> >   qemu-system-x86_64 -drive file=ssh://hostname/some/image
> > 
> > QEMU will ssh into 'hostname' and open '/some/image' which is made
> > available as a standard block device.
> > 
> > You can specify a username (ssh://user@host/...) and/or a port number
> > (ssh://host:port/...).
> 
> I can see this being handy for qemu-img since it gives you the ability
> to work with remote image files.
> 
> > Current limitations:
> > 
> > - Authentication must be done without passwords or passphrases, using
> >   ssh-agent.  Other authentication methods are not supported. (*)
> > 
> > - Does not check host key. (*)
> > 
> > - New remote files cannot be created. (*)
> 
> Would be important to fix these limitations.  Authentication methods to
> make this more usable.  Host key check for security.  File creation for
> qemu-img.

I agree.

> > - Uses coroutine read/write, instead of true AIO.  (libssh2 supports
> >   non-blocking access, so this could be fixed with some effort).
> 
> This patch does not really use coroutines - the SSH I/O is blocking!
> 
> Coroutines must submit the SSH I/O and then yield so the QEMU event loop
> can get on with other work.  When SSH I/O finishes the request's
> coroutine is re-entered and the request gets completed.

Hmm OK.  Is there any documentation at all on how coroutines are
supposed to work?  Or AIO for that matter?  For example, do coroutines
really replace all the read/write syscalls deep inside a library
(libssh2) so that these calls context switch, or am I missing the
point of how this works entirely?

[...]
> > This is implemented using libssh2 on the client side.  The server just
> > requires a regular ssh daemon with sftp-server support.  Most ssh
> > daemons on Unix/Linux systems will work out of the box.
> 
> How much of a win over sshfs is this?
> 
> sshfs can be mounted by unprivileged users and QEMU accesses it like a
> regular file.  So the sshfs approach already works today.

Sure, but compared to having to install and set up sshfs and FUSE,
using this is a lot simpler.  It's also potentially faster since it
cuts out FUSE and context switching to the sshfs process.

BTW I looked into the implementation of sshfs before starting this,
and what it does is to run an 'ssh' client subprocess, then implements
the sftp protocol by hand on top.  So using libssh2 cuts out *two*
external processes (plus FUSE).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

next prev parent reply	other threads:[~2013-03-21 15:39 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-21 13:38 [Qemu-devel] [PATCH] Add support for Secure Shell (ssh) block device Richard W.M. Jones
2013-03-21 13:38 ` [Qemu-devel] [PATCH] block: " Richard W.M. Jones
2013-03-21 15:26   ` Stefan Hajnoczi
2013-03-21 15:39     ` Richard W.M. Jones [this message]
2013-03-21 19:29       ` Stefan Hajnoczi
2013-03-21 19:35   ` Stefan Hajnoczi
2013-03-21 20:31     ` Richard W.M. Jones
2013-03-22 13:04     ` [Qemu-devel] [PATCH] block/curl: Add support for Secure Shell (ssh/sftp) " Richard W.M. Jones
2013-03-22 13:41       ` Stefan Hajnoczi
2013-03-25 12:32       ` Richard W.M. Jones
2013-03-25 13:12         ` Stefan Hajnoczi
2013-03-25 14:36   ` [Qemu-devel] [PATCH] block: Add support for Secure Shell (ssh) " Kevin Wolf
2013-03-25 15:11     ` Richard W.M. Jones
2013-03-26  9:37       ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130321153907.GG1504@rhmail.home.annexia.org \
    --to=rjones@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).