From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7252191915297210368
X-Received: by 2002:a0c:cb08:0:b0:636:17a3:c624 with SMTP id o8-20020a0ccb08000000b0063617a3c624mr18895924qvk.19.1689057638984;
        Mon, 10 Jul 2023 23:40:38 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a0c:dc0c:0:b0:62d:e950:bc9f with SMTP id s12-20020a0cdc0c000000b0062de950bc9fls4937795qvk.1.-pod-prod-08-us;
 Mon, 10 Jul 2023 23:40:38 -0700 (PDT)
X-Google-Smtp-Source: APBJJlGG24CSQMZwsUCBUFYYAaxmkRNMdyfD78PsFEhQW5u1XFzq24VN8vAzFLMmJr6ctlIXUTjk
X-Received: by 2002:a1f:c6c4:0:b0:471:6345:7c3f with SMTP id w187-20020a1fc6c4000000b0047163457c3fmr4123099vkf.7.1689057638162;
        Mon, 10 Jul 2023 23:40:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689057638; cv=none;
        d=google.com; s=arc-20160816;
        b=mOQ/HAPn305PuXw7+4RcXeR8gkdbi5Pkyh6BGCxQoa6qAE/IFGlebE040MR8AvnkNk
         fOIcC4VO+e+06alUZyaJkV4GynMXl61D5rSFEDASEYyvJSGWrCsGLkTVv+npB98TCNs+
         vUOrxSuVDKo5GN59JQqrnaIY5ENboA6GITHurPVwb6l7vwHcylmAmFqhpJ0hkMhV+EHE
         ec8UceRkXky++BtIod/ilnE8ATROB/vtLxXrjWKf1jU46SfrKJ/boPwRrWccV7rMAmVK
         IQ4BNIGJ3aIum7Kotqhnoy7m9BVYy1xHSE+NC5+t/OT7d8Fy5AqZsOUYnUsbshYC5pRf
         mKiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id;
        bh=fQ60Z905lzTXBFUMoVBSPKYr3z80E6bZQL7SeRjaDFs=;
        fh=swRs1+OhWjovx1IrvOlKBWsdq9manB5qdcuGoHoh5Ak=;
        b=w61gZh4i1Y8pZ3wn7zB3tO54E6u8A3F7jzkIkSwb6rF6uVuN38DnhnCSnqyBoap7ZG
         vbDfko7J/OdgwVWIR9+lc1LB+E8/63iRxwfN7KVhYw7hbt02dM+GUsWwQ+PJn8TTIaTj
         CIbSnEHCm/OT1+Xpj/qHaZffUsMuRSWyE/lRXKmvGXeu9a8lOb44HniZVWRtDcoW5wG5
         cGHHOvh3tLuS0SjnKV4imvoZKFiXkVe0qNRFKtOMoplDqjIiAYrXAtPmlI5o6Thqhqqf
         YP1tbMjCQZc20dOjyLmZaORU6iY9lvwd2W87VO5wkTBId6SuXwkVmVw4mFe4sk4+b03E
         0QoA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Return-Path: <ubely@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id cl35-20020a056122252300b0046557175e54si107172vkb.1.2023.07.10.23.40.37
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 10 Jul 2023 23:40:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Received: from [127.0.0.1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 36B6eafZ028394
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Tue, 11 Jul 2023 08:40:36 +0200
Message-ID: <954f03ee9a76c2dd27b3e2e64f433de6384c748b.camel@ilbers.de>
Subject: Re: [PATCH] meta-test: Disable sshd socket activation for CI purpose
From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com
Date: Tue, 11 Jul 2023 09:40:40 +0300
In-Reply-To: <20230705044827.20725-1-ubely@ilbers.de>
References: <20230705044827.20725-1-ubely@ilbers.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.3 (by Flathub.org) 
MIME-Version: 1.0
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: w8B1Z5RmGg+U

On Wed, 2023-07-05 at 06:48 +0200, Uladzimir Bely wrote:
> Openssh-server package in Debian comes with socket activation
> enabled.
