From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45D4AA0032; Wed, 14 Sep 2022 09:42:19 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3615540156; Wed, 14 Sep 2022 09:42:19 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id BECF140141 for ; Wed, 14 Sep 2022 09:42:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663141337; x=1694677337; h=date:from:to:cc:subject:message-id:references: content-transfer-encoding:in-reply-to:mime-version; bh=hcPj4DOPRndkGZsI0ZMmqh5TIVux/nqYibNQd0ngAuw=; b=Vo6fWvjbq2R8Jv6YFsJBLGbB+LQICT68vp1dxDbMJ2WnZCq4jB/mkqus PMXgYrrZ3jF9LJi8J9roNQHi5bZdSGpC01iw+ipEqscu6ezgpjslsmWVN 7Mfvp30fBVJ6CZDn6cHiFDEAyF7EisBJmPk3olFlDGMG9Dok5Pnf/2GGN t38PWt3fhRDLdHOPvfmZsHGeNEdZEz0kcoRIJ4Sjv11FgUBrM09aZufoq M4w6TDulBeJmxosOEPag369aHtYe6/ZoZLAYuTEbme9+9gm7YRlbbDTGz 6ND0+3/6g6Xq87MBIkfhZTT/BKZqwXEBuYRMvL1GARdWQCa7pLR13jZe0 g==; X-IronPort-AV: E=McAfee;i="6500,9779,10469"; a="362325924" X-IronPort-AV: E=Sophos;i="5.93,313,1654585200"; d="scan'208";a="362325924" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2022 00:42:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,313,1654585200"; d="scan'208";a="705870064" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by FMSMGA003.fm.intel.com with ESMTP; 14 Sep 2022 00:42:16 -0700 Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 14 Sep 2022 00:42:15 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Wed, 14 Sep 2022 00:42:15 -0700 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.43) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Wed, 14 Sep 2022 00:42:15 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NuZg5xzGkV2gHfzZR3/q/eRXh0JGVDVsGVK76yD0reU6Di3CpVef0raIXkzckqrNEva8181i6h7BlZ43L/sICzwtxemduzQ9tkl1x5DhbjqQbSGiSg9cYVWcrPu+1esUXB1Arwy+isYTN1ezE2rdhT/Z65c6T+/MQ5xlB1Gmv8ofzOFrpwirAP9qGlT6Lr5zY+QV4yUqm5znrfaOmHzkehiuub9SBs7hd+Y8+1Vk0EeUNybdDnqgEvCmXXZdnN1v83/s4w0KX7Vh/hQG/5yM9KWeEwy6ltSyfHyEVbDH/XdNMdlNBiZyULXdSlmMQyOFJASqwPP5P67u/an0NbFTQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f2dVaVKe3J9tF3xlMCkRhZHrrJUoAiDGw61dXPVBj5Y=; b=SA0ejoW8R1TAkH5hJu+KRjrweon9wH5O3i99lbJTpC9p5eMs1aGVPbDr/4TmIEq2PBrTD3/4buH1akRpnGFkENpCUaFtpzZEgOCt4AVMV2GJgqUfrEhVDlDMuYeo3Mb993U+OuR2kYyAgyhX+LlzYSk0WzV0r+Y9VQ50/xyQvbNf3oKZ9NVV1860tqixm6DXjrrQ/v3vNGyLAFFg5HZfdbcJiIR32y+vCcL2hgMbA/DCuKdQIx31OGj/WSwJT7ixAqhm1LZjITPLldhIchmyUMUdTln7GGMvkMTHHrURyb5Fe5aLOb3LefsfdryiMwrmCw8f5h0AJGPAI6nRnUMlyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from MWHPR11MB1629.namprd11.prod.outlook.com (2603:10b6:301:d::21) by DM8PR11MB5605.namprd11.prod.outlook.com (2603:10b6:8:26::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.12; Wed, 14 Sep 2022 07:42:14 +0000 Received: from MWHPR11MB1629.namprd11.prod.outlook.com ([fe80::13c:8120:d994:16d2]) by MWHPR11MB1629.namprd11.prod.outlook.com ([fe80::13c:8120:d994:16d2%6]) with mapi id 15.20.5612.022; Wed, 14 Sep 2022 07:42:14 +0000 Date: Wed, 14 Sep 2022 08:42:07 +0100 From: Bruce Richardson To: Honnappa Nagarahalli CC: Owen Hilyard , Stanislaw Kardach , Juraj =?utf-8?Q?Linke=C5=A1?