From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id 45D4AA0032;
Wed, 14 Sep 2022 09:42:19 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id 3615540156;
Wed, 14 Sep 2022 09:42:19 +0200 (CEST)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
by mails.dpdk.org (Postfix) with ESMTP id BECF140141
for <dev@dpdk.org>; Wed, 14 Sep 2022 09:42:17 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1663141337; x=1694677337;
h=date:from:to:cc:subject:message-id:references:
content-transfer-encoding:in-reply-to:mime-version;
bh=hcPj4DOPRndkGZsI0ZMmqh5TIVux/nqYibNQd0ngAuw=;
b=Vo6fWvjbq2R8Jv6YFsJBLGbB+LQICT68vp1dxDbMJ2WnZCq4jB/mkqus
PMXgYrrZ3jF9LJi8J9roNQHi5bZdSGpC01iw+ipEqscu6ezgpjslsmWVN
7Mfvp30fBVJ6CZDn6cHiFDEAyF7EisBJmPk3olFlDGMG9Dok5Pnf/2GGN
t38PWt3fhRDLdHOPvfmZsHGeNEdZEz0kcoRIJ4Sjv11FgUBrM09aZufoq
M4w6TDulBeJmxosOEPag369aHtYe6/ZoZLAYuTEbme9+9gm7YRlbbDTGz
6ND0+3/6g6Xq87MBIkfhZTT/BKZqwXEBuYRMvL1GARdWQCa7pLR13jZe0 g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10469"; a="362325924"
X-IronPort-AV: E=Sophos;i="5.93,313,1654585200"; d="scan'208";a="362325924"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
14 Sep 2022 00:42:16 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,313,1654585200"; d="scan'208";a="705870064"
Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82])
by FMSMGA003.fm.intel.com with ESMTP; 14 Sep 2022 00:42:16 -0700
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31; Wed, 14 Sep 2022 00:42:15 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.31 via Frontend Transport; Wed, 14 Sep 2022 00:42:15 -0700
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.43) by
edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.1.2375.31; Wed, 14 Sep 2022 00:42:15 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NuZg5xzGkV2gHfzZR3/q/eRXh0JGVDVsGVK76yD0reU6Di3CpVef0raIXkzckqrNEva8181i6h7BlZ43L/sICzwtxemduzQ9tkl1x5DhbjqQbSGiSg9cYVWcrPu+1esUXB1Arwy+isYTN1ezE2rdhT/Z65c6T+/MQ5xlB1Gmv8ofzOFrpwirAP9qGlT6Lr5zY+QV4yUqm5znrfaOmHzkehiuub9SBs7hd+Y8+1Vk0EeUNybdDnqgEvCmXXZdnN1v83/s4w0KX7Vh/hQG/5yM9KWeEwy6ltSyfHyEVbDH/XdNMdlNBiZyULXdSlmMQyOFJASqwPP5P67u/an0NbFTQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=f2dVaVKe3J9tF3xlMCkRhZHrrJUoAiDGw61dXPVBj5Y=;
b=SA0ejoW8R1TAkH5hJu+KRjrweon9wH5O3i99lbJTpC9p5eMs1aGVPbDr/4TmIEq2PBrTD3/4buH1akRpnGFkENpCUaFtpzZEgOCt4AVMV2GJgqUfrEhVDlDMuYeo3Mb993U+OuR2kYyAgyhX+LlzYSk0WzV0r+Y9VQ50/xyQvbNf3oKZ9NVV1860tqixm6DXjrrQ/v3vNGyLAFFg5HZfdbcJiIR32y+vCcL2hgMbA/DCuKdQIx31OGj/WSwJT7ixAqhm1LZjITPLldhIchmyUMUdTln7GGMvkMTHHrURyb5Fe5aLOb3LefsfdryiMwrmCw8f5h0AJGPAI6nRnUMlyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
dkim=pass header.d=intel.com; arc=none
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=intel.com;
Received: from MWHPR11MB1629.namprd11.prod.outlook.com (2603:10b6:301:d::21)
by DM8PR11MB5605.namprd11.prod.outlook.com (2603:10b6:8:26::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.12; Wed, 14 Sep
2022 07:42:14 +0000
Received: from MWHPR11MB1629.namprd11.prod.outlook.com
([fe80::13c:8120:d994:16d2]) by MWHPR11MB1629.namprd11.prod.outlook.com
([fe80::13c:8120:d994:16d2%6]) with mapi id 15.20.5612.022; Wed, 14 Sep 2022
07:42:14 +0000