> This means that every command executed over ssh by CI scripts starts
> new sshd instance on target.
>=20
> Sometimes, this makes CI fail: another SSH "ping" or command may fail
> even if all the previous "pings" were OK.
>=20
> SSH "ping" with debug, when qemu machine is starting:
>=20
> ```
> while true; do
> =C2=A0 ssh -o ConnectTimeout=3D5 -p 47457 <options> ci@localhost /bin/tru=
e;
> =C2=A0 echo $?;
> =C2=A0 sleep 1;
> done
> ```
>=20
> Output:
>=20
> ```
> Connection timed out during banner exchange
> Connection to 127.0.0.1 port 47457 timed out
> 255
> Connection timed out during banner exchange
> Connection to 127.0.0.1 port 47457 timed out
> 255
> 0
> 0
> 0
> kex_exchange_identification: Connection closed by remote host
> Connection closed by 127.0.0.1 port 47457
> 255
> 0
> 0
> 0
> ```
>=20
> Disabling socket activation by setting corresponding system-preset
> fixes the issue.
>=20
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
> =C2=A0.../isar-ci-ssh-setup/files/99-disable-ssh-socket.preset=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 | 4
> ++++
> =C2=A0.../recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb=C2=A0=C2=
=A0=C2=A0=C2=A0 | 4
> ++++
> =C2=A02 files changed, 8 insertions(+)
> =C2=A0create mode 100644 meta-test/recipes-ci/isar-ci-ssh-setup/files/99-
> disable-ssh-socket.preset
>=20
> diff --git a/meta-test/recipes-ci/isar-ci-ssh-setup/files/99-disable-
> ssh-socket.preset b/meta-test/recipes-ci/isar-ci-ssh-setup/files/99-
> disable-ssh-socket.preset
> new file mode 100644
> index 00000000..aced69e1
> --- /dev/null
> +++ b/meta-test/recipes-ci/isar-ci-ssh-setup/files/99-disable-ssh-
> socket.preset
> @@ -0,0 +1,4 @@
> +# This software is a part of ISAR.
> +# Copyright (C) 2023 ilbers GmbH
> +
> +disable ssh.socket
> diff --git a/meta-test/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-
> setup_0.1.bb b/meta-test/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-
> setup_0.1.bb
> index 74fecf92..4693f647 100644
> --- a/meta-test/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb
> +++ b/meta-test/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb
> @@ -5,6 +5,7 @@ MAINTAINER =3D "Uladzimir Bely
> <uladzimir.bely@ilbers.de>"
> =C2=A0
> =C2=A0SRC_URI =3D " \
> =C2=A0=C2=A0=C2=A0=C2=A0 file://postinst=C2=A0\
> +=C2=A0=C2=A0=C2=A0 file://99-disable-ssh-socket.preset=C2=A0\
> =C2=A0"
> =C2=A0
> =C2=A0DEPENDS +=3D "sshd-regen-keys"
> @@ -19,4 +20,7 @@ do_install() {
> =C2=A0
> =C2=A0=C2=A0=C2=A0=C2=A0 # Manage all interfaces (including ethernet) by =
NetworkManager
> =C2=A0=C2=A0=C2=A0=C2=A0 install -D -m 644 /dev/null ${D}/etc/NetworkMana=
ger/conf.d/10-
> globally-managed-devices.conf
> +
> +=C2=A0=C2=A0=C2=A0 # Disable socket activation for ssh server
> +=C2=A0=C2=A0=C2=A0 install -D -m 644 ${WORKDIR}/99-disable-ssh-socket.pr=
eset
> ${D}/lib/systemd/system-preset/99-disable-ssh-socket.preset
> =C2=A0}
> --=20
> 2.20.1
>=20

Applied to next.