Support alternate password for PTF container#16457
Merged
StormLiangMS merged 5 commits intosonic-net:masterfrom Jan 14, 2025
Merged
Support alternate password for PTF container#16457StormLiangMS merged 5 commits intosonic-net:masterfrom
StormLiangMS merged 5 commits intosonic-net:masterfrom
Conversation
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
wangxin
changed the title
xwjiang-ms
approved these changes
Jan 14, 2025
Collaborator
|
@wangxin PR conflicts with 202311 branch |
Contributor
|
Hi @wangxin, could you create manual PR in azure-msft sonic-mgmt:202405 due to merge conflicts? Thanks! |
StormLiangMS
pushed a commit
that referenced
this pull request
Jan 22, 2025
Manually cherry-pick #16457 to 202311 branch due to conflicts. What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed. Signed-off-by: Xin Wang <xiwang5@microsoft.com>
r12f
added
Approved for msft-202412 Branch
and removed
Approved for msft-202412 Branch
labels
12 tasks
Collaborator
|
Cherry-pick PR to msft-202412: Azure/sonic-mgmt.msft#43 |
r12f
added
Approved for 202411 branch
and removed
Approved for msft-202412 Branch
labels
mssonicbld
pushed a commit
to mssonicbld/sonic-mgmt
that referenced
this pull request
Jan 31, 2025
What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
Collaborator
|
Cherry-pick PR to 202411: #16743 |
12 tasks
mssonicbld
pushed a commit
that referenced
this pull request
Jan 31, 2025
What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
mssonicbld
added
Included in 202411 branch
and removed
Created PR to 202411 branch
labels
wangxin
added a commit
to wangxin/sonic-mgmt
that referenced
this pull request
Feb 21, 2025
What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
8 tasks
Collaborator
Author
Created PR for manual cherry-pick: Azure/sonic-mgmt.msft#104 |
nnelluri-cisco
pushed a commit
to nnelluri-cisco/sonic-mgmt
that referenced
this pull request
Mar 15, 2025
What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
ansrajpu-git
pushed a commit
to ansrajpu-git/sonic-mgmt
that referenced
this pull request
Apr 14, 2025
What is the motivation for this PR? The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation. How did you do it? This change improved the ansible related code to support accessing the PTF containers using the multi_ssh_pass ansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation. How did you verify/test it? Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of PR
Summary:
Fixes # (issue)
Type of change
Back port request
Approach
What is the motivation for this PR?
The PTF container is always using default password. If the PTF container is on same bridge with the host server's management IP, then it is easily accessible from other host servers. This is not secure enough. We need to support alternate password for the PTF container and password rotation.
How did you do it?
This change improved the ansible related code to support accessing the PTF containers using the
multi_ssh_passansible plugin. Then we can specify alternate passwords for the PTF container. When alternate passwords are specified, the default password of PTF container is updated after PTF creation.How did you verify/test it?
Tested remove-topo/add-topo/restart-ptf on KVM and physical testbed.
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation