From: Owen Hilyard <ohilyard@iol.unh.edu>
To: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
Cc: "Bruce Richardson" <bruce.richardson@intel.com>,
"Stanislaw Kardach" <kda@semihalf.com>,
"Juraj Linkeš" <juraj.linkes@pantheon.tech>,
"thomas@monjalon.net" <thomas@monjalon.net>,
"David Marchand" <david.marchand@redhat.com>,
"ronan.randles@intel.com" <ronan.randles@intel.com>,
"Tu, Lijuan" <lijuan.tu@intel.com>, dev <dev@dpdk.org>,
nd <nd@arm.com>
Subject: Re: [PATCH v4 4/9] dts: add ssh pexpect library
Date: Mon, 19 Sep 2022 10:21:33 -0400 [thread overview]
Message-ID: <CAHx6DYDJu0pCvU6+R641MrcYOZ9sCRzHNd8Vv8TEzs8ur_qxew@mail.gmail.com> (raw)
In-Reply-To: <DBAPR08MB581466FA15EFD3481C1BF9F698469@DBAPR08MB5814.eurprd08.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 5447 bytes --]
On Wed, Sep 14, 2022 at 3:57 PM Honnappa Nagarahalli <
Honnappa.Nagarahalli@arm.com> wrote:
> <snip>
>
> > >
> > > On Fri, Jul 29, 2022 at 10:55:45AM +0000, Juraj Linkeš wrote:
> > > <snip>
> > > > + self.session = pxssh.pxssh(encoding="utf-8")
> > > > + self.session.login(
> > > > + self.node,
> > > > + self.username,
> > > > + self.password,
> > > > + original_prompt="[$#>]",
> > > > +
> > > password_regex=r"(?i)(?:password:)|(?:passphrase for
> > > key)|(?i)(password for .+:)",
> > > > + )
> > > > + [1]self.logger.info(f"Connection to
> {self.node}
> > > succeeded")
> > > > + self.send_expect("stty -echo", "#")
> > > > + self.send_expect("stty columns 1000", "#")
> > > First of all, thanks for those changes! Having DTS inside DPDK
> makes
> > > test synchronization a lot easier. I'm happy to say
> (unsurprisingly)
> > > that it works with my RISC-V HiFive Unmatched board like a charm.
> > >
> > >
> > > Though there is a small issue with the lines above. They assume
> "#"
> > > as
> > > the prompt sign, even though original_prompt was set to "[$#>]".
> > > This
> > > touches on two problems:
> > > 1. # is usually a root prompt - is DTS assumed to be run with root
> > > privileges? DPDK may (in theory) run without them with some
> > > permission
> > > adjustment (hugetlb, VFIO container, etc.). If we assume DTS
> > > needs
> > > root access, this has to be both documented and validated
> before
> > > running the whole suite. Otherwise it'll be hard to debug.
> > >
> > >
> > > Around a year ago there were some attempts to get DTS to not require
> > > root. This ended up running into issues because DTS sets up drivers
> for
> > > you, which requires root as far as I know, as well as setting up
> > > hugepages, which I think also requires root. The current version of
> DTS
> > > can probably run without root, but it will probably stop working as
> > > soon as DTS starts interacting with PCI devices. Elevating
> privileges
> > > using pkexec or sudo is less portable and would require supporting a
> > > lot more forms of authentication (kerberos/ldap for enterprise
> > > deployments, passwords, 2fa, etc). It is much easier to say that the
> > > default SSH agent must provide root access to the SUT and Traffic
> > > Generator either with a password or pre-configured passwordless
> > > authentication (ssh keys, kerberos, etc).
> > >
> > > [Honnappa] One of the feedback we collected asks to deprecate the
> use
> > > of clear text passwords in config files and root user. It suggests
> to
> > > use keys and sudo. It is a ‘Must Have’ item.
> > >
> > >
> > > I agree it should be documented. I honestly didn't consider that
> anyone
> > > would try running DTS as a non-root user.
> > >
> > > [Honnappa] +1 for supporting root users for now and documenting.
> > >
> > >
> > > 2. Different shells use different prompts on different distros.
> > > Hence
> > > perhaps there should be a regex here (same as with
> > > original_prompt)
> > > and there could be a conf.yaml option to modify it on a
> per-host
> > > basis?
> > >
> > >
> > > As far as customizing the prompts, I think that is doable via a
> > > configuration option.
> > > As far as different shells, I don't think we were planning to
> support
> > > anything besides either bash or posix-compatible shells. At the
> moment
> > > all of the community lab systems use bash, and for ease of test
> > > development it will be easier to mandate that everyone uses one
> shell.
> > > Otherwise DTS CI will need to run once for each shell to catch
> issues,
> > > which in my opinion are resources better spent on more in-depth
> testing
> > > of DTS and DPDK.
> > >
> > > [Honnappa] +1 for using just bash, we can document this as well.
> > >
> >
> > I would agree overall. Just supporting one shell is fine - certainly for
> now. Also
> > completely agree that we need to remove hard-coded passwords and ideally
> > non-root. However, I think for the initial versions the main thing
> should be
> > removing the passwords so I would be ok for keeping the "root"
> > login requirement, so long as we support using ssh keys for login rather
> than
> > hard-coded passwords.
> I would be for dropping support for the hard-coded passwords completely.
> Setting up the password-less SSH is straightforward (not sure if you meant
> the same).
>
> >
> > /Bruce
>
I think the question is whether there are any platforms/devices that should
be tested by DTS that do not support passwordless SSH. Right now, the
community lab is using SSH keys for everything. If Intel also doesn't need
passwords, then it's up to the community whether to support them at all. It
does make it a lot easier on DTS if we can just require that the active
OpenSSH agent can log into all of the systems involved without a password.
This would also make it easier to enable AD authentication for Windows.
[-- Attachment #2: Type: text/html, Size: 6921 bytes --]
next prev parent reply other threads:[~2022-09-19 14:22 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 12:14 [PATCH v1 0/8] dts: ssh connection to a node Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 1/8] dts: add ssh pexpect library Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 2/8] dts: add locks for parallel node connections Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 3/8] dts: add ssh connection extension Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 4/8] dts: add basic logging facility Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 5/8] dts: add Node base class Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 6/8] dts: add config parser module Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 7/8] dts: add dts runtime workflow module Juraj Linkeš
2022-06-22 12:14 ` [PATCH v1 8/8] dts: add main script for running dts Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 0/8] ssh connection to a node Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 1/8] dts: add basic logging facility Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 2/8] dts: add ssh pexpect library Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 3/8] dts: add locks for parallel node connections Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 4/8] dts: add ssh connection extension Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 5/8] dts: add config parser module Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 6/8] dts: add Node base class Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 7/8] dts: add dts workflow module Juraj Linkeš
2022-07-11 14:51 ` [PATCH v2 8/8] dts: add dts executable script Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 0/9] dts: ssh connection to a node Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 1/9] dts: add project tools config Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 2/9] dts: add developer tools Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 3/9] dts: add basic logging facility Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 4/9] dts: add ssh pexpect library Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 5/9] dts: add ssh connection extension Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 6/9] dts: add config parser module Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 7/9] dts: add Node base class Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 8/9] dts: add dts workflow module Juraj Linkeš
