[PATCH 00/11] Support running custom commands in VM

[PATCH 00/11] Support running custom commands in VM

[Uladzimir Bely]

VM run tests implementation in Isar testsuite allows only parsing
virtual machine boot logs, so the functionality is limited.

This patchset implements running custom commands on VM running in qemu
that allows to implement any custom tests.

The concept is the following:

For running custom tests SSH is used. So:

 - SSH server on machine should be configured, so `sshd-regen-keys`
package needs to be installed in the image.

 - Ethernet interface on machine should be automatically brought up
to make host-to-vm port forwarding working.

 - User in VM we use to connect via SSH should have public SSH key
in his `~/.ssh/` directory preinstalled.

 - Since base isar image don't have this included, custom image name
for vm run tests should be supported. This also allows to make reusing
Isar testsuite in downstream simpler.

Uladzimir Bely (11):
  testsuite: Fix failing hostname service in qemu guest
  testsuite: Allow custom image names in start_vm.py
  testsuite: Fix terminal broken after run test executed
  testsuite: Add SSH key pair for using in CI
  image-account-extension: Add copy-ci-key flag for user
  meta-isar: Fix PCI bus initialization in qemuarm machine
  testsuite: Use random free port for qemu SSH forwarding
  testsuite: Support running custom commands in VM
  meta-isar: Use a separate image recipe in CI
  isar-image-ci: Make ethernet inerface auto bring up in ubuntu-focal
  testsuite: Run custom commands on some qemu targets

 meta-isar/conf/machine/qemuarm.conf           |  2 +-
 .../recipes-core/images/isar-image-ci.bb      | 38 ++++++++++
 meta/classes/image-account-extension.bbclass  | 14 +++-
 testsuite/cibuilder.py                        | 69 ++++++++++++++++--
 testsuite/citest.py                           | 72 +++++++++++++++----
 testsuite/keys/ssh/id_rsa                     | 38 ++++++++++
 testsuite/keys/ssh/id_rsa.pub                 |  1 +
 testsuite/start_vm.py                         | 31 ++++----
 8 files changed, 230 insertions(+), 35 deletions(-)
 create mode 100644 meta-isar/recipes-core/images/isar-image-ci.bb
 create mode 100644 testsuite/keys/ssh/id_rsa
 create mode 100644 testsuite/keys/ssh/id_rsa.pub

-- 
2.20.1

[PATCH 01/11] testsuite: Fix failing hostname service in qemu guest

[Uladzimir Bely]

Hostname service in qemu may fail due to namespace issues. It happens
only when qemu subprocess run with `shell=False` (default).

```
systemctl status systemd-hostnamed.service
...
Failed to set up mount namespacing: /run/systemd/unit-root/dev:
     Read-only file system
Failed at step NAMESPACE spawning /lib/systemd/systemd-hostnamed:
    Read-only file system
Main process exited, code=exited, status=226/NAMESPACE
...
```
The issue was caught in a downstream, not Isar image itself.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/cibuilder.py | 5 +++--
 testsuite/start_vm.py  | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 2e4702ac..6a3cf052 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -253,8 +253,9 @@ class CIBuilder(Test):
 
         timeout = time.time() + int(time_to_wait)
 
-        p1 = subprocess.Popen(cmdline, stdout=subprocess.PIPE,
-                              stderr=subprocess.PIPE, universal_newlines=True)
+        p1 = subprocess.Popen('exec ' + ' '.join(cmdline), shell=True,
+                              stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                              universal_newlines=True)
         try:
             poller = select.poll()
             poller.register(p1.stdout, select.POLLIN)
diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
index 593e2607..82fe489e 100755
--- a/testsuite/start_vm.py
+++ b/testsuite/start_vm.py
@@ -92,7 +92,7 @@ def start_qemu(arch, build, distro, out, pid, enforce_pcbios):
     cmdline.insert(1, '-nographic')
 
     print(cmdline)
-    p1 = subprocess.call(cmdline)
+    p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True)
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
-- 
2.20.1

[PATCH 02/11] testsuite: Allow custom image names in start_vm.py

[Uladzimir Bely]

This removes hardcoded `isar-image-base` image name used in
`testsuite/start_vm.py`.

Now, user can pass custom value with `-i` or `--image` option
(e.g. `isar-image-debug` or any other value used in their downstream.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/cibuilder.py |  6 +++---
 testsuite/citest.py    |  2 +-
 testsuite/start_vm.py  | 21 +++++++++++----------
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 6a3cf052..9139cd7b 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -201,7 +201,7 @@ class CIBuilder(Test):
 
         return env['LAYERDIR_' + layer].strip('"')
 
-    def vm_start(self, arch='amd64', distro='buster', enforce_pcbios=False):
+    def vm_start(self, arch='amd64', distro='buster', image='isar-image-base', enforce_pcbios=False):
         time_to_wait = self.params.get('time_to_wait', default=60)
 
         self.log.info('===================================================')
@@ -224,7 +224,7 @@ class CIBuilder(Test):
             os.unlink(latest_link)
         os.symlink(os.path.basename(output_file), latest_link)
 
-        cmdline = start_vm.format_qemu_cmdline(arch, self.build_dir, distro,
+        cmdline = start_vm.format_qemu_cmdline(arch, self.build_dir, distro, image,
                                                output_file, None, enforce_pcbios)
         cmdline.insert(1, '-nographic')
 
@@ -235,7 +235,7 @@ class CIBuilder(Test):
         module_output = b'Just an example'
         resize_output = None
 
-        bb_output = start_vm.get_bitbake_env(arch, distro).decode()
+        bb_output = start_vm.get_bitbake_env(arch, distro, image).decode()
         image_fstypes = start_vm.get_bitbake_var(bb_output, 'IMAGE_FSTYPES')
         wks_file = start_vm.get_bitbake_var(bb_output, 'WKS_FILE')
         # only the first type will be tested in start_vm.py
diff --git a/testsuite/citest.py b/testsuite/citest.py
index 7aa1e6b5..08a2a00e 100755
--- a/testsuite/citest.py
+++ b/testsuite/citest.py
@@ -351,7 +351,7 @@ class VmBootTestFull(CIBaseTest):
         # test efi boot
         self.vm_start('amd64','buster')
         # test pcbios boot
-        self.vm_start('amd64', 'buster', True)
+        self.vm_start('amd64', 'buster', enforce_pcbios=True)
 
     def test_amd64_focal(self):
         self.init()
diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
index 82fe489e..d6c47dcd 100755
--- a/testsuite/start_vm.py
+++ b/testsuite/start_vm.py
@@ -9,8 +9,8 @@ import subprocess
 import sys
 import time
 
-def get_bitbake_env(arch, distro):
-    multiconfig = 'mc:qemu' + arch + '-' + distro + ':isar-image-base'
+def get_bitbake_env(arch, distro, image):
+    multiconfig = 'mc:qemu' + arch + '-' + distro + ':' + image
     output = subprocess.check_output(['bitbake', '-e', str(multiconfig)])
     return output
 
@@ -21,18 +21,19 @@ def get_bitbake_var(output, var):
             ret = line.split('"')[1]
     return ret
 
-def format_qemu_cmdline(arch, build, distro, out, pid, enforce_pcbios=False):
-    bb_output = get_bitbake_env(arch, distro).decode()
+def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=False):
+    bb_output = get_bitbake_env(arch, distro, image).decode()
 
-    rootfs_image = ''
     extra_args = ''
     cpu = ['']
 
     image_type = get_bitbake_var(bb_output, 'IMAGE_FSTYPES').split()[0]
     deploy_dir_image = get_bitbake_var(bb_output, 'DEPLOY_DIR_IMAGE')
     base = 'ubuntu' if distro in ['focal', 'bionic'] else 'debian'
+
+    rootfs_image = image + '-' + base + '-' + distro + '-qemu' + arch + '.' + image_type
+
     if image_type == 'ext4':
-        rootfs_image = 'isar-image-base-' + base + '-' + distro + '-qemu' + arch + '.ext4'
         kernel_image = deploy_dir_image + '/' + get_bitbake_var(bb_output, 'KERNEL_IMAGE')
         initrd_image = get_bitbake_var(bb_output, 'INITRD_IMAGE')
 
@@ -48,7 +49,6 @@ def format_qemu_cmdline(arch, build, distro, out, pid, enforce_pcbios=False):
         extra_args = ['-kernel', kernel_image, '-initrd', initrd_image]
         extra_args.extend(kargs)
     elif image_type == 'wic':
-        rootfs_image = 'isar-image-base-' + base + '-' + distro + '-qemu' + arch + '.wic'
         extra_args = ['-snapshot']
     else:
         raise ValueError('Invalid image type: ' + str(image_type))
@@ -87,8 +87,8 @@ def format_qemu_cmdline(arch, build, distro, out, pid, enforce_pcbios=False):
 
     return cmd
 
-def start_qemu(arch, build, distro, out, pid, enforce_pcbios):
-    cmdline = format_qemu_cmdline(arch, build, distro, out, pid, enforce_pcbios)
+def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios):
+    cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios)
     cmdline.insert(1, '-nographic')
 
     print(cmdline)
@@ -99,9 +99,10 @@ if __name__ == "__main__":
     parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm')
     parser.add_argument('-b', '--build', help='set path to build directory.', default=os.getcwd())
     parser.add_argument('-d', '--distro', choices=['buster', 'bullseye', 'bookworm'], help='set isar Debian distribution.', default='bookworm')
+    parser.add_argument('-i', '--image', help='set image name.', default='isar-image-base')
     parser.add_argument('-o', '--out', help='Route QEMU console output to specified file.')
     parser.add_argument('-p', '--pid', help='Store QEMU pid to specified file.')
     parser.add_argument('--pcbios', action="store_true", help='remove any bios options to enforce use of pc bios')
     args = parser.parse_args()
 
-    start_qemu(args.arch, args.build, args.distro, args.out, args.pid, args.pcbios)
+    start_qemu(args.arch, args.build, args.distro, args.image, args.out, args.pid, args.pcbios)
-- 
2.20.1