Date: Wed, 14 Sep 2022 08:42:07 +0100
From: Bruce Richardson <bruce.richardson@intel.com>
To: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
CC: Owen Hilyard <ohilyard@iol.unh.edu>, Stanislaw Kardach <kda@semihalf.com>,
Juraj =?utf-8?Q?Linke=C5=A1?= <juraj.linkes@pantheon.tech>,
"thomas@monjalon.net" <thomas@monjalon.net>, David Marchand
<david.marchand@redhat.com>, "ronan.randles@intel.com"
<ronan.randles@intel.com>, "Tu, Lijuan" <lijuan.tu@intel.com>, dev
<dev@dpdk.org>, nd <nd@arm.com>
Subject: Re: [PATCH v4 4/9] dts: add ssh pexpect library
Message-ID: <YyGFz9KBt/qFATul@bricha3-MOBL.ger.corp.intel.com>
References: <20220728100044.1318484-1-juraj.linkes@pantheon.tech>
<20220729105550.1382664-1-juraj.linkes@pantheon.tech>
<20220729105550.1382664-5-juraj.linkes@pantheon.tech>
<20220913144149.xbtomt2pzwywnodn@toster>
<CAHx6DYC1cBFSwFDO9L2ZWRde2j7a-ojW2dc1AMS64w_Q1w6tOg@mail.gmail.com>
<DBAPR08MB5814CC42212FDAEA066A34C398469@DBAPR08MB5814.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <DBAPR08MB5814CC42212FDAEA066A34C398469@DBAPR08MB5814.eurprd08.prod.outlook.com>
X-ClientProxiedBy: LO4P123CA0269.GBRP123.PROD.OUTLOOK.COM
(2603:10a6:600:194::22) To MWHPR11MB1629.namprd11.prod.outlook.com
(2603:10b6:301:d::21)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWHPR11MB1629:EE_|DM8PR11MB5605:EE_
X-MS-Office365-Filtering-Correlation-Id: 9e7b9e94-2e81-4ff5-fccb-08da9624a3dd
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6UGkOSEb1U3dXrBtr05Mx8X2tKT4o+xAz4PzMKHqD9+9/4kij6kXau4JaOJZaYH/X8QcfhcWZyis1Z2nmGBUVvTAR1JTI868LSgIJggEPzoIV5LBSfqBJ+QNyCjERb+7D/C1SG3/HEfUlw95HdZoyk0G84c8a/Nqo8ZPvODtVApYMBEn1SozKHqP7qufPeLKm9zy196mA7dRB5c/qGJM9a48Z0P39NHbHUmKorw1hZ/s0ZCBZKXjz3T5x5xOQ/0tdCsZrsX+JHE06DyZ4jMMELidIjRSdq1EeksCHKLT5gvqo1K+OblK4quxIbAc7s0/EJaBOeO4IJeDf8vyRzcaQfyOrXbT7ZIvGDFDI8wdiJzwd78ba6wH6lPldU0GB7a8EwTCFG0qs2RZxGlVotm+iOFa1OHqUw1bwfwhxjWAw4wbKKux7tFhWpKDGTVyIcKE5h/wkeT0UxxyTzMdUjeEuVWT65t9NaejlL5hbTsUYZ3oCxh6jginwscIS5xlMOUx5u8uLSbFwbXxqw4SckYnx6VCeQjTnSmw2AcxZe9+p7NszFB1iv4Essd9SmHro3ZcWRunMot+oTojYweVunrwP4NoRqE8aO3Vk6NB0TS4ODK3Sung303iuvo0k9eO0bKXlwSpp7CrL5JZUL0tZvLBRmA0MKtpMkiBv+y14DaR2kbI/oSJXzMxA4PL6/KkKQLFHdsfrd2kNAbbnjf/oLWUbQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:MWHPR11MB1629.namprd11.prod.outlook.com; PTR:; CAT:NONE;
SFS:(13230022)(136003)(366004)(39860400002)(396003)(346002)(376002)(451199015)(6512007)(186003)(6486002)(26005)(83380400001)(6666004)(8936002)(6506007)(41300700001)(86362001)(478600001)(82960400001)(8676002)(2906002)(5660300002)(66946007)(38100700002)(54906003)(44832011)(316002)(66556008)(6916009)(4326008)(66476007);
DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RWtiS2VPSEd2ZjFqSjVhTDkrVGNRbGVKcU9OMkVEbGJXWXlJR21XZEFZT3VH?=
=?utf-8?B?UHNjVGhhL2Fjakw3T05HTjNCVjM1OFpsNlVnMWtMMHpJV3JoVjdEMEJseGp2?=
=?utf-8?B?dmlRcmxmYlp3T2tTMjVhUXc3SmpHamFYL29nVGgwcFcwN0hWSkVyLy9jOGp2?=
=?utf-8?B?WGR5NnU3U2N1RC9xbndVWDROcS9ud3huUEtNQWtsYkxWa3pPeklua0VUaDVh?=
=?utf-8?B?SWJvK1p0RE5ISkZWY2xKSFNnaXU3Qno4aUpPNnhhcjZ4VUcxd3VDa1M1ZkhR?=
=?utf-8?B?UWl0cmZjdnlLWkhCd3NIQTZhMzM5cDlSSWUzOTVlZWhwd0ZMeWw4aDZQL0VD?=
=?utf-8?B?WVpYenRoSjFnaHkrUWNNdnR2MzNBNVNoRTl2dTVlY0syU3BITUFQTWVCR1du?=
