From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9BA8E438A3; Fri, 12 Jan 2024 15:59:37 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5AAA240633; Fri, 12 Jan 2024 15:59:37 +0100 (CET) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mails.dpdk.org (Postfix) with ESMTP id 01310402AD for ; Fri, 12 Jan 2024 15:59:35 +0100 (CET) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d4a2526a7eso40147545ad.3 for ; Fri, 12 Jan 2024 06:59:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; t=1705071575; x=1705676375; darn=dpdk.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oNdpD3nWG0DMYJN3sLmZLEhzB108iCdg61mgzG/S8Yk=; b=J9H95hbi7mKjjXvuHt4hj/xvk3Ck+mFzWcxFxLtACIvmg7Iuisl6FTS0hFHl6HNE/b ZceHsgM7Eionn9+w082/uVRb3I+tdsCUX5enR0CP4Xn8eOl1dPQIlK5EOqG5Hinidb8r nn7SmT6wOHNLntL1Z8aTVRXoOHqyni6VNHj6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705071575; x=1705676375; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oNdpD3nWG0DMYJN3sLmZLEhzB108iCdg61mgzG/S8Yk=; b=cg+Hwn+qy0muJjAXWzULWCwEVFQOzYLn7ZQLuGSecgqpCQSRzIMOeYJh8MbNkSJbei 1RA1inGxzmgrsYJp3FydTykZSidTJ8iZZkTI/S9gMIudB00d6kxaVI1uIDVu1gBSfHqz VxSHeeBenCcG7yoCZoWvS/Y4y66J/+bYhVefXxrkP+C02iAweWO3F0QN2sX9GtdUhdC0 Y9UPRUwumhoAc4uwhMFBtD0dja5j3/YKmpp04mV2xddx33KiAkWFO4489medI/xFW1Er xcUtJssNVYKS0a81usAUasVBjrO6wNDD/PiKxd6G6jvDpFEWEulo0s1WvdiFWziLa7Va dacA== X-Gm-Message-State: AOJu0YwFpYyFpkuxkADwu9ddkgRJ45oFYW/ouM6GQ4kMFVn7QK9TNwGG eNnwZv1xx+CBxr3eOcBlBX7fJOT/upC4z/9p7+yrV2ZckL4/hw== X-Google-Smtp-Source: AGHT+IEjBuNYfNMm9S77N/cg28HdZF3ZujgF4ejx5BYhm9EKNTbV6jXb8NHnEuNCTb/5FxJG0ExN5dOR5jQbe2XBqHY= X-Received: by 2002:a17:90b:3696:b0:28b:6d33:a3c6 with SMTP id mj22-20020a17090b369600b0028b6d33a3c6mr1203654pjb.25.1705071575017; Fri, 12 Jan 2024 06:59:35 -0800 (PST) MIME-Version: 1.0 References: <20240111213505.4577-2-jspewock@iol.unh.edu> <20240111222608.13239-1-jspewock@iol.unh.edu> In-Reply-To: From: Jeremy Spewock Date: Fri, 12 Jan 2024 09:59:23 -0500 Message-ID: Subject: Re: [PATCH v3] dts: add Dockerfile To: =?UTF-8?Q?Juraj_Linke=C5=A1?= Cc: Honnappa.Nagarahalli@arm.com, thomas@monjalon.net, wathsala.vithanage@arm.com, probb@iol.unh.edu, paul.szczepanek@arm.com, yoan.picchi@foss.arm.com, dev@dpdk.org Content-Type: multipart/alternative; boundary="0000000000008bbf01060ec0e936" X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --0000000000008bbf01060ec0e936 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 12, 2024 at 5:23=E2=80=AFAM Juraj Linke=C5=A1 wrote: > > diff --git a/dts/.devcontainer/devcontainer.json > b/dts/.devcontainer/devcontainer.json > > new file mode 100644 > > index 0000000000..6313cd3ded > > --- /dev/null > > +++ b/dts/.devcontainer/devcontainer.json > > @@ -0,0 +1,33 @@ > > +// For format details, see https://aka.ms/devcontainer.json. For > config options, see the README at: > > +// > https://github.com/microsoft/vscode-dev-containers/tree/v0.241.1/containe= rs/docker-existing-dockerfile > > +{ > > + "name": "Existing Dockerfile", > > + > > + // Sets the run context to one level up instead of the > .devcontainer folder. > > + "context": "..", > > + > > + // Update the 'dockerFile' property if you aren't using the > standard 'Dockerfile' filename. > > + "dockerFile": "../Dockerfile", > > + > > + // Use 'forwardPorts' to make a list of ports inside the > container available locally. > > + // "forwardPorts": [], > > + > > + // Uncomment the next line to run commands after the container > is created - for example installing curl. > > The next line is uncommented, we should update or remove the comment. > Good catch, I'll change this. > > > + "postCreateCommand": "poetry install --no-root", > > + > > + "extensions": [ > > + "ms-python.vscode-pylance", > > + ] > > + > > + // Uncomment when using a ptrace-based debugger like C++, Go, > and Rust > > + // "runArgs": [ "--cap-add=3DSYS_PTRACE", "--security-opt", > "seccomp=3Dunconfined" ], > > + > > + // Uncomment to use the Docker CLI from inside the container. > See https://aka.ms/vscode-remote/samples/docker-from-docker. > > + // "mounts": [ > "source=3D/var/run/docker.sock,target=3D/var/run/docker.sock,type=3Dbind"= ], > > + > > + // Uncomment to mount your SSH keys into the devcontainer used > by vscode. > > + // "mounts": > ["source=3D${localEnv:HOME}/.ssh,destination=3D/root/.ssh,type=3Dbind,rea= donly"] > > Should this SSH key correspond to the user below? > On one hand I agree it would be better to unify the two options, but on the other we don't make a remote user in the docker image so the option below can't be used anyway. I would be more in favor of just removing the remoteUser option and leaving this the way it is as that would line up better with what you can actually do with the container image we provide. Leaving it as a stub for something that could be done isn't a bad either though, or I could also add the remote user to the container, but I don't really see the need for a non-root user for running DTS currently. > > > + > > + // Uncomment to connect as a non-root user if you've added one. > See https://aka.ms/vscode-remote/containers/non-root. > > + // "remoteUser": "vscode" > > +} > > > > > diff --git a/dts/README.md b/dts/README.md > > new file mode 100644 > > index 0000000000..dc88ec585e > > --- /dev/null > > +++ b/dts/README.md > > @@ -0,0 +1,70 @@ > > > +#### Start docker container with SSH keys > > + > > +```shell > > +docker build --target dev -t dpdk-dts . > > +docker run -v $(pwd)/..:/dpdk -v /home/dtsuser/.ssh:/root/.ssh:ro -it > dpdk-dts bash > > We talked about possibly baking the key into the image, but this seems > safer and pretty easy to use. > I understand this is tailored to the lab and I'm thinking about other > possible use cases, but it seems there would only be convoluted ones > (possibly with some extra security considerations, which is generally > not needed for testing purposes) where this doesn't do what we want it > to. I'd say this is good enough. > > > +$ poetry install > > +$ poetry shell > > +``` > > + > --0000000000008bbf01060ec0e936 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


<= div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jan 12, 2024 at 5:23=E2=80=AFA= M Juraj Linke=C5=A1 <juraj.linkes@pantheon.tech> wrote:
> diff --git a/dts/.devcon= tainer/devcontainer.json b/dts/.devcontainer/devcontainer.json
> new file mode 100644
> index 0000000000..6313cd3ded
> --- /dev/null
> +++ b/dts/.devcontainer/devcontainer.json
> @@ -0,0 +1,33 @@
> +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
> +// https://github.com/microsoft/vscode-dev-containers/tree/v0.241.= 1/containers/docker-existing-dockerfile
> +{
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0"name": "Existing Dockerfil= e",
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Sets the run context to one level up in= stead of the .devcontainer folder.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0"context": "..",
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Update the 'dockerFile' propert= y if you aren't using the standard 'Dockerfile' filename.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0"dockerFile": "../Dockerfil= e",
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Use 'forwardPorts' to make a li= st of ports inside the container available locally.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// "forwardPorts": [],
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Uncomment the next line to run commands= after the container is created - for example installing curl.

The next line is uncommented, we should update or remove the comment.

Good catch, I'll change this.
=C2=A0

> +=C2=A0 =C2=A0 =C2=A0 =C2=A0"postCreateCommand": "poetr= y install --no-root",
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0"extensions": [
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"ms-pytho= n.vscode-pylance",
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0]
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Uncomment when using a ptrace-based deb= ugger like C++, Go, and Rust
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// "runArgs": [ "--cap-add= =3DSYS_PTRACE", "--security-opt", "seccomp=3Dunconfined= " ],
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Uncomment to use the Docker CLI from in= side the container. See https://aka.ms/vscode= -remote/samples/docker-from-docker.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// "mounts": [ "source=3D/v= ar/run/docker.sock,target=3D/var/run/docker.sock,type=3Dbind" ],
> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Uncomment to mount your SSH keys into t= he devcontainer used by vscode.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// "mounts": ["source=3D${l= ocalEnv:HOME}/.ssh,destination=3D/root/.ssh,type=3Dbind,readonly"]

Should this SSH key correspond to the user below?

=
On one hand I agree it would be better to unify the two options, but on= the other we don't make a remote user in the docker image so the optio= n below can't be used anyway. I would be more in favor of just removing= the remoteUser option and leaving this the way it is as that would line up= better with what you can actually do with the container image we provide.<= /div>
Leaving it as a stub for something that could be done isn't a bad eith= er though, or I could also add the remote user to the container, but I don&= #39;t really see the need for a non-root user for running DTS currently.
=C2=A0

> +
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// Uncomment to connect as a non-root user= if you've added one. See https://aka.ms/vscode-= remote/containers/non-root.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0// "remoteUser": "vscode&qu= ot;
> +}

<snip>

> diff --git a/dts/README.md b/dts/README.md
> new file mode 100644
> index 0000000000..dc88ec585e
> --- /dev/null
> +++ b/dts/README.md
> @@ -0,0 +1,70 @@
<snip>
> +#### Start docker container with SSH keys
> +
> +```shell
> +docker build --target dev -t dpdk-dts .
> +docker run -v $(pwd)/..:/dpdk -v /home/dtsuser/.ssh:/root/.ssh:ro -it= dpdk-dts bash

We talked about possibly baking the key into the image, but this seems
safer and pretty easy to use.
I understand this is tailored to the lab and I'm thinking about other possible use cases, but it seems there would only be convoluted ones
(possibly with some extra security considerations, which is generally
not needed for testing purposes) where this doesn't do what we want it<= br> to. I'd say this is good enough.
=C2=A0
> +$ poetry install
> +$ poetry shell
> +```
> +
--0000000000008bbf01060ec0e936--