Re: [PATCH 02/11] testsuite: Allow custom image names in start_vm.py

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:33 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> This removes hardcoded `isar-image-base` image name used in
> `testsuite/start_vm.py`.
> 
> Now, user can pass custom value with `-i` or `--image` option
> (e.g. `isar-image-debug` or any other value used in their downstream.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  testsuite/cibuilder.py |  6 +++---
>  testsuite/citest.py    |  2 +-
>  testsuite/start_vm.py  | 21 +++++++++++----------
>  3 files changed, 15 insertions(+), 14 deletions(-)
> 
> diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
> index 6a3cf052..9139cd7b 100755
> --- a/testsuite/cibuilder.py
> +++ b/testsuite/cibuilder.py
> @@ -201,7 +201,7 @@ class CIBuilder(Test):
>  
>          return env['LAYERDIR_' + layer].strip('"')
>  
> -    def vm_start(self, arch='amd64', distro='buster',
> enforce_pcbios=False):
> +    def vm_start(self, arch='amd64', distro='buster',
> image='isar-image-base', enforce_pcbios=False): time_to_wait =
> self.params.get('time_to_wait', default=60) 
>          self.log.info('===================================================')
> @@ -224,7 +224,7 @@ class CIBuilder(Test):
>              os.unlink(latest_link)
>          os.symlink(os.path.basename(output_file), latest_link)
>  
> -        cmdline = start_vm.format_qemu_cmdline(arch, self.build_dir,
> distro,
> +        cmdline = start_vm.format_qemu_cmdline(arch, self.build_dir,
> distro, image, output_file, None, enforce_pcbios)
>          cmdline.insert(1, '-nographic')
>  
> @@ -235,7 +235,7 @@ class CIBuilder(Test):
>          module_output = b'Just an example'
>          resize_output = None
>  
> -        bb_output = start_vm.get_bitbake_env(arch, distro).decode()
> +        bb_output = start_vm.get_bitbake_env(arch, distro,
> image).decode() image_fstypes = start_vm.get_bitbake_var(bb_output,
> 'IMAGE_FSTYPES') wks_file = start_vm.get_bitbake_var(bb_output,
> 'WKS_FILE') # only the first type will be tested in start_vm.py
> diff --git a/testsuite/citest.py b/testsuite/citest.py
> index 7aa1e6b5..08a2a00e 100755
> --- a/testsuite/citest.py
> +++ b/testsuite/citest.py
> @@ -351,7 +351,7 @@ class VmBootTestFull(CIBaseTest):
>          # test efi boot
>          self.vm_start('amd64','buster')
>          # test pcbios boot
> -        self.vm_start('amd64', 'buster', True)
> +        self.vm_start('amd64', 'buster', enforce_pcbios=True)

i would move that to "all names", not a mix of names and positional

Henning

>      def test_amd64_focal(self):
>          self.init()
> diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
> index 82fe489e..d6c47dcd 100755
> --- a/testsuite/start_vm.py
> +++ b/testsuite/start_vm.py
> @@ -9,8 +9,8 @@ import subprocess
>  import sys
>  import time
>  
> -def get_bitbake_env(arch, distro):
> -    multiconfig = 'mc:qemu' + arch + '-' + distro +
> ':isar-image-base' +def get_bitbake_env(arch, distro, image):
> +    multiconfig = 'mc:qemu' + arch + '-' + distro + ':' + image
>      output = subprocess.check_output(['bitbake', '-e',
> str(multiconfig)]) return output
>  
> @@ -21,18 +21,19 @@ def get_bitbake_var(output, var):
>              ret = line.split('"')[1]
>      return ret
>  
> -def format_qemu_cmdline(arch, build, distro, out, pid,
> enforce_pcbios=False):
> -    bb_output = get_bitbake_env(arch, distro).decode()
> +def format_qemu_cmdline(arch, build, distro, image, out, pid,
> enforce_pcbios=False):
> +    bb_output = get_bitbake_env(arch, distro, image).decode()
>  
> -    rootfs_image = ''
>      extra_args = ''
>      cpu = ['']
>  
>      image_type = get_bitbake_var(bb_output,
> 'IMAGE_FSTYPES').split()[0] deploy_dir_image =
> get_bitbake_var(bb_output, 'DEPLOY_DIR_IMAGE') base = 'ubuntu' if
> distro in ['focal', 'bionic'] else 'debian' +
> +    rootfs_image = image + '-' + base + '-' + distro + '-qemu' +
> arch + '.' + image_type +
>      if image_type == 'ext4':
> -        rootfs_image = 'isar-image-base-' + base + '-' + distro +
> '-qemu' + arch + '.ext4' kernel_image = deploy_dir_image + '/' +
> get_bitbake_var(bb_output, 'KERNEL_IMAGE') initrd_image =
> get_bitbake_var(bb_output, 'INITRD_IMAGE') 
> @@ -48,7 +49,6 @@ def format_qemu_cmdline(arch, build, distro, out,
> pid, enforce_pcbios=False): extra_args = ['-kernel', kernel_image,
> '-initrd', initrd_image] extra_args.extend(kargs)
>      elif image_type == 'wic':
> -        rootfs_image = 'isar-image-base-' + base + '-' + distro +
> '-qemu' + arch + '.wic' extra_args = ['-snapshot']
>      else:
>          raise ValueError('Invalid image type: ' + str(image_type))
> @@ -87,8 +87,8 @@ def format_qemu_cmdline(arch, build, distro, out,
> pid, enforce_pcbios=False): 
>      return cmd
>  
> -def start_qemu(arch, build, distro, out, pid, enforce_pcbios):
> -    cmdline = format_qemu_cmdline(arch, build, distro, out, pid,
> enforce_pcbios) +def start_qemu(arch, build, distro, image, out, pid,
> enforce_pcbios):
> +    cmdline = format_qemu_cmdline(arch, build, distro, image, out,
> pid, enforce_pcbios) cmdline.insert(1, '-nographic')
>  
>      print(cmdline)
> @@ -99,9 +99,10 @@ if __name__ == "__main__":
>      parser.add_argument('-a', '--arch', choices=['arm', 'arm64',
> 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.',
> default='arm') parser.add_argument('-b', '--build', help='set path to
> build directory.', default=os.getcwd()) parser.add_argument('-d',
> '--distro', choices=['buster', 'bullseye', 'bookworm'], help='set
> isar Debian distribution.', default='bookworm')
> +    parser.add_argument('-i', '--image', help='set image name.',
> default='isar-image-base') parser.add_argument('-o', '--out',
> help='Route QEMU console output to specified file.')
> parser.add_argument('-p', '--pid', help='Store QEMU pid to specified
> file.') parser.add_argument('--pcbios', action="store_true",
> help='remove any bios options to enforce use of pc bios') args =
> parser.parse_args() 
> -    start_qemu(args.arch, args.build, args.distro, args.out,
> args.pid, args.pcbios)
> +    start_qemu(args.arch, args.build, args.distro, args.image,
> args.out, args.pid, args.pcbios)

[PATCH 03/11] testsuite: Fix terminal broken after run test executed

[Uladzimir Bely]

If some of run tests executed from interactive terminal by hand,
user input goes broken after VM powered off. Commands user enters
become invisible and terminal can be fixed only by executing
either 'reset' or 'stty echo' commands.

Fix this by specifying 'stdin' value for qemu subprocess.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/cibuilder.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 9139cd7b..9e9cc8a3 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -254,7 +254,7 @@ class CIBuilder(Test):
         timeout = time.time() + int(time_to_wait)
 
         p1 = subprocess.Popen('exec ' + ' '.join(cmdline), shell=True,
-                              stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                              stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                               universal_newlines=True)
         try:
             poller = select.poll()
-- 
2.20.1

[PATCH 04/11] testsuite: Add SSH key pair for using in CI

[Uladzimir Bely]

These SSH keys are generated with empty passphrase and supposed
to be used for non-interactive SSH access to qemu machines
testsuite runs.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/keys/ssh/id_rsa     | 38 +++++++++++++++++++++++++++++++++++
 testsuite/keys/ssh/id_rsa.pub |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 testsuite/keys/ssh/id_rsa
 create mode 100644 testsuite/keys/ssh/id_rsa.pub