=?utf-8?B?S1ZTZy9vdVF3YXF3Q2dVZEN0V3pXaTBOK1NpUFNTdlZsSkx5ZEVVM1lBaFh0?=
=?utf-8?B?ZEhQYWRubE5JREZmK0hlbzRxM0ptelNNZitLaXBxTjR5NTg5SSswOUJpeThi?=
=?utf-8?B?c1Bqa2FYMG5lczNueVlhOGFxS01MV1lYTXRpcEJtREpzRml1bys0dE1PRmVO?=
=?utf-8?B?dWh5TGQ4NHFxelZIQzNFMFZDQTVJMDUrM1lxVFVWN2N4blpwd2NWcUFvbmhZ?=
=?utf-8?B?N0U3Z0xXajVCTnVySXBOenRDbHBVQm5uWDNHZ2ZNTnY2cE1rZnlYZ2UvMy9B?=
=?utf-8?B?Yk9GMFBuUG40V3dtY3FuV1RBbzJQbUNmS2lodGo3OGlodktEeit0VEpYbDla?=
=?utf-8?B?aUJFVmk0S2xGNXJmR05ubXB2UEFzL09wMDhzR2t1czkyS2dFaURzU3dPTmts?=
=?utf-8?B?RXBSRHg0cGZjUStiQndYb0RxakozbDNaU2ZaK3JCdWdVZS9tY0l0ZGFSZmI5?=
=?utf-8?B?K014TlpaSXhOUFpYamM0MmRkaVlLV2FrK3NsRHJTdUFncjFleDNBbTJhbEgz?=
=?utf-8?B?Q0VLRmRVaWZyVlJGT2pGdHMxWThmRnpjeDhIMTdjblMxcWw1V2lYQVdWNUEv?=
=?utf-8?B?Y2tEMVErbXprVVROMFNJeitRSTZyS2c4TU1TYlB5OVV5NlZ6WXc5NUxmYzN2?=
=?utf-8?B?T3pIMFlCTWczd0hxZENUellEOHhGWTUvUVM3R3k2cVFydGFFdm1MczJWY1VM?=
=?utf-8?B?aHJVUm15cCtSNTRnSXZINlVFRXlpOE5CTlRpWmtmZC90UmV4TVlaNUNiWWtk?=
=?utf-8?B?RUlvclJPUnl3Q1lMNEpyOG4xMTdkQmM2SFZhdk0rMlZwQkd0SkpINW4vZitY?=
=?utf-8?B?aDFpLzkxaXFCRDJ0dnBsRFhOSjJmdmFxTGxxcFV6NldXRUhLUmtudlo2OGNY?=
=?utf-8?B?L2h3d2ROQk1pZkV3T1RMejdiVm1FcFJhM0t5RG01Rmx3d2UwV1BxL1h0clVa?=
=?utf-8?B?aGhWZFYzY3l4SjVhTmk2Z0k1aWFxaFdvNjV6bGJrWkI2VG1JSVNQdTQvZVhB?=
=?utf-8?B?SDJIRWM3Rk5xTEZYclh3bis1OTZCVzhYcWRxenNlUmRMblkxRkxnYzc1OXRn?=
=?utf-8?B?WURFTTBYMW8yZTVRYzJlL013VHpEZnF0VkJRSFNkSWRXajBkTG4ycFJDRVRW?=
=?utf-8?B?QnRPU0toNVdBNzlRNmJocldYOEFRaGNRaGZhWjhjUDRVTmU3Tll3cEF0TE85?=
=?utf-8?B?RXl3Um1KVWw2TThsalpqdDNvUCtvZ1hrVjBmV0pxWGlHSEhrMTJVdERKSzRF?=
=?utf-8?B?NXB2azlUWUp0RmhLYTFBdUdRMmdTYnFHRW5qOUxLdjN0RTRuUmpQSjd2b1By?=
=?utf-8?B?a0FNTkJsOVI0RHUrUnhmREVUN1JJS2Vxc3NKV2g3L2ZMTDF0WklDU3YvcTl3?=
=?utf-8?B?SXZFUmEvZWZRd1NXVStXaDd0Z2hydE5HSUFoOXJsM21aWUNmMEdIN0pDREd1?=
=?utf-8?B?SGZ3WEJrY0RsanhBd3k2UnZ3bU9TbUNwOG9VaUFIeExndE5xRFpMdlBFek9E?=
=?utf-8?B?M2pyTXNlUDM3YWo1WHNmRDNkZWx2NGZmOXArYWZQNk9FOFQxOFRuc0wwSDRr?=
=?utf-8?B?anNaMmNoKzZ5VlVIRk5DSlU5SVVSdlRrWUxIbDE3VmY1cGFoV0t2a0U2bDJO?=
=?utf-8?B?ZW9VOHBwQm9HcTJLTU9iZWNuODZySlk3dlVNTHNBZVk4clRvblU0Mll6NnJQ?=
=?utf-8?B?eTh3dklTRENEalA3cUlWRENLQ3VXY0krSy80K25ZeElLYnZqY0trc0d2VlJC?=
=?utf-8?B?UWc9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e7b9e94-2e81-4ff5-fccb-08da9624a3dd
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1629.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2022 07:42:14.0913 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2PxFY8QKQsyqlx+E4+VrGwxevJ5v7ZF7tdjkrgdvypZA6iqOAWENqLvIsFhlSxgm4bnvtJPoEff/xsQfzRxk8e9Nw5OnETakWBtc+kK0r0E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR11MB5605
X-OriginatorOrg: intel.com
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
On Wed, Sep 14, 2022 at 12:03:34AM +0000, Honnappa Nagarahalli wrote:
> <snip>
>
>
> On Fri, Jul 29, 2022 at 10:55:45AM +0000, Juraj Linkeš wrote:
> <snip>
> > + self.session = pxssh.pxssh(encoding="utf-8")
> > + self.session.login(
> > + self.node,
> > + self.username,
> > + self.password,
> > + original_prompt="[$#>]",
> > +
> password_regex=r"(?i)(?:password:)|(?:passphrase for
> key)|(?i)(password for .+:)",
> > + )
> > + [1]self.logger.info(f"Connection to {self.node}
> succeeded")
> > + self.send_expect("stty -echo", "#")
> > + self.send_expect("stty columns 1000", "#")