2022-07-28 10:00 ` [PATCH v3 9/9] dts: add dts executable script Juraj Linkeš
2022-07-29 10:55 ` [PATCH v4 0/9] dts: ssh connection to a node Juraj Linkeš
2022-07-29 10:55 ` [PATCH v4 1/9] dts: add project tools config Juraj Linkeš
2022-08-10 6:30 ` Tu, Lijuan
2022-09-07 16:16 ` Bruce Richardson
2022-09-09 13:38 ` Juraj Linkeš
2022-09-09 13:52 ` Bruce Richardson
2022-09-09 14:13 ` Juraj Linkeš
2022-09-12 14:06 ` Owen Hilyard
2022-09-12 15:15 ` Bruce Richardson
2022-09-13 12:08 ` Juraj Linkeš
2022-09-13 14:18 ` Bruce Richardson
2022-09-13 19:03 ` Honnappa Nagarahalli
2022-09-13 19:19 ` Honnappa Nagarahalli
2022-09-14 9:37 ` Thomas Monjalon
2022-09-14 12:55 ` Juraj Linkeš
2022-09-14 13:11 ` Bruce Richardson
2022-09-14 14:28 ` Thomas Monjalon
2022-09-21 10:49 ` Juraj Linkeš
2022-09-13 19:11 ` Honnappa Nagarahalli
2022-07-29 10:55 ` [PATCH v4 2/9] dts: add developer tools Juraj Linkeš
2022-08-10 6:30 ` Tu, Lijuan
2022-09-07 16:37 ` Bruce Richardson
2022-09-13 12:38 ` Juraj Linkeš
2022-09-13 20:38 ` Honnappa Nagarahalli
2022-09-14 7:37 ` Bruce Richardson
2022-09-14 12:45 ` Juraj Linkeš
2022-09-14 13:13 ` Bruce Richardson
2022-09-14 14:26 ` Thomas Monjalon
2022-09-14 19:08 ` Honnappa Nagarahalli
2022-09-20 12:14 ` Juraj Linkeš
2022-09-20 12:22 ` Tu, Lijuan
2022-07-29 10:55 ` [PATCH v4 3/9] dts: add basic logging facility Juraj Linkeš
2022-08-10 6:31 ` Tu, Lijuan
2022-09-08 8:31 ` Bruce Richardson
2022-09-13 12:52 ` Juraj Linkeš
2022-09-13 23:31 ` Honnappa Nagarahalli
2022-09-14 12:51 ` Juraj Linkeš
2022-07-29 10:55 ` [PATCH v4 4/9] dts: add ssh pexpect library Juraj Linkeš
2022-08-10 6:31 ` Tu, Lijuan
2022-09-08 9:53 ` Bruce Richardson
2022-09-13 13:36 ` Juraj Linkeš
2022-09-13 14:23 ` Bruce Richardson
2022-09-13 14:59 ` Stanislaw Kardach
2022-09-13 17:23 ` Owen Hilyard
2022-09-14 0:03 ` Honnappa Nagarahalli
2022-09-14 7:42 ` Bruce Richardson
2022-09-14 7:58 ` Stanislaw Kardach
2022-09-14 19:57 ` Honnappa Nagarahalli
2022-09-19 14:21 ` Owen Hilyard [this message]
2022-09-20 17:54 ` Honnappa Nagarahalli
2022-09-21 1:01 ` Tu, Lijuan
2022-09-21 5:37 ` Jerin Jacob
2022-09-22 9:03 ` Juraj Linkeš
2022-09-14 9:42 ` Stanislaw Kardach
2022-09-22 9:41 ` Juraj Linkeš
2022-09-22 14:32 ` Stanislaw Kardach
2022-09-23 7:22 ` Juraj Linkeš
2022-09-23 8:15 ` Bruce Richardson
2022-09-23 10:18 ` Stanislaw Kardach
2022-07-29 10:55 ` [PATCH v4 5/9] dts: add ssh connection extension Juraj Linkeš
2022-08-10 6:32 ` Tu, Lijuan
2022-09-13 17:04 ` Bruce Richardson
2022-09-13 17:32 ` Owen Hilyard
2022-09-14 7:46 ` Bruce Richardson
2022-09-14 12:02 ` Owen Hilyard
2022-09-14 13:15 ` Bruce Richardson
2022-07-29 10:55 ` [PATCH v4 6/9] dts: add config parser module Juraj Linkeš
2022-08-10 6:33 ` Tu, Lijuan
2022-09-13 17:19 ` Bruce Richardson
2022-09-13 17:47 ` Owen Hilyard
2022-09-14 7:48 ` Bruce Richardson
2022-07-29 10:55 ` [PATCH v4 7/9] dts: add Node base class Juraj Linkeš
2022-08-10 6:33 ` Tu, Lijuan
2022-07-29 10:55 ` [PATCH v4 8/9] dts: add dts workflow module Juraj Linkeš
2022-08-10 6:34 ` Tu, Lijuan
2022-07-29 10:55 ` [PATCH v4 9/9] dts: add dts executable script Juraj Linkeš
2022-08-10 6:35 ` Tu, Lijuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHx6DYDJu0pCvU6+R641MrcYOZ9sCRzHNd8Vv8TEzs8ur_qxew@mail.gmail.com \
--to=ohilyard@iol.unh.edu \
--cc=Honnappa.Nagarahalli@arm.com \
--cc=bruce.richardson@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=juraj.linkes@pantheon.tech \
--cc=kda@semihalf.com \
--cc=lijuan.tu@intel.com \
--cc=nd@arm.com \
--cc=ronan.randles@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).