diff --git a/testsuite/keys/ssh/id_rsa b/testsuite/keys/ssh/id_rsa
new file mode 100644
index 00000000..7556b63b
--- /dev/null
+++ b/testsuite/keys/ssh/id_rsa
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAyM3aszWLWO/0Ztqi+VNusHpsUbffmUk17BoKmIqv51dK4TyNjkpq
+XyvjvOv98lXMzEfqnwAH3oL0H1ZCaS0qnVuqQ6bcL3NXe3beh2H6aMBbvwlY+rwXlcFuxH
+wGby3U8asH6dx+ZTu0skOaJKRNgCAOPGM3CVft2YPJWoaxBLtLsp/t2xcncL2hhgCtDa0y
+TVTQn/3vW/napXpjvNNtZdoDNBpto6lXCDYUREj0e3q3AD4svJIn9yLoJ6q8kMZL+ry+Cd
+FKLrwsEEj+J8dsATbAlVV0a5tV1aGvMwd4vQBDPtTyMTQel8/LGLC96pw1K7nH4c/kVyyO
+80O2eVpp95lFqb/mlE/lUM/KRPOGkmsG5gcMKEwAfmVEK5ZuIS3zt5Jp0AWWOi77qhL09e
+OhveLFXfb2Q+57VYXQvrqdgOasm1fNPQjscNDK+a3CssYnLz+mb3Fc7lYk5NTqCTvms+UP
+Yn9iYegiV3anxM5BximXoYdRIsvb8Pudtpo+9+FDAAAFkL99Ho+/fR6PAAAAB3NzaC1yc2
+EAAAGBAMjN2rM1i1jv9GbaovlTbrB6bFG335lJNewaCpiKr+dXSuE8jY5Kal8r47zr/fJV
+zMxH6p8AB96C9B9WQmktKp1bqkOm3C9zV3t23odh+mjAW78JWPq8F5XBbsR8Bm8t1PGrB+
+ncfmU7tLJDmiSkTYAgDjxjNwlX7dmDyVqGsQS7S7Kf7dsXJ3C9oYYArQ2tMk1U0J/971v5
+2qV6Y7zTbWXaAzQabaOpVwg2FERI9Ht6twA+LLySJ/ci6CeqvJDGS/q8vgnRSi68LBBI/i
+fHbAE2wJVVdGubVdWhrzMHeL0AQz7U8jE0HpfPyxiwveqcNSu5x+HP5FcsjvNDtnlaafeZ
+Ram/5pRP5VDPykTzhpJrBuYHDChMAH5lRCuWbiEt87eSadAFljou+6oS9PXjob3ixV329k
+Pue1WF0L66nYDmrJtXzT0I7HDQyvmtwrLGJy8/pm9xXO5WJOTU6gk75rPlD2J/YmHoIld2
+p8TOQcYpl6GHUSLL2/D7nbaaPvfhQwAAAAMBAAEAAAGBALQibsmLBAlxoLbP9Zlirg5klF
+0ubMiOs2+s4Mp8x1XpqgOqFXaK7SeZMMBel73YGFM9RI0EMwr6QNMHx6WgXfUxsOjle+qZ
+NuZL+U5Lp55mySbz1L2BFEtEbgCXHhKIc9mjywKQyVY5HF06ZcHvHpMMrpifjFS2a2lQXs
+X1xEDxX/PKok6DU99ATfDvFE8Liu9yYYDVBO9mkS0XQPe4VxAiZfNMrgQ+OhPkp4OmSqOm
+rxnprKoxFucNimNjN6tMJm2WLNTtFydVcZIjjpGirPSntlJUT2jVB+CzpJlIj+5yhMOsga
+Ej6brkBB1384Y7gEhKhcgvejhaVHPR9Q3RVykOclKh8SWr44k9uRrOW4vxkMmIYh/13EvO
+SXac4V1p19ebmU5BShMK4OfIJZoouVxmlgw5CfXdSmeWFDl4y9CjSbwMrFQmTc2nsDZC8n
+SE3AyO8UUHGPCYxvsg28sZFLx/rn7E6Iq3l7qAeafFiJ5fBWzQKWDER0uNTkH4uZ9iUQAA
+AMBSBqUDUhJGJ/yFDiBYfOAqBahU4iPAVSl/OuNcxB3yvEe0zER2ycVonFfTINSRBYaw89
+jF78xu7EaXnKbo5JJS5ZIdpT7f5yPVvETduqMZ1D1iqtjc8IlnwRIKc5h37Sk0m8E5PlQR
+hwVsX9NO7GixI/lfqQjUzmG6pagoAW9Xsd9lN4YJ3Oy0QZhSg+a5rrKtMNJlS6XpxKjiEL
+CqQHPy/9vw3fv4vOyGZ4iz1aBMfivBQS0V1CazUOgLwg1+oIEAAADBAPxY7KCJYXwe3+Hh
+q2AOVtB69nCQqwUrl7PINluH5Xp0vMzHepRpwbpuxnsotJq0CMsJXeiQ6FYTIfxHO4Da/5
+seFbmHeK9paNcWZCRJJK4Tjyf3NBaF+GEgMapiVxlaH2m0VkF4I1RzQi83A239bTtoORvl
+mID7odK0Z3NCV1IOPVri/qLoDi+cmVbdRobcIVPQmgSiK+ajBCypGM6XxyjFNqm5XoDPnY
+cVj7EkGc/MdLz2Aho4B7f5vfPQcsKxGwAAAMEAy7Xvm89N+ZxHcO4Air9Ej37hWRw7qvtO
+nfPEWhYaEWmK3mb0DwIzLBKsaiqgKlq6FGnu5cWhL2W4VsS0jerh4jhHtoyrrRkzfIBOiZ
+d6dmsjRVXOywTTU8nv6emU79956vJMc8HchDdu+R6NGpN4FuzQdkW/vY+mlRdjMR8HgPXe
+ZqNoARglgY0aT0Ugt94otCO/nCXFNj/j5t06sob3gaowxBSD22HYWBwROevzEvprHIYHrH
+zR7bwCJ7gbhLr5AAAAFGJ1aWxkZXJAOGYwY2I2MzU5NDU0AQIDBAUG
+-----END OPENSSH PRIVATE KEY-----
diff --git a/testsuite/keys/ssh/id_rsa.pub b/testsuite/keys/ssh/id_rsa.pub
new file mode 100644
index 00000000..bde1bf98
--- /dev/null
+++ b/testsuite/keys/ssh/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIzdqzNYtY7/Rm2qL5U26wemxRt9+ZSTXsGgqYiq/nV0rhPI2OSmpfK+O86/3yVczMR+qfAAfegvQfVkJpLSqdW6pDptwvc1d7dt6HYfpowFu/CVj6vBeVwW7EfAZvLdTxqwfp3H5lO7SyQ5okpE2AIA48YzcJV+3Zg8lahrEEu0uyn+3bFydwvaGGAK0NrTJNVNCf/e9b+dqlemO8021l2gM0Gm2jqVcINhRESPR7ercAPiy8kif3IugnqryQxkv6vL4J0UouvCwQSP4nx2wBNsCVVXRrm1XVoa8zB3i9AEM+1PIxNB6Xz8sYsL3qnDUrucfhz+RXLI7zQ7Z5Wmn3mUWpv+aUT+VQz8pE84aSawbmBwwoTAB+ZUQrlm4hLfO3kmnQBZY6LvuqEvT146G94sVd9vZD7ntVhdC+up2A5qybV809COxw0Mr5rcKyxicvP6ZvcVzuViTk1OoJO+az5Q9if2Jh6CJXdqfEzkHGKZehh1Eiy9vw+522mj734UM= ci
-- 
2.20.1

[PATCH 05/11] image-account-extension: Add copy-ci-key flag for user

[Uladzimir Bely]

If the flag enabled, CI ssh public key is copied `authorized_keys`
in `$USER/.ssh/` directory.

This allows non-interactive SSH access to the machine with executing
custom commands on the guest VM.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 meta/classes/image-account-extension.bbclass | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass
index 70950a7b..c9b86250 100644
--- a/meta/classes/image-account-extension.bbclass
+++ b/meta/classes/image-account-extension.bbclass
@@ -17,7 +17,7 @@ USERS ??= ""
 #USER_root[home] = "/home/root"
 #USER_root[shell] = "/bin/sh"
 #USER_root[groups] = "audio video"
-#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change"
+#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change copy-ci-key"
 
 GROUPS ??= ""
 
@@ -263,5 +263,17 @@ image_postprocess_accounts() {
             sudo -E chroot '${ROOTFSDIR}' \
                 /usr/bin/passwd --expire "$name"
         fi
+
+        # Add CI ssh key for noninteractive login
+        if [ "${flags}" != "${flags%*,copy-ci-key,*}" ]; then
+            echo "Add CI ssh key for \"$name\""
+            sudo sh -c " \
+                mkdir -p ${ROOTFSDIR}/${home}/.ssh && \
+                cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub > ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \
+                chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh
+            "
+            sudo -E chroot '${ROOTFSDIR}' \
+                chown -R ${name}:${gid} ${home}/.ssh
+        fi
     done
 }
-- 
2.20.1

Re: [PATCH 05/11] image-account-extension: Add copy-ci-key flag for user

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:36 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> If the flag enabled, CI ssh public key is copied `authorized_keys`
> in `$USER/.ssh/` directory.
> 
> This allows non-interactive SSH access to the machine with executing
> custom commands on the guest VM.

I would suggest to make that a debian raw package, examples on how to
do that can be found in many public layers.

You could i.e. drop an authorized-keys file into /etc/ssh/ and using
postinst append/change the AuthorizedKeysFile line in the global ssh
config

That way we know which package owned that file and if we have a prerm
we can even remove everything with apt.

Henning

> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  meta/classes/image-account-extension.bbclass | 14 +++++++++++++-
>  1 file changed, 13 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/classes/image-account-extension.bbclass
> b/meta/classes/image-account-extension.bbclass index
> 70950a7b..c9b86250 100644 ---
> a/meta/classes/image-account-extension.bbclass +++
> b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@
> USERS ??= "" #USER_root[home] = "/home/root"
>  #USER_root[shell] = "/bin/sh"
>  #USER_root[groups] = "audio video"
> -#USER_root[flags] = "no-create-home create-home system
> allow-empty-password clear-text-password force-passwd-change"
> +#USER_root[flags] = "no-create-home create-home system
> allow-empty-password clear-text-password force-passwd-change
> copy-ci-key" GROUPS ??= "" 
> @@ -263,5 +263,17 @@ image_postprocess_accounts() {
>              sudo -E chroot '${ROOTFSDIR}' \
>                  /usr/bin/passwd --expire "$name"
>          fi
> +
> +        # Add CI ssh key for noninteractive login
> +        if [ "${flags}" != "${flags%*,copy-ci-key,*}" ]; then
> +            echo "Add CI ssh key for \"$name\""
> +            sudo sh -c " \
> +                mkdir -p ${ROOTFSDIR}/${home}/.ssh && \
> +                cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub >
> ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \
> +                chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh
> +            "
> +            sudo -E chroot '${ROOTFSDIR}' \
> +                chown -R ${name}:${gid} ${home}/.ssh
> +        fi



>      done
>  }

Re: [PATCH 05/11] image-account-extension: Add copy-ci-key flag for user

[Henning Schild]

Am Tue, 24 Jan 2023 08:09:24 +0100
schrieb Henning Schild <henning.schild@siemens.com>:

> Am Fri, 13 Jan 2023 08:19:36 +0100
> schrieb Uladzimir Bely <ubely@ilbers.de>:
> 
> > If the flag enabled, CI ssh public key is copied `authorized_keys`
> > in `$USER/.ssh/` directory.
> > 
> > This allows non-interactive SSH access to the machine with executing
> > custom commands on the guest VM.  
> 
> I would suggest to make that a debian raw package, examples on how to
> do that can be found in many public layers.
> 
> You could i.e. drop an authorized-keys file into /etc/ssh/ and using
> postinst append/change the AuthorizedKeysFile line in the global ssh
> config

Create the user ci like we create the user isar in example-raw, and
drop that file into HOME/.ssh/, maybe depend on sudo and make sure that
user can run any command without password.
We could also use a trivial password and not have a key at all.