> First of all, thanks for those changes! Having DTS inside DPDK makes
> test synchronization a lot easier. I'm happy to say (unsurprisingly)
> that it works with my RISC-V HiFive Unmatched board like a charm.
>
>
> Though there is a small issue with the lines above. They assume "#"
> as
> the prompt sign, even though original_prompt was set to "[$#>]".
> This
> touches on two problems:
> 1. # is usually a root prompt - is DTS assumed to be run with root
> privileges? DPDK may (in theory) run without them with some
> permission
> adjustment (hugetlb, VFIO container, etc.). If we assume DTS
> needs
> root access, this has to be both documented and validated before
> running the whole suite. Otherwise it'll be hard to debug.
>
>
> Around a year ago there were some attempts to get DTS to not require
> root. This ended up running into issues because DTS sets up drivers for
> you, which requires root as far as I know, as well as setting up
> hugepages, which I think also requires root. The current version of DTS
> can probably run without root, but it will probably stop working as
> soon as DTS starts interacting with PCI devices. Elevating privileges
> using pkexec or sudo is less portable and would require supporting a
> lot more forms of authentication (kerberos/ldap for enterprise
> deployments, passwords, 2fa, etc). It is much easier to say that the
> default SSH agent must provide root access to the SUT and Traffic
> Generator either with a password or pre-configured passwordless
> authentication (ssh keys, kerberos, etc).
>
> [Honnappa] One of the feedback we collected asks to deprecate the use
> of clear text passwords in config files and root user. It suggests to
> use keys and sudo. It is a ‘Must Have’ item.
>
>
> I agree it should be documented. I honestly didn't consider that anyone
> would try running DTS as a non-root user.
>
> [Honnappa] +1 for supporting root users for now and documenting.
>
>
> 2. Different shells use different prompts on different distros.
> Hence
> perhaps there should be a regex here (same as with
> original_prompt)
> and there could be a conf.yaml option to modify it on a per-host
> basis?
>
>
> As far as customizing the prompts, I think that is doable via a
> configuration option.
> As far as different shells, I don't think we were planning to support
> anything besides either bash or posix-compatible shells. At the moment
> all of the community lab systems use bash, and for ease of test
> development it will be easier to mandate that everyone uses one shell.
> Otherwise DTS CI will need to run once for each shell to catch issues,
> which in my opinion are resources better spent on more in-depth testing
> of DTS and DPDK.
>
> [Honnappa] +1 for using just bash, we can document this as well.
>
I would agree overall. Just supporting one shell is fine - certainly for
now. Also completely agree that we need to remove hard-coded passwords and
ideally non-root. However, I think for the initial versions the main thing
should be removing the passwords so I would be ok for keeping the "root"
login requirement, so long as we support using ssh keys for login rather
than hard-coded passwords.
/Bruce