= , "thomas@monjalon.net" , David Marchand , "ronan.randles@intel.com" , "Tu, Lijuan" , dev , nd Subject: Re: [PATCH v4 4/9] dts: add ssh pexpect library Message-ID: References: <20220728100044.1318484-1-juraj.linkes@pantheon.tech> <20220729105550.1382664-1-juraj.linkes@pantheon.tech> <20220729105550.1382664-5-juraj.linkes@pantheon.tech> <20220913144149.xbtomt2pzwywnodn@toster> Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ClientProxiedBy: LO4P123CA0269.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:194::22) To MWHPR11MB1629.namprd11.prod.outlook.com (2603:10b6:301:d::21) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWHPR11MB1629:EE_|DM8PR11MB5605:EE_ X-MS-Office365-Filtering-Correlation-Id: 9e7b9e94-2e81-4ff5-fccb-08da9624a3dd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6UGkOSEb1U3dXrBtr05Mx8X2tKT4o+xAz4PzMKHqD9+9/4kij6kXau4JaOJZaYH/X8QcfhcWZyis1Z2nmGBUVvTAR1JTI868LSgIJggEPzoIV5LBSfqBJ+QNyCjERb+7D/C1SG3/HEfUlw95HdZoyk0G84c8a/Nqo8ZPvODtVApYMBEn1SozKHqP7qufPeLKm9zy196mA7dRB5c/qGJM9a48Z0P39NHbHUmKorw1hZ/s0ZCBZKXjz3T5x5xOQ/0tdCsZrsX+JHE06DyZ4jMMELidIjRSdq1EeksCHKLT5gvqo1K+OblK4quxIbAc7s0/EJaBOeO4IJeDf8vyRzcaQfyOrXbT7ZIvGDFDI8wdiJzwd78ba6wH6lPldU0GB7a8EwTCFG0qs2RZxGlVotm+iOFa1OHqUw1bwfwhxjWAw4wbKKux7tFhWpKDGTVyIcKE5h/wkeT0UxxyTzMdUjeEuVWT65t9NaejlL5hbTsUYZ3oCxh6jginwscIS5xlMOUx5u8uLSbFwbXxqw4SckYnx6VCeQjTnSmw2AcxZe9+p7NszFB1iv4Essd9SmHro3ZcWRunMot+oTojYweVunrwP4NoRqE8aO3Vk6NB0TS4ODK3Sung303iuvo0k9eO0bKXlwSpp7CrL5JZUL0tZvLBRmA0MKtpMkiBv+y14DaR2kbI/oSJXzMxA4PL6/KkKQLFHdsfrd2kNAbbnjf/oLWUbQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1629.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(366004)(39860400002)(396003)(346002)(376002)(451199015)(6512007)(186003)(6486002)(26005)(83380400001)(6666004)(8936002)(6506007)(41300700001)(86362001)(478600001)(82960400001)(8676002)(2906002)(5660300002)(66946007)(38100700002)(54906003)(44832011)(316002)(66556008)(6916009)(4326008)(66476007); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RWtiS2VPSEd2ZjFqSjVhTDkrVGNRbGVKcU9OMkVEbGJXWXlJR21XZEFZT3VH?= =?utf-8?B?UHNjVGhhL2Fjakw3T05HTjNCVjM1OFpsNlVnMWtMMHpJV3JoVjdEMEJseGp2?= =?utf-8?B?dmlRcmxmYlp3T2tTMjVhUXc3SmpHamFYL29nVGgwcFcwN0hWSkVyLy9jOGp2?= =?utf-8?B?WGR5NnU3U2N1RC9xbndVWDROcS9ud3huUEtNQWtsYkxWa3pPeklua0VUaDVh?= =?utf-8?B?SWJvK1p0RE5ISkZWY2xKSFNnaXU3Qno4aUpPNnhhcjZ4VUcxd3VDa1M1ZkhR?= =?utf-8?B?UWl0cmZjdnlLWkhCd3NIQTZhMzM5cDlSSWUzOTVlZWhwd0ZMeWw4aDZQL0VD?= =?utf-8?B?WVpYenRoSjFnaHkrUWNNdnR2MzNBNVNoRTl2dTVlY0syU3BITUFQTWVCR1du?= =?utf-8?B?S1ZTZy9vdVF3YXF3Q2dVZEN0V3pXaTBOK1NpUFNTdlZsSkx5ZEVVM1lBaFh0?= =?utf-8?B?ZEhQYWRubE5JREZmK0hlbzRxM0ptelNNZitLaXBxTjR5NTg5SSswOUJpeThi?= =?utf-8?B?c1Bqa2FYMG5lczNueVlhOGFxS01MV1lYTXRpcEJtREpzRml1bys0dE1PRmVO?= =?utf-8?B?dWh5TGQ4NHFxelZIQzNFMFZDQTVJMDUrM1lxVFVWN2N4blpwd2NWcUFvbmhZ?= =?utf-8?B?N0U3Z0xXajVCTnVySXBOenRDbHBVQm5uWDNHZ2ZNTnY2cE1rZnlYZ2UvMy9B?= =?utf-8?B?Yk9GMFBuUG40V3dtY3FuV1RBbzJQbUNmS2lodGo3OGlodktEeit0VEpYbDla?