And when it is a package we can depend on regen-keys.

Henning

> That way we know which package owned that file and if we have a prerm
> we can even remove everything with apt.
> 
> Henning
> 
> > Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> > ---
> >  meta/classes/image-account-extension.bbclass | 14 +++++++++++++-
> >  1 file changed, 13 insertions(+), 1 deletion(-)
> > 
> > diff --git a/meta/classes/image-account-extension.bbclass
> > b/meta/classes/image-account-extension.bbclass index
> > 70950a7b..c9b86250 100644 ---
> > a/meta/classes/image-account-extension.bbclass +++
> > b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@
> > USERS ??= "" #USER_root[home] = "/home/root"
> >  #USER_root[shell] = "/bin/sh"
> >  #USER_root[groups] = "audio video"
> > -#USER_root[flags] = "no-create-home create-home system
> > allow-empty-password clear-text-password force-passwd-change"
> > +#USER_root[flags] = "no-create-home create-home system
> > allow-empty-password clear-text-password force-passwd-change
> > copy-ci-key" GROUPS ??= "" 
> > @@ -263,5 +263,17 @@ image_postprocess_accounts() {
> >              sudo -E chroot '${ROOTFSDIR}' \
> >                  /usr/bin/passwd --expire "$name"
> >          fi
> > +
> > +        # Add CI ssh key for noninteractive login
> > +        if [ "${flags}" != "${flags%*,copy-ci-key,*}" ]; then
> > +            echo "Add CI ssh key for \"$name\""
> > +            sudo sh -c " \
> > +                mkdir -p ${ROOTFSDIR}/${home}/.ssh && \
> > +                cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub >
> > ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \
> > +                chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh
> > +            "
> > +            sudo -E chroot '${ROOTFSDIR}' \
> > +                chown -R ${name}:${gid} ${home}/.ssh
> > +        fi  
> 
> 
> 
> >      done
> >  }  
> 

Re: [PATCH 05/11] image-account-extension: Add copy-ci-key flag for user

[Uladzimir Bely]

In mail from вторник, 24 января 2023 г. 10:18:28 +03 user Henning Schild 
wrote:
> Am Tue, 24 Jan 2023 08:09:24 +0100
> 
> schrieb Henning Schild <henning.schild@siemens.com>:
> > Am Fri, 13 Jan 2023 08:19:36 +0100
> > 
> > schrieb Uladzimir Bely <ubely@ilbers.de>:
> > > If the flag enabled, CI ssh public key is copied `authorized_keys`
> > > in `$USER/.ssh/` directory.
> > > 
> > > This allows non-interactive SSH access to the machine with executing
> > > custom commands on the guest VM.
> > 
> > I would suggest to make that a debian raw package, examples on how to
> > do that can be found in many public layers.
> > 
> > You could i.e. drop an authorized-keys file into /etc/ssh/ and using
> > postinst append/change the AuthorizedKeysFile line in the global ssh
> > config
> 
> Create the user ci like we create the user isar in example-raw, and
> drop that file into HOME/.ssh/, maybe depend on sudo and make sure that
> user can run any command without password.
> We could also use a trivial password and not have a key at all.
> 
> And when it is a package we can depend on regen-keys.
> 
> Henning
> 

Yes, it sounds reasonable. I't should be easier to manage everything in one 
recipe, instead of specific image and image extensions.

I'm just not sure we can avoid using keys - I didn't manage to execute 
commands (by running `ssh <options> <cmd>` ) in non-interactive way with only 
user passwords.

> > That way we know which package owned that file and if we have a prerm
> > we can even remove everything with apt.
> > 
> > Henning
> > 
> > > Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> > > ---
> > > 
> > >  meta/classes/image-account-extension.bbclass | 14 +++++++++++++-
> > >  1 file changed, 13 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/meta/classes/image-account-extension.bbclass
> > > b/meta/classes/image-account-extension.bbclass index
> > > 70950a7b..c9b86250 100644 ---
> > > a/meta/classes/image-account-extension.bbclass +++
> > > b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@
> > > USERS ??= "" #USER_root[home] = "/home/root"
> > > 
> > >  #USER_root[shell] = "/bin/sh"
> > >  #USER_root[groups] = "audio video"
> > > 
> > > -#USER_root[flags] = "no-create-home create-home system
> > > allow-empty-password clear-text-password force-passwd-change"
> > > +#USER_root[flags] = "no-create-home create-home system
> > > allow-empty-password clear-text-password force-passwd-change
> > > copy-ci-key" GROUPS ??= ""
> > > @@ -263,5 +263,17 @@ image_postprocess_accounts() {
> > > 
> > >              sudo -E chroot '${ROOTFSDIR}' \
> > >              
> > >                  /usr/bin/passwd --expire "$name"
> > >          
> > >          fi
> > > 
> > > +
> > > +        # Add CI ssh key for noninteractive login
> > > +        if [ "${flags}" != "${flags%*,copy-ci-key,*}" ]; then
> > > +            echo "Add CI ssh key for \"$name\""
> > > +            sudo sh -c " \
> > > +                mkdir -p ${ROOTFSDIR}/${home}/.ssh && \
> > > +                cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub >
> > > ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \
> > > +                chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh
> > > +            "
> > > +            sudo -E chroot '${ROOTFSDIR}' \
> > > +                chown -R ${name}:${gid} ${home}/.ssh
> > > +        fi
> > > 
> > >      done
> > >  
> > >  }

Re: [PATCH 05/11] image-account-extension: Add copy-ci-key flag for user

[Henning Schild]

Am Wed, 25 Jan 2023 10:36:55 +0300
schrieb Uladzimir Bely <ubely@ilbers.de>:

> In mail from вторник, 24 января 2023 г. 10:18:28 +03 user Henning
> Schild wrote:
> > Am Tue, 24 Jan 2023 08:09:24 +0100
> > 
> > schrieb Henning Schild <henning.schild@siemens.com>:  
> > > Am Fri, 13 Jan 2023 08:19:36 +0100
> > > 
> > > schrieb Uladzimir Bely <ubely@ilbers.de>:  
> > > > If the flag enabled, CI ssh public key is copied
> > > > `authorized_keys` in `$USER/.ssh/` directory.
> > > > 
> > > > This allows non-interactive SSH access to the machine with
> > > > executing custom commands on the guest VM.  
> > > 
> > > I would suggest to make that a debian raw package, examples on
> > > how to do that can be found in many public layers.
> > > 
> > > You could i.e. drop an authorized-keys file into /etc/ssh/ and
> > > using postinst append/change the AuthorizedKeysFile line in the
> > > global ssh config  
> > 
> > Create the user ci like we create the user isar in example-raw, and
> > drop that file into HOME/.ssh/, maybe depend on sudo and make sure
> > that user can run any command without password.
> > We could also use a trivial password and not have a key at all.
> > 
> > And when it is a package we can depend on regen-keys.
> > 
> > Henning
> >   
> 
> Yes, it sounds reasonable. I't should be easier to manage everything
> in one recipe, instead of specific image and image extensions.
> 
> I'm just not sure we can avoid using keys - I didn't manage to
> execute commands (by running `ssh <options> <cmd>` ) in
> non-interactive way with only user passwords.

Quick google pointed me to "sshpass -p ci ssh <options> <cmd>". The
tool would have to be installed with apt-get like we do with
qemu-system. In fact ssh will also have to be installed.

If that does not work, we use the key.

Henning

> > > That way we know which package owned that file and if we have a
> > > prerm we can even remove everything with apt.
> > > 
> > > Henning
> > >   
> > > > Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> > > > ---
> > > > 
> > > >  meta/classes/image-account-extension.bbclass | 14
> > > > +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/meta/classes/image-account-extension.bbclass
> > > > b/meta/classes/image-account-extension.bbclass index
> > > > 70950a7b..c9b86250 100644 ---
> > > > a/meta/classes/image-account-extension.bbclass +++
> > > > b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@
> > > > USERS ??= "" #USER_root[home] = "/home/root"
> > > > 
> > > >  #USER_root[shell] = "/bin/sh"
> > > >  #USER_root[groups] = "audio video"
> > > > 
> > > > -#USER_root[flags] = "no-create-home create-home system
> > > > allow-empty-password clear-text-password force-passwd-change"
> > > > +#USER_root[flags] = "no-create-home create-home system
> > > > allow-empty-password clear-text-password force-passwd-change
> > > > copy-ci-key" GROUPS ??= ""
> > > > @@ -263,5 +263,17 @@ image_postprocess_accounts() {
> > > > 
> > > >              sudo -E chroot '${ROOTFSDIR}' \
> > > >              
> > > >                  /usr/bin/passwd --expire "$name"
> > > >          
> > > >          fi
> > > > 
> > > > +
> > > > +        # Add CI ssh key for noninteractive login
> > > > +        if [ "${flags}" != "${flags%*,copy-ci-key,*}" ]; then
> > > > +            echo "Add CI ssh key for \"$name\""
> > > > +            sudo sh -c " \
> > > > +                mkdir -p ${ROOTFSDIR}/${home}/.ssh && \
> > > > +                cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub >
> > > > ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \
> > > > +                chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh
> > > > +            "
> > > > +            sudo -E chroot '${ROOTFSDIR}' \
> > > > +                chown -R ${name}:${gid} ${home}/.ssh
> > > > +        fi
> > > > 
> > > >      done
> > > >  
> > > >  }  
> 
> 
> 
> 

[PATCH 06/11] meta-isar: Fix PCI bus initialization in qemuarm machine

[Uladzimir Bely]

With `QEMU_MACHINE ?= "virt"` qemuarm machine fails to initialize
PCI bus with the following error in dmesg:

pci-host-generic 4010000000.pcie: can't claim ECAM area \
    [mem 0x10000000-0x1fffffff]: address conflict with \
    pcie@10000000 [mem 0x10000000-0x3efeffff]
pci-host-generic: probe of 4010000000.pcie failed with error -16

Adding ',highmem=off' makes PCI work and this allows to make ethernet
interface in VM working.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 meta-isar/conf/machine/qemuarm.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-isar/conf/machine/qemuarm.conf b/meta-isar/conf/machine/qemuarm.conf
index 06d4b34d..6426a4a7 100644
--- a/meta-isar/conf/machine/qemuarm.conf
+++ b/meta-isar/conf/machine/qemuarm.conf
@@ -10,7 +10,7 @@ IMAGE_FSTYPES ?= "ext4"
 QEMU_ROOTFS_DEV ?= "vda"
 
 QEMU_ARCH ?= "arm"
-QEMU_MACHINE ?= "virt"
+QEMU_MACHINE ?= "virt,highmem=off"
 QEMU_CPU ?= "cortex-a15"
 # TODO: start_vm doesn't support multiline vars
 QEMU_DISK_ARGS ?= "-drive file=##ROOTFS_IMAGE##,if=none,format=raw,id=hd0 -device virtio-blk-device,drive=hd0"
-- 
2.20.1

Re: [PATCH 06/11] meta-isar: Fix PCI bus initialization in qemuarm machine

[Uladzimir Bely]

In the email from Friday, 13 January 2023 10:19:37 +03 user Uladzimir Bely 
wrote:
> With `QEMU_MACHINE ?= "virt"` qemuarm machine fails to initialize
> PCI bus with the following error in dmesg:
> 
> pci-host-generic 4010000000.pcie: can't claim ECAM area \
>     [mem 0x10000000-0x1fffffff]: address conflict with \
>     pcie@10000000 [mem 0x10000000-0x3efeffff]
> pci-host-generic: probe of 4010000000.pcie failed with error -16
> 
> Adding ',highmem=off' makes PCI work and this allows to make ethernet
> interface in VM working.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  meta-isar/conf/machine/qemuarm.conf | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta-isar/conf/machine/qemuarm.conf
> b/meta-isar/conf/machine/qemuarm.conf index 06d4b34d..6426a4a7 100644
> --- a/meta-isar/conf/machine/qemuarm.conf
> +++ b/meta-isar/conf/machine/qemuarm.conf
> @@ -10,7 +10,7 @@ IMAGE_FSTYPES ?= "ext4"
>  QEMU_ROOTFS_DEV ?= "vda"
> 
>  QEMU_ARCH ?= "arm"
> -QEMU_MACHINE ?= "virt"
> +QEMU_MACHINE ?= "virt,highmem=off"
>  QEMU_CPU ?= "cortex-a15"
>  # TODO: start_vm doesn't support multiline vars
>  QEMU_DISK_ARGS ?= "-drive file=##ROOTFS_IMAGE##,if=none,format=raw,id=hd0
> -device virtio-blk-device,drive=hd0"

Applied to next (picked from "[PATCH 00/11] Support running custom commands in 
VM" as hotfix).

[PATCH 07/11] testsuite: Use random free port for qemu SSH forwarding

[Uladzimir Bely]

Instead of using fixed 22222 port for forwarding to qemu port 22,
request free port from the system.

This allows to run qemu machines in parallel and also fixes possible
issues with sequential qemu test CI runs in case system delays port
release.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/start_vm.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
index d6c47dcd..d151232e 100755
--- a/testsuite/start_vm.py
+++ b/testsuite/start_vm.py
@@ -5,6 +5,7 @@
 
 import argparse
 import os
+import socket
 import subprocess
 import sys
 import time
@@ -70,9 +71,12 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal
         bios_idx = qemu_disk_args.index('-bios')
         del qemu_disk_args[bios_idx : bios_idx+2]
 
-    # Support SSH access from host via port 22222
+    # Support SSH access from host
+    ssh_sock = socket.socket()
+    ssh_sock.bind(('', 0))
+    ssh_port=ssh_sock.getsockname()[1]
     extra_args.extend(['-device', 'e1000,netdev=net0'])
-    extra_args.extend(['-netdev', 'user,id=net0,hostfwd=tcp::22222-:22'])
+    extra_args.extend(['-netdev', 'user,id=net0,hostfwd=tcp::' + str(ssh_port) + '-:22'])
 
     cmd = ['qemu-system-' + qemu_arch, '-m', '1024M']
 
-- 
2.20.1

Re: [PATCH 07/11] testsuite: Use random free port for qemu SSH forwarding

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:38 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> Instead of using fixed 22222 port for forwarding to qemu port 22,
> request free port from the system.

Nice solution. I looked at this series because i was expecting that
conflict on the static port.

Henning

> This allows to run qemu machines in parallel and also fixes possible
> issues with sequential qemu test CI runs in case system delays port
> release.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  testsuite/start_vm.py | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
> index d6c47dcd..d151232e 100755
> --- a/testsuite/start_vm.py
> +++ b/testsuite/start_vm.py
> @@ -5,6 +5,7 @@
>  
>  import argparse
>  import os
> +import socket
>  import subprocess
>  import sys
>  import time
> @@ -70,9 +71,12 @@ def format_qemu_cmdline(arch, build, distro,
> image, out, pid, enforce_pcbios=Fal bios_idx =
> qemu_disk_args.index('-bios') del qemu_disk_args[bios_idx :
> bios_idx+2] 
> -    # Support SSH access from host via port 22222
> +    # Support SSH access from host
> +    ssh_sock = socket.socket()
> +    ssh_sock.bind(('', 0))
> +    ssh_port=ssh_sock.getsockname()[1]
>      extra_args.extend(['-device', 'e1000,netdev=net0'])
> -    extra_args.extend(['-netdev',
> 'user,id=net0,hostfwd=tcp::22222-:22'])
> +    extra_args.extend(['-netdev', 'user,id=net0,hostfwd=tcp::' +
> str(ssh_port) + '-:22']) 
>      cmd = ['qemu-system-' + qemu_arch, '-m', '1024M']
>  

Re: [PATCH 07/11] testsuite: Use random free port for qemu SSH forwarding

[Uladzimir Bely]

In the email from Friday, 13 January 2023 10:19:38 +03 user Uladzimir Bely 
wrote:
> Instead of using fixed 22222 port for forwarding to qemu port 22,
> request free port from the system.
> 
> This allows to run qemu machines in parallel and also fixes possible
> issues with sequential qemu test CI runs in case system delays port
> release.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  testsuite/start_vm.py | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
> index d6c47dcd..d151232e 100755
> --- a/testsuite/start_vm.py
> +++ b/testsuite/start_vm.py
> @@ -5,6 +5,7 @@
> 
>  import argparse
>  import os
> +import socket
>  import subprocess
>  import sys
>  import time
> @@ -70,9 +71,12 @@ def format_qemu_cmdline(arch, build, distro, image, out,
> pid, enforce_pcbios=Fal bios_idx = qemu_disk_args.index('-bios')
>          del qemu_disk_args[bios_idx : bios_idx+2]
> 
> -    # Support SSH access from host via port 22222
> +    # Support SSH access from host
> +    ssh_sock = socket.socket()
> +    ssh_sock.bind(('', 0))
> +    ssh_port=ssh_sock.getsockname()[1]
>      extra_args.extend(['-device', 'e1000,netdev=net0'])
> -    extra_args.extend(['-netdev', 'user,id=net0,hostfwd=tcp::22222-:22'])
> +    extra_args.extend(['-netdev', 'user,id=net0,hostfwd=tcp::' +
> str(ssh_port) + '-:22'])
> 
>      cmd = ['qemu-system-' + qemu_arch, '-m', '1024M']

Applied to next (picked from "[PATCH 00/11] Support running custom commands in 
VM" as hotfix).

[PATCH 08/11] testsuite: Support running custom commands in VM

[Uladzimir Bely]

By specifying `cmd='<command>'` it's now possible to run VM and
execute the command over SSH connection.

If this is not specified, tests uses previous approach, with
parsing output log and searching some specific fragments.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/cibuilder.py | 60 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 9e9cc8a3..4496b0dd 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -2,6 +2,7 @@
 
 import logging
 import os
+import re
 import select
 import shutil
 import subprocess
@@ -201,11 +202,44 @@ class CIBuilder(Test):
 
         return env['LAYERDIR_' + layer].strip('"')
 
-    def vm_start(self, arch='amd64', distro='buster', image='isar-image-base', enforce_pcbios=False):
+    def vm_exec_cmd(self, cmd='/bin/true', timeout=10, port=None):
+        spk = os.path.dirname(__file__) + '/keys/ssh/id_rsa'
+        os.chmod(spk, 0o400)
+
+        port_args = ''
+        if port:
+            port_args = ' -p ' + str(port)
+
+        cmd_prefix = 'ssh' + port_args + \
+                     ' -o ConnectTimeout=5 -o IdentityFile=' + spk + \
+                     ' -o StrictHostKeyChecking=no ci@localhost '
+        self.log.debug('Waiting for SSH server ready...')
+
+        rc = None
+        while time.time() < timeout and rc != 0:
+            rc = subprocess.call('exec ' + cmd_prefix + '/bin/true',
+                                 shell=True,
+                                 stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                                 stderr=subprocess.PIPE)
+            time.sleep(1)
+        if rc != 0:
+            self.log.error('SSH server is not ready')
+            return -1
+
+        rc = subprocess.call('exec ' + cmd_prefix + cmd, shell=True,
+                             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE)
+        time.sleep(1)
+
+        return rc
+
+    def vm_start(self, arch='amd64', distro='buster', image='isar-image-base',
+                 enforce_pcbios=False, cmd=None):
         time_to_wait = self.params.get('time_to_wait', default=60)
 
         self.log.info('===================================================')
         self.log.info('Running Isar VM boot test for (' + distro + '-' + arch + ')')
+        self.log.info('Remote command is ' + str(cmd))
         self.log.info('Isar build folder is: ' + self.build_dir)
         self.log.info('===================================================')
 
