From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B74701FF17A
	for <inbox@lore.proxmox.com>; Fri,  4 Jul 2025 18:20:02 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 6D41A3BB67;
	Fri,  4 Jul 2025 18:20:44 +0200 (CEST)
From: "Max R. Carrara" <m.carrara@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri,  4 Jul 2025 18:20:09 +0200
Message-Id: <20250704162011.402195-1-m.carrara@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.078 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH v2 pve-storage-plugin-examples 0/2] SSHFS
 Example Storage Plugin
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

SSHFS Example Storage Plugin - v2
=================================

Add a custom storage plugin based on SSHFS [0] to serve as an example
for an upcoming storage plugin development guide. This plugin should
also be ready for production usage, though it would be nice to get some
more testing (and potentially performance-tuning) done.

Previous version: https://lore.proxmox.com/pve-devel/20250416124735.320256-1-m.carrara@proxmox.com/

Notable Changes
---------------

- incorporated feedback on v1 (thanks Thomas!)

  - private key is now passed by value instead of by path in order to
    avoid TOCTOU races
    - this still isn't perfectly ideal, but better than before

  - use a separate known_hosts file for each SSHFS storage instead of
    /etc/pve/priv/known_hosts
    - this means that /etc/pve/priv/storage/${STOREID}_known_hosts is
      now used

  - allow overwriting an existing key file that wasn't cleaned up in
    /etc/pve/priv/storage/ when creating an SSHFS storage

  - Use the StrictHostKeyChecking=accept-new SSH option to trust the
    remote on first use if connecting to it via pubkey auth succeeds

- minor code cleanup & readability improvements here and there
- format via perltidy w/ our custom profile

How to Use & Test
-----------------

(updated because of changes to parameters)

You'll need some kind guest you can SSH into with pubkey auth.
On that host, it's best to create some directory for SSHFS, e.g.:

    mkdir -p /srv/sshfs && chmod 750 /srv/sshfs

The plugin can easily be built via `make deb` inside
`plugin-sshfs/`. Once built and installed on a different PVE host
of your choice, you should first deploy a private key for SSHFS, e.g.:

  ssh-copy-id -i ~/.ssh/id_my_private_key [USER]@[HOST]

Then, using the deployed key, the storage can be added as follows:

  pvesm add sshfs [STOREID] \
    --username [USER] \
    --server [HOST] \
    --path /mnt/path/to/storage \
    --remote-path /srv/sshfs \
    --sshfs-private-key "$(cat ~/.ssh/id_my_private_key)"

The storage should then pop up in the UI. It should be functionally
equivalent to most other dir-based network storages, except that imports
aren't supported in order to keep the example from becoming too complex.

References
----------

[0]: https://github.com/libfuse/sshfs

Older Versions
--------------

v1: https://lore.proxmox.com/pve-devel/20250416124735.320256-1-m.carrara@proxmox.com/
rfc-v1: https://lore.proxmox.com/pve-devel/20250328171209.503132-1-m.carrara@proxmox.com/

Summary of Changes
------------------

Max R. Carrara (2):
  plugin-sshfs: add example for custom storage plugin for SSHFS
  plugin-sshfs: package the SSHFS example plugin

 Makefile                                      |   1 +
 plugin-sshfs/Makefile                         |  71 ++++
 plugin-sshfs/debian/changelog                 |   5 +
 plugin-sshfs/debian/control                   |  22 +
 plugin-sshfs/debian/copyright                 |  20 +
 plugin-sshfs/debian/rules                     |   8 +
 plugin-sshfs/debian/source/format             |   1 +
 plugin-sshfs/debian/triggers                  |   1 +
 .../src/PVE/Storage/Custom/SSHFSPlugin.pm     | 395 ++++++++++++++++++
 9 files changed, 524 insertions(+)
 create mode 100644 plugin-sshfs/Makefile
 create mode 100644 plugin-sshfs/debian/changelog
 create mode 100644 plugin-sshfs/debian/control
 create mode 100644 plugin-sshfs/debian/copyright
 create mode 100755 plugin-sshfs/debian/rules
 create mode 100644 plugin-sshfs/debian/source/format
 create mode 100644 plugin-sshfs/debian/triggers
 create mode 100644 plugin-sshfs/src/PVE/Storage/Custom/SSHFSPlugin.pm

-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel