[Buildbot-devel] proxy support?

Benoit Sigoure tsuna at lrde.epita.fr
Wed Feb 7 15:01:09 UTC 2007 

Quoting "F. Oliver Gathmann" <gathmann at cenix-bioscience.com>:
> Hi!
>
> We have a situation where our buildbot master for an Open Source project
> we use lives outside the company, but we would like to run buildbot
> slaves for two target platforms inside the company firewall. Our
> sysadmin (rightly) refuses to just open the port the buildbot master is
> listening on (9989), so I presume I would have to go through our proxy
> server. Is that supported in the current version of buildbot? Or am I
> misunderstanding something?
>
> Many thanks in advance,
>
> Oliver
>

Hello

I am in the exact same situation since our buildmaster is a server on the net
but the entire buildfarm is located in a cluster behind a firewall on which we
have no control. The solution I came with is the following:
All slaves run the following command:
ssh -C -f -N -L<A>:127.0.0.1:<B> buildslave at buildmaster.somewhere.com
-C = compress
-f = ssh stays in background
-N = Do not execute a remote command
-L = Create a tunnel

the ssh client will open the port <A> (eg, 9989) on localhost, then it 
will open
an ssh connection with buildslave at buildmaster.somewhere.com. The incoming
connections on the port <A> on the client will be forwarded through the SSH
tunnel to the server which will then connect to 127.0.0.1:<B>.

All my buildmasters are listening on localhost:<B> and all my clients are
connecting to their localhost:<A> which is forwarded by the SSH tunnel to the
master.

Since most of the firewalls allow outgoing SSH connections this solution works
in most places and is rather efficiant.

Note however that network instabilities will break the SSH tunnel once in a
while and if you don't want to have to restart it manually over and 
over again,
you can just run the following in background (ie, in a screen):
while :; do ssh -C -N -L<A>:127.0.0.1:<B> 
buildslave at buildmaster.somewhere.com;
sleep 1; done

Note that on Windows (using Cygwin's ssh OpenSSH cli) the tunnel breaks very
frequently for some unknown reason (Windows...).

If you find a better idea, let me know, but so far I'm rather satisfied with
this approach.

-- 
SIGOURE Benoit aka Tsuna
   _____
  /EPITA\ Promo 2008, LRDE

More information about the devel mailing list