@@ -256,6 +290,30 @@ class CIBuilder(Test):
         p1 = subprocess.Popen('exec ' + ' '.join(cmdline), shell=True,
                               stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                               universal_newlines=True)
+
+        if cmd is not None:
+            rc = None
+            try:
+                port = None
+                for arg in cmdline:
+                    match = re.match(r".*hostfwd=tcp::(\d*).*", arg)
+                    if match:
+                        port = match.group(1)
+                        break
+
+                rc = self.vm_exec_cmd(cmd, timeout, port)
+                self.log.debug('`' + cmd + '` returned ' + str(rc))
+            finally:
+                if p1.poll() is None:
+                    self.log.debug('Killing qemu...')
+                    p1.kill()
+                p1.wait()
+
+            if rc != 0:
+                self.fail('Log ' + output_file)
+
+            return
+
         try:
             poller = select.poll()
             poller.register(p1.stdout, select.POLLIN)
-- 
2.20.1

Re: [PATCH 08/11] testsuite: Support running custom commands in VM

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:39 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> By specifying `cmd='<command>'` it's now possible to run VM and
> execute the command over SSH connection.
> 
> If this is not specified, tests uses previous approach, with
> parsing output log and searching some specific fragments.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  testsuite/cibuilder.py | 60
> +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59
> insertions(+), 1 deletion(-)
> 
> diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
> index 9e9cc8a3..4496b0dd 100755
> --- a/testsuite/cibuilder.py
> +++ b/testsuite/cibuilder.py
> @@ -2,6 +2,7 @@
>  
>  import logging
>  import os
> +import re
>  import select
>  import shutil
>  import subprocess
> @@ -201,11 +202,44 @@ class CIBuilder(Test):
>  
>          return env['LAYERDIR_' + layer].strip('"')
>  
> -    def vm_start(self, arch='amd64', distro='buster',
> image='isar-image-base', enforce_pcbios=False):
> +    def vm_exec_cmd(self, cmd='/bin/true', timeout=10, port=None):
> +        spk = os.path.dirname(__file__) + '/keys/ssh/id_rsa'
> +        os.chmod(spk, 0o400)
> +
> +        port_args = ''
> +        if port:
> +            port_args = ' -p ' + str(port)
> +
> +        cmd_prefix = 'ssh' + port_args + \
> +                     ' -o ConnectTimeout=5 -o IdentityFile=' + spk +
> \
> +                     ' -o StrictHostKeyChecking=no ci@localhost '

What is the username? My guess would be root. Let us make that explicit
and see if we can at some point get away with running this as non-root
while we root into the VMs.

Henning

> +        self.log.debug('Waiting for SSH server ready...')
> +
> +        rc = None
> +        while time.time() < timeout and rc != 0:
> +            rc = subprocess.call('exec ' + cmd_prefix + '/bin/true',
> +                                 shell=True,
> +                                 stdin=subprocess.PIPE,
> stdout=subprocess.PIPE,
> +                                 stderr=subprocess.PIPE)
> +            time.sleep(1)
> +        if rc != 0:
> +            self.log.error('SSH server is not ready')
> +            return -1
> +
> +        rc = subprocess.call('exec ' + cmd_prefix + cmd, shell=True,
> +                             stdin=subprocess.PIPE,
> stdout=subprocess.PIPE,
> +                             stderr=subprocess.PIPE)
> +        time.sleep(1)
> +
> +        return rc
> +
> +    def vm_start(self, arch='amd64', distro='buster',
> image='isar-image-base',
> +                 enforce_pcbios=False, cmd=None):
>          time_to_wait = self.params.get('time_to_wait', default=60)
>  
>          self.log.info('===================================================')
>          self.log.info('Running Isar VM boot test for (' + distro +
> '-' + arch + ')')
> +        self.log.info('Remote command is ' + str(cmd))
>          self.log.info('Isar build folder is: ' + self.build_dir)
>          self.log.info('===================================================')
>  
> @@ -256,6 +290,30 @@ class CIBuilder(Test):
>          p1 = subprocess.Popen('exec ' + ' '.join(cmdline),
> shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> stderr=subprocess.PIPE, universal_newlines=True)
> +
> +        if cmd is not None:
> +            rc = None
> +            try:
> +                port = None
> +                for arg in cmdline:
> +                    match = re.match(r".*hostfwd=tcp::(\d*).*", arg)
> +                    if match:
> +                        port = match.group(1)
> +                        break
> +
> +                rc = self.vm_exec_cmd(cmd, timeout, port)
> +                self.log.debug('`' + cmd + '` returned ' + str(rc))
> +            finally:
> +                if p1.poll() is None:
> +                    self.log.debug('Killing qemu...')
> +                    p1.kill()
> +                p1.wait()
> +
> +            if rc != 0:
> +                self.fail('Log ' + output_file)
> +
> +            return
> +
>          try:
>              poller = select.poll()
>              poller.register(p1.stdout, select.POLLIN)

Re: [PATCH 08/11] testsuite: Support running custom commands in VM

[Henning Schild]

Am Tue, 24 Jan 2023 08:14:04 +0100
schrieb Henning Schild <henning.schild@siemens.com>:

> Am Fri, 13 Jan 2023 08:19:39 +0100
> schrieb Uladzimir Bely <ubely@ilbers.de>:
> 
> > By specifying `cmd='<command>'` it's now possible to run VM and
> > execute the command over SSH connection.
> > 
> > If this is not specified, tests uses previous approach, with
> > parsing output log and searching some specific fragments.
> > 
> > Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> > ---
> >  testsuite/cibuilder.py | 60
> > +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59
> > insertions(+), 1 deletion(-)
> > 
> > diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
> > index 9e9cc8a3..4496b0dd 100755
> > --- a/testsuite/cibuilder.py
> > +++ b/testsuite/cibuilder.py
> > @@ -2,6 +2,7 @@
> >  
> >  import logging
> >  import os
> > +import re
> >  import select
> >  import shutil
> >  import subprocess
> > @@ -201,11 +202,44 @@ class CIBuilder(Test):
> >  
> >          return env['LAYERDIR_' + layer].strip('"')
> >  
> > -    def vm_start(self, arch='amd64', distro='buster',
> > image='isar-image-base', enforce_pcbios=False):
> > +    def vm_exec_cmd(self, cmd='/bin/true', timeout=10, port=None):
> > +        spk = os.path.dirname(__file__) + '/keys/ssh/id_rsa'
> > +        os.chmod(spk, 0o400)
> > +
> > +        port_args = ''
> > +        if port:
> > +            port_args = ' -p ' + str(port)
> > +
> > +        cmd_prefix = 'ssh' + port_args + \
> > +                     ' -o ConnectTimeout=5 -o IdentityFile=' + spk
> > + \
> > +                     ' -o StrictHostKeyChecking=no ci@localhost '
> 
> What is the username? My guess would be root. Let us make that
> explicit and see if we can at some point get away with running this
> as non-root while we root into the VMs.

Forget the comment ... the username is "ci"

Henning

> Henning
> 
> > +        self.log.debug('Waiting for SSH server ready...')
> > +
> > +        rc = None
> > +        while time.time() < timeout and rc != 0:
> > +            rc = subprocess.call('exec ' + cmd_prefix +
> > '/bin/true',
> > +                                 shell=True,
> > +                                 stdin=subprocess.PIPE,
> > stdout=subprocess.PIPE,
> > +                                 stderr=subprocess.PIPE)
> > +            time.sleep(1)
> > +        if rc != 0:
> > +            self.log.error('SSH server is not ready')
> > +            return -1
> > +
> > +        rc = subprocess.call('exec ' + cmd_prefix + cmd,
> > shell=True,
> > +                             stdin=subprocess.PIPE,
> > stdout=subprocess.PIPE,
> > +                             stderr=subprocess.PIPE)
> > +        time.sleep(1)
> > +
> > +        return rc
> > +
> > +    def vm_start(self, arch='amd64', distro='buster',
> > image='isar-image-base',
> > +                 enforce_pcbios=False, cmd=None):
> >          time_to_wait = self.params.get('time_to_wait', default=60)
> >  
> >          self.log.info('===================================================')
> >          self.log.info('Running Isar VM boot test for (' + distro +
> > '-' + arch + ')')
> > +        self.log.info('Remote command is ' + str(cmd))
> >          self.log.info('Isar build folder is: ' + self.build_dir)
> >          self.log.info('===================================================')
> >  
> > @@ -256,6 +290,30 @@ class CIBuilder(Test):
> >          p1 = subprocess.Popen('exec ' + ' '.join(cmdline),
> > shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
> > stderr=subprocess.PIPE, universal_newlines=True)
> > +
> > +        if cmd is not None:
> > +            rc = None
> > +            try:
> > +                port = None
> > +                for arg in cmdline:
> > +                    match = re.match(r".*hostfwd=tcp::(\d*).*",
> > arg)
> > +                    if match:
> > +                        port = match.group(1)
> > +                        break
> > +
> > +                rc = self.vm_exec_cmd(cmd, timeout, port)
> > +                self.log.debug('`' + cmd + '` returned ' + str(rc))
> > +            finally:
> > +                if p1.poll() is None:
> > +                    self.log.debug('Killing qemu...')
> > +                    p1.kill()
> > +                p1.wait()
> > +
> > +            if rc != 0:
> > +                self.fail('Log ' + output_file)
> > +
> > +            return
> > +
> >          try:
> >              poller = select.poll()
> >              poller.register(p1.stdout, select.POLLIN)
> 

[PATCH 09/11] meta-isar: Use a separate image recipe in CI

[Uladzimir Bely]

In order not to spoil `isar-image-base` or `local.conf.sample`,
put CI-specific configuration to a separate image recipe.