= =?utf-8?B?aUJFVmk0S2xGNXJmR05ubXB2UEFzL09wMDhzR2t1czkyS2dFaURzU3dPTmts?= =?utf-8?B?RXBSRHg0cGZjUStiQndYb0RxakozbDNaU2ZaK3JCdWdVZS9tY0l0ZGFSZmI5?= =?utf-8?B?K014TlpaSXhOUFpYamM0MmRkaVlLV2FrK3NsRHJTdUFncjFleDNBbTJhbEgz?= =?utf-8?B?Q0VLRmRVaWZyVlJGT2pGdHMxWThmRnpjeDhIMTdjblMxcWw1V2lYQVdWNUEv?= =?utf-8?B?Y2tEMVErbXprVVROMFNJeitRSTZyS2c4TU1TYlB5OVV5NlZ6WXc5NUxmYzN2?= =?utf-8?B?T3pIMFlCTWczd0hxZENUellEOHhGWTUvUVM3R3k2cVFydGFFdm1MczJWY1VM?= =?utf-8?B?aHJVUm15cCtSNTRnSXZINlVFRXlpOE5CTlRpWmtmZC90UmV4TVlaNUNiWWtk?= =?utf-8?B?RUlvclJPUnl3Q1lMNEpyOG4xMTdkQmM2SFZhdk0rMlZwQkd0SkpINW4vZitY?= =?utf-8?B?aDFpLzkxaXFCRDJ0dnBsRFhOSjJmdmFxTGxxcFV6NldXRUhLUmtudlo2OGNY?= =?utf-8?B?L2h3d2ROQk1pZkV3T1RMejdiVm1FcFJhM0t5RG01Rmx3d2UwV1BxL1h0clVa?= =?utf-8?B?aGhWZFYzY3l4SjVhTmk2Z0k1aWFxaFdvNjV6bGJrWkI2VG1JSVNQdTQvZVhB?= =?utf-8?B?SDJIRWM3Rk5xTEZYclh3bis1OTZCVzhYcWRxenNlUmRMblkxRkxnYzc1OXRn?= =?utf-8?B?WURFTTBYMW8yZTVRYzJlL013VHpEZnF0VkJRSFNkSWRXajBkTG4ycFJDRVRW?= =?utf-8?B?QnRPU0toNVdBNzlRNmJocldYOEFRaGNRaGZhWjhjUDRVTmU3Tll3cEF0TE85?= =?utf-8?B?RXl3Um1KVWw2TThsalpqdDNvUCtvZ1hrVjBmV0pxWGlHSEhrMTJVdERKSzRF?= =?utf-8?B?NXB2azlUWUp0RmhLYTFBdUdRMmdTYnFHRW5qOUxLdjN0RTRuUmpQSjd2b1By?= =?utf-8?B?a0FNTkJsOVI0RHUrUnhmREVUN1JJS2Vxc3NKV2g3L2ZMTDF0WklDU3YvcTl3?= =?utf-8?B?SXZFUmEvZWZRd1NXVStXaDd0Z2hydE5HSUFoOXJsM21aWUNmMEdIN0pDREd1?= =?utf-8?B?SGZ3WEJrY0RsanhBd3k2UnZ3bU9TbUNwOG9VaUFIeExndE5xRFpMdlBFek9E?= =?utf-8?B?M2pyTXNlUDM3YWo1WHNmRDNkZWx2NGZmOXArYWZQNk9FOFQxOFRuc0wwSDRr?= =?utf-8?B?anNaMmNoKzZ5VlVIRk5DSlU5SVVSdlRrWUxIbDE3VmY1cGFoV0t2a0U2bDJO?= =?utf-8?B?ZW9VOHBwQm9HcTJLTU9iZWNuODZySlk3dlVNTHNBZVk4clRvblU0Mll6NnJQ?= =?utf-8?B?eTh3dklTRENEalA3cUlWRENLQ3VXY0krSy80K25ZeElLYnZqY0trc0d2VlJC?= =?utf-8?B?UWc9PQ==?= X-MS-Exchange-CrossTenant-Network-Message-Id: 9e7b9e94-2e81-4ff5-fccb-08da9624a3dd X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1629.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2022 07:42:14.0913 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2PxFY8QKQsyqlx+E4+VrGwxevJ5v7ZF7tdjkrgdvypZA6iqOAWENqLvIsFhlSxgm4bnvtJPoEff/xsQfzRxk8e9Nw5OnETakWBtc+kK0r0E= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR11MB5605 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Wed, Sep 14, 2022 at 12:03:34AM +0000, Honnappa Nagarahalli wrote: > > > > On Fri, Jul 29, 2022 at 10:55:45AM +0000, Juraj Linkeš wrote: > > > + self.session = pxssh.pxssh(encoding="utf-8") > > + self.session.login( > > + self.node, > > + self.username, > > + self.password, > > + original_prompt="[$#>]", > > + > password_regex=r"(?i)(?:password:)|(?:passphrase for > key)|(?i)(password for .