This includes SSH configuration VM images and separate user
with non-interactive SSH access.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 .../recipes-core/images/isar-image-ci.bb      | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 meta-isar/recipes-core/images/isar-image-ci.bb

diff --git a/meta-isar/recipes-core/images/isar-image-ci.bb b/meta-isar/recipes-core/images/isar-image-ci.bb
new file mode 100644
index 00000000..74b841ba
--- /dev/null
+++ b/meta-isar/recipes-core/images/isar-image-ci.bb
@@ -0,0 +1,30 @@
+# Debug root filesystem for target installation
+#
+# This software is a part of ISAR.
+# Copyright (C) 2023 ilbers GmbH
+
+require recipes-core/images/isar-image-base.bb
+
+# Setup SSH server on board
+IMAGE_INSTALL += "sshd-regen-keys"
+# Network should be up for using host-to-guest port forwarding
+IMAGE_PREINSTALL += "network-manager"
+
+# Create separate user with non-interactive access to the VM guest over SSH
+GROUPS += "ci"
+GROUP_ci[flags] = "system"
+
+USERS += "ci"
+USER_ci[gid] = "ci"
+USER_ci[home] = "/home/ci"
+USER_ci[comment] = "User for CI run tests"
+USER_ci[flags] = "system create-home"
+USER_ci[groups] = "sudo"
+
+USER_ci[password] = "ci"
+USER_ci[flags] += "clear-text-password"
+
+USER_ci[flags] += "copy-ci-key"
+
+# Don't QA check files added by 'copy-ci-key' flag when postprocessing
+ROOTFS_QA_FIND_ARGS = "! -path ${ROOTFSDIR}/home/ci/.ssh"
-- 
2.20.1

[PATCH 10/11] isar-image-ci: Make ethernet inerface auto bring up in ubuntu-focal

[Uladzimir Bely]

NetworkManager in Ubuntu doesn't manage ethernet interfaces by default
(see /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf).

Change this behaviour by overlaying this with a empty config so that
ethernet iface is managed by NM so that it's automatically brought up
in virtual machine and qemu host-to-guest port forwarding works.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 meta-isar/recipes-core/images/isar-image-ci.bb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta-isar/recipes-core/images/isar-image-ci.bb b/meta-isar/recipes-core/images/isar-image-ci.bb
index 74b841ba..a8dd3e40 100644
--- a/meta-isar/recipes-core/images/isar-image-ci.bb
+++ b/meta-isar/recipes-core/images/isar-image-ci.bb
@@ -28,3 +28,11 @@ USER_ci[flags] += "copy-ci-key"
 
 # Don't QA check files added by 'copy-ci-key' flag when postprocessing
 ROOTFS_QA_FIND_ARGS = "! -path ${ROOTFSDIR}/home/ci/.ssh"
+
+# Manage ethernet in ubuntu-focal by network-manager
+ROOTFS_CONFIGURE_COMMAND_append_ubuntu-focal = " manage_ethernet"
+
+manage_ethernet() {
+    sudo -E install -D -m 644 /dev/null \
+        ${ROOTFSDIR}/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+}
-- 
2.20.1

Re: [PATCH 10/11] isar-image-ci: Make ethernet inerface auto bring up in ubuntu-focal

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:41 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> NetworkManager in Ubuntu doesn't manage ethernet interfaces by default
> (see /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf).
> 
> Change this behaviour by overlaying this with a empty config so that
> ethernet iface is managed by NM so that it's automatically brought up
> in virtual machine and qemu host-to-guest port forwarding works.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  meta-isar/recipes-core/images/isar-image-ci.bb | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/meta-isar/recipes-core/images/isar-image-ci.bb
> b/meta-isar/recipes-core/images/isar-image-ci.bb index
> 74b841ba..a8dd3e40 100644 ---
> a/meta-isar/recipes-core/images/isar-image-ci.bb +++
> b/meta-isar/recipes-core/images/isar-image-ci.bb @@ -28,3 +28,11 @@
> USER_ci[flags] += "copy-ci-key" 
>  # Don't QA check files added by 'copy-ci-key' flag when
> postprocessing ROOTFS_QA_FIND_ARGS = "! -path
> ${ROOTFSDIR}/home/ci/.ssh" +
> +# Manage ethernet in ubuntu-focal by network-manager
> +ROOTFS_CONFIGURE_COMMAND_append_ubuntu-focal = " manage_ethernet"
> +
> +manage_ethernet() {
> +    sudo -E install -D -m 644 /dev/null \
> +
> ${ROOTFSDIR}/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
> +}

Files should come from packages where ever possible. Maybe just add
some 11-isar.conf in the package that we could call
"isar-ci-ssh-setup", that file can be shipped to debian as well ...
should not hurt.

And you would DEBIAN_DEPENDS on NM instead of installing it manually.
In the end the image would be

inherit isar-image-base
IMAGE_INSTALL += "isar-ci-ssh-setup"

Or we even just put that into the sample local conf and do not even
need another image. Maybe as a comment where only the testsuite
uncomments it, so users who build our examples do not get such "open
images"

Henning

Re: [PATCH 10/11] isar-image-ci: Make ethernet inerface auto bring up in ubuntu-focal

[Henning Schild]

Am Tue, 24 Jan 2023 08:24:50 +0100
schrieb Henning Schild <henning.schild@siemens.com>:

> Am Fri, 13 Jan 2023 08:19:41 +0100
> schrieb Uladzimir Bely <ubely@ilbers.de>:
> 
> > NetworkManager in Ubuntu doesn't manage ethernet interfaces by
> > default (see
> > /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf).
> > 
> > Change this behaviour by overlaying this with a empty config so that
> > ethernet iface is managed by NM so that it's automatically brought
> > up in virtual machine and qemu host-to-guest port forwarding works.
> > 
> > Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> > ---
> >  meta-isar/recipes-core/images/isar-image-ci.bb | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> > 
> > diff --git a/meta-isar/recipes-core/images/isar-image-ci.bb
> > b/meta-isar/recipes-core/images/isar-image-ci.bb index
> > 74b841ba..a8dd3e40 100644 ---
> > a/meta-isar/recipes-core/images/isar-image-ci.bb +++
> > b/meta-isar/recipes-core/images/isar-image-ci.bb @@ -28,3 +28,11 @@
> > USER_ci[flags] += "copy-ci-key" 
> >  # Don't QA check files added by 'copy-ci-key' flag when
> > postprocessing ROOTFS_QA_FIND_ARGS = "! -path
> > ${ROOTFSDIR}/home/ci/.ssh" +
> > +# Manage ethernet in ubuntu-focal by network-manager
> > +ROOTFS_CONFIGURE_COMMAND_append_ubuntu-focal = " manage_ethernet"
> > +
> > +manage_ethernet() {
> > +    sudo -E install -D -m 644 /dev/null \
> > +
> > ${ROOTFSDIR}/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
> > +}  
> 
> Files should come from packages where ever possible. Maybe just add
> some 11-isar.conf in the package that we could call
> "isar-ci-ssh-setup", that file can be shipped to debian as well ...
> should not hurt.
> 
> And you would DEBIAN_DEPENDS on NM instead of installing it manually.
> In the end the image would be
> 
> inherit isar-image-base
> IMAGE_INSTALL += "isar-ci-ssh-setup"
> 
> Or we even just put that into the sample local conf and do not even
> need another image. Maybe as a comment where only the testsuite
> uncomments it, so users who build our examples do not get such "open
> images"

Maybe we can bbwarn when building that package. Or it could also
adjust /etc/issue and/or /etc/motd to make it clear that this image is
insecure.

Henning

> Henning

[PATCH 11/11] testsuite: Run custom commands on some qemu targets

[Uladzimir Bely]

For demonstaration purposes, build 'isar-image-ci' for some targets
and add corresponding VM run tests with custom commands.

Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 testsuite/citest.py | 70 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 56 insertions(+), 14 deletions(-)

diff --git a/testsuite/citest.py b/testsuite/citest.py
index 08a2a00e..527e254f 100755
--- a/testsuite/citest.py
+++ b/testsuite/citest.py
@@ -69,8 +69,8 @@ class CrossTest(CIBaseTest):
     """
     def test_cross(self):
         targets = [
-            'mc:qemuarm-buster:isar-image-base',
-            'mc:qemuarm-bullseye:isar-image-base',
+            'mc:qemuarm-buster:isar-image-ci',
+            'mc:qemuarm-bullseye:isar-image-ci',
             'mc:qemuarm64-bullseye:isar-image-base',
             'mc:de0-nano-soc-bullseye:isar-image-base',
             'mc:stm32mp15x-buster:isar-image-base'
@@ -103,7 +103,7 @@ class CrossTest(CIBaseTest):
 
     def test_cross_bookworm(self):
         targets = [
-            'mc:qemuarm-bookworm:isar-image-base',
+            'mc:qemuarm-bookworm:isar-image-ci',
             'mc:qemuarm64-bookworm:isar-image-base'
                   ]
 
@@ -158,9 +158,9 @@ class NoCrossTest(CIBaseTest):
     """
     def test_nocross(self):
         targets = [
-            'mc:qemuarm-buster:isar-image-base',
+            'mc:qemuarm-buster:isar-image-ci',
             'mc:qemuarm-bullseye:isar-image-base',
-            'mc:qemuarm64-bullseye:isar-image-base',
+            'mc:qemuarm64-bullseye:isar-image-ci',
             'mc:qemui386-buster:isar-image-base',
             'mc:qemui386-bullseye:isar-image-base',
             'mc:qemuamd64-buster:isar-image-base',
@@ -175,7 +175,7 @@ class NoCrossTest(CIBaseTest):
             'mc:bananapi-bullseye:isar-image-base',
             'mc:nanopi-neo-bullseye:isar-image-base',
             'mc:stm32mp15x-bullseye:isar-image-base',
-            'mc:qemuamd64-focal:isar-image-base'
+            'mc:qemuamd64-focal:isar-image-ci'
                   ]
 
         self.init()
@@ -202,7 +202,7 @@ class NoCrossTest(CIBaseTest):
             'mc:qemuamd64-bookworm:isar-image-base',
             'mc:qemuarm-bookworm:isar-image-base',
             'mc:qemui386-bookworm:isar-image-base',
-            'mc:qemumipsel-bookworm:isar-image-base',
+            'mc:qemumipsel-bookworm:isar-image-ci',
             'mc:hikey-bookworm:isar-image-base'
                   ]
 