+:)", > > + ) > > + [1]self.logger.info(f"Connection to {self.node} > succeeded") > > + self.send_expect("stty -echo", "#") > > + self.send_expect("stty columns 1000", "#") > First of all, thanks for those changes! Having DTS inside DPDK makes > test synchronization a lot easier. I'm happy to say (unsurprisingly) > that it works with my RISC-V HiFive Unmatched board like a charm. > > > Though there is a small issue with the lines above. They assume "#" > as > the prompt sign, even though original_prompt was set to "[$#>]". > This > touches on two problems: > 1. # is usually a root prompt - is DTS assumed to be run with root > privileges? DPDK may (in theory) run without them with some > permission > adjustment (hugetlb, VFIO container, etc.). If we assume DTS > needs > root access, this has to be both documented and validated before > running the whole suite. Otherwise it'll be hard to debug. > > > Around a year ago there were some attempts to get DTS to not require > root. This ended up running into issues because DTS sets up drivers for > you, which requires root as far as I know, as well as setting up > hugepages, which I think also requires root. The current version of DTS > can probably run without root, but it will probably stop working as > soon as DTS starts interacting with PCI devices. Elevating privileges > using pkexec or sudo is less portable and would require supporting a > lot more forms of authentication (kerberos/ldap for enterprise > deployments, passwords, 2fa, etc). It is much easier to say that the > default SSH agent must provide root access to the SUT and Traffic > Generator either with a password or pre-configured passwordless > authentication (ssh keys, kerberos, etc). > > [Honnappa] One of the feedback we collected asks to deprecate the use > of clear text passwords in config files and root user. It suggests to > use keys and sudo. It is a ‘Must Have’ item. > > > I agree it should be documented. I honestly didn't consider that anyone > would try running DTS as a non-root user. > > [Honnappa] +1 for supporting root users for now and documenting. > > > 2. Different shells use different prompts on different distros. > Hence > perhaps there should be a regex here (same as with > original_prompt) > and there could be a conf.yaml option to modify it on a per-host > basis? > > > As far as customizing the prompts, I think that is doable via a > configuration option. > As far as different shells, I don't think we were planning to support > anything besides either bash or posix-compatible shells. At the moment > all of the community lab systems use bash, and for ease of test > development it will be easier to mandate that everyone uses one shell. > Otherwise DTS CI will need to run once for each shell to catch issues, > which in my opinion are resources better spent on more in-depth testing > of DTS and DPDK. > > [Honnappa] +1 for using just bash, we can document this as well. > I would agree overall. Just supporting one shell is fine - certainly for now. Also completely agree that we need to remove hard-coded passwords and ideally non-root. However, I think for the initial versions the main thing should be removing the passwords so I would be ok for keeping the "root" login requirement, so long as we support using ssh keys for login rather than hard-coded passwords. /Bruce