@@ -301,11 +301,23 @@ class VmBootTestFast(CIBaseTest):
     """
     def test_arm_bullseye(self):
         self.init()
-        self.vm_start('arm','bullseye')
+        self.vm_start('arm','bullseye', \
+            image='isar-image-ci')
+
+    def test_arm_bullseye_example_module(self):
+        self.init()
+        self.vm_start('arm','bullseye', \
+            image='isar-image-ci', cmd='lsmod | grep example_module')
 
     def test_arm_buster(self):
         self.init()
-        self.vm_start('arm','buster')
+        self.vm_start('arm','buster', \
+            image='isar-image-ci')
+
+    def test_arm_buster_getty_target(self):
+        self.init()
+        self.vm_start('arm','buster', \
+            image='isar-image-ci', cmd='systemctl is-active getty.target')
 
     def test_arm64_bullseye(self):
         self.init()
@@ -317,7 +329,13 @@ class VmBootTestFast(CIBaseTest):
 
     def test_arm_bookworm(self):
         self.init()
-        self.vm_start('arm','bookworm')
+        self.vm_start('arm','bookworm', \
+            image='isar-image-ci')
+
+    def test_arm_bookworm_example_module(self):
+        self.init()
+        self.vm_start('arm','bookworm', \
+            image='isar-image-ci', cmd='lsmod | grep example_module')
 
 class VmBootTestFull(CIBaseTest):
 
@@ -332,11 +350,23 @@ class VmBootTestFull(CIBaseTest):
 
     def test_arm_buster(self):
         self.init()
-        self.vm_start('arm','buster')
+        self.vm_start('arm','buster', \
+            image='isar-image-ci')
+
+    def test_arm_buster_example_module(self):
+        self.init()
+        self.vm_start('arm','buster', \
+            image='isar-image-ci', cmd='lsmod | grep example_module')
 
     def test_arm64_bullseye(self):
         self.init()
-        self.vm_start('arm64','bullseye')
+        self.vm_start('arm64','bullseye', \
+            image='isar-image-ci')
+
+    def test_arm64_bullseye_getty_target(self):
+        self.init()
+        self.vm_start('arm64','bullseye', \
+            image='isar-image-ci', cmd='systemctl is-active getty.target')
 
     def test_amd64_bullseye(self):
         self.init()
@@ -355,7 +385,13 @@ class VmBootTestFull(CIBaseTest):
 
     def test_amd64_focal(self):
         self.init()
-        self.vm_start('amd64','focal')
+        self.vm_start('amd64','focal', \
+            image='isar-image-ci')
+
+    def test_amd64_focal_example_module(self):
+        self.init()
+        self.vm_start('amd64','focal', \
+            image='isar-image-ci', cmd='lsmod | grep example_module')
 
     def test_amd64_bookworm(self):
         self.init()
@@ -371,4 +407,10 @@ class VmBootTestFull(CIBaseTest):
 
     def test_mipsel_bookworm(self):
         self.init()
-        self.vm_start('mipsel','bookworm')
+        self.vm_start('mipsel','bookworm', \
+            image='isar-image-ci')
+
+    def test_mipsel_bookworm_getty_target(self):
+        self.init()
+        self.vm_start('mipsel','bookworm', \
+            image='isar-image-ci', cmd='systemctl is-active getty.target')
-- 
2.20.1

Re: [PATCH 11/11] testsuite: Run custom commands on some qemu targets

[Henning Schild]

Am Fri, 13 Jan 2023 08:19:42 +0100
schrieb Uladzimir Bely <ubely@ilbers.de>:

> For demonstaration purposes, build 'isar-image-ci' for some targets
> and add corresponding VM run tests with custom commands.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  testsuite/citest.py | 70
> ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 56
> insertions(+), 14 deletions(-)
> 
> diff --git a/testsuite/citest.py b/testsuite/citest.py
> index 08a2a00e..527e254f 100755
> --- a/testsuite/citest.py
> +++ b/testsuite/citest.py
> @@ -69,8 +69,8 @@ class CrossTest(CIBaseTest):
>      """
>      def test_cross(self):
>          targets = [
> -            'mc:qemuarm-buster:isar-image-base',
> -            'mc:qemuarm-bullseye:isar-image-base',
> +            'mc:qemuarm-buster:isar-image-ci',
> +            'mc:qemuarm-bullseye:isar-image-ci',
>              'mc:qemuarm64-bullseye:isar-image-base',
>              'mc:de0-nano-soc-bullseye:isar-image-base',
>              'mc:stm32mp15x-buster:isar-image-base'
> @@ -103,7 +103,7 @@ class CrossTest(CIBaseTest):
>  
>      def test_cross_bookworm(self):
>          targets = [
> -            'mc:qemuarm-bookworm:isar-image-base',
> +            'mc:qemuarm-bookworm:isar-image-ci',
>              'mc:qemuarm64-bookworm:isar-image-base'
>                    ]
>  
> @@ -158,9 +158,9 @@ class NoCrossTest(CIBaseTest):
>      """
>      def test_nocross(self):
>          targets = [
> -            'mc:qemuarm-buster:isar-image-base',
> +            'mc:qemuarm-buster:isar-image-ci',
>              'mc:qemuarm-bullseye:isar-image-base',
> -            'mc:qemuarm64-bullseye:isar-image-base',
> +            'mc:qemuarm64-bullseye:isar-image-ci',
>              'mc:qemui386-buster:isar-image-base',
>              'mc:qemui386-bullseye:isar-image-base',
>              'mc:qemuamd64-buster:isar-image-base',
> @@ -175,7 +175,7 @@ class NoCrossTest(CIBaseTest):
>              'mc:bananapi-bullseye:isar-image-base',
>              'mc:nanopi-neo-bullseye:isar-image-base',
>              'mc:stm32mp15x-bullseye:isar-image-base',
> -            'mc:qemuamd64-focal:isar-image-base'
> +            'mc:qemuamd64-focal:isar-image-ci'
>                    ]
>  
>          self.init()
> @@ -202,7 +202,7 @@ class NoCrossTest(CIBaseTest):
>              'mc:qemuamd64-bookworm:isar-image-base',
>              'mc:qemuarm-bookworm:isar-image-base',
>              'mc:qemui386-bookworm:isar-image-base',
> -            'mc:qemumipsel-bookworm:isar-image-base',
> +            'mc:qemumipsel-bookworm:isar-image-ci',
>              'mc:hikey-bookworm:isar-image-base'
>                    ]
>  
> @@ -301,11 +301,23 @@ class VmBootTestFast(CIBaseTest):
>      """
>      def test_arm_bullseye(self):
>          self.init()
> -        self.vm_start('arm','bullseye')
> +        self.vm_start('arm','bullseye', \
> +            image='isar-image-ci')
> +
> +    def test_arm_bullseye_example_module(self):
> +        self.init()
> +        self.vm_start('arm','bullseye', \
> +            image='isar-image-ci', cmd='lsmod | grep example_module')

I think when we add this, we should drop the log parsing on that one in
the same commit. In the end i would expect the only thing left to parse
will be that login prompt and we move all others to executing commands.

And again there is a weird mix of positional vs named args, like many
other lines in this commit.

>      def test_arm_buster(self):
>          self.init()
> -        self.vm_start('arm','buster')
> +        self.vm_start('arm','buster', \
> +            image='isar-image-ci')
> +
> +    def test_arm_buster_getty_target(self):
> +        self.init()
> +        self.vm_start('arm','buster', \
> +            image='isar-image-ci', cmd='systemctl is-active
> getty.target') 
>      def test_arm64_bullseye(self):
>          self.init()
> @@ -317,7 +329,13 @@ class VmBootTestFast(CIBaseTest):
>  
>      def test_arm_bookworm(self):
>          self.init()
> -        self.vm_start('arm','bookworm')
> +        self.vm_start('arm','bookworm', \
> +            image='isar-image-ci')
> +
> +    def test_arm_bookworm_example_module(self):
> +        self.init()
> +        self.vm_start('arm','bookworm', \
> +            image='isar-image-ci', cmd='lsmod | grep example_module')

All this is repeating over and over, maybe we can do better.

We could i.e. always run a default command after the parsing, that
could be "/bin/true". And some tests would set something more involved.

I also wonder how i would run multiple commands ... like a full "set
-e" shellscript without having to write several tests and booting many
times.

Maybe a 
 with start_vm as vm:
  run_cmd1(vm)
  run_cmd2(vm)

vm magically shuts down when leaving the "with"-scope

Henning

>  class VmBootTestFull(CIBaseTest):
>  
> @@ -332,11 +350,23 @@ class VmBootTestFull(CIBaseTest):
>  
>      def test_arm_buster(self):
>          self.init()
> -        self.vm_start('arm','buster')
> +        self.vm_start('arm','buster', \
> +            image='isar-image-ci')
> +
> +    def test_arm_buster_example_module(self):
> +        self.init()
> +        self.vm_start('arm','buster', \
> +            image='isar-image-ci', cmd='lsmod | grep example_module')
>  
>      def test_arm64_bullseye(self):
>          self.init()
> -        self.vm_start('arm64','bullseye')
> +        self.vm_start('arm64','bullseye', \
> +            image='isar-image-ci')
> +
> +    def test_arm64_bullseye_getty_target(self):
> +        self.init()
> +        self.vm_start('arm64','bullseye', \
> +            image='isar-image-ci', cmd='systemctl is-active
> getty.target') 
>      def test_amd64_bullseye(self):
>          self.init()
> @@ -355,7 +385,13 @@ class VmBootTestFull(CIBaseTest):
>  
>      def test_amd64_focal(self):
>          self.init()
> -        self.vm_start('amd64','focal')
> +        self.vm_start('amd64','focal', \
> +            image='isar-image-ci')
> +
> +    def test_amd64_focal_example_module(self):
> +        self.init()
> +        self.vm_start('amd64','focal', \
> +            image='isar-image-ci', cmd='lsmod | grep example_module')
>  
>      def test_amd64_bookworm(self):
>          self.init()
> @@ -371,4 +407,10 @@ class VmBootTestFull(CIBaseTest):
>  
>      def test_mipsel_bookworm(self):
>          self.init()
> -        self.vm_start('mipsel','bookworm')
> +        self.vm_start('mipsel','bookworm', \
> +            image='isar-image-ci')
> +
> +    def test_mipsel_bookworm_getty_target(self):
> +        self.init()
> +        self.vm_start('mipsel','bookworm', \
> +            image='isar-image-ci', cmd='systemctl is-active
> getty.target')