[Buildbot-devel] Using buildbot across sites

Jens Thomas j.m.h.thomas at dl.ac.uk
Thu May 8 09:51:15 UTC 2008 

Hi Joseph,

Many thanks for getting back to me.

Joseph Carrafa wrote:
> You can run the status server over Apache using mod_proxy, this will 
> give you access to the various authentication methods that Apache 
> provides.  

It hadn't occurred to me to use apache as a proxy, but that should solve 
my problem.

> As far as security with the actual operation of buildbot, the main 
> security hole I know of is the PBChangeSource, which has a hardcoded 
> username and password for the PB services.
We don't use this as far as I'm aware, but it's good to know where there 
are possible loopholes.
>
> I would just set up a VPN and call it a day.

I may have to resort to this, but I'd rather not if I can avoid it!

Thanks again for your response.

Best wishes,

Jens

>
> On May 7, 2008, at 9:08 AM, Jens Thomas wrote:
>
>> Hello,
>>
>> I hope it's o.k. to ask a question about using buildbot across different
>> sites.
>>
>> I'd like to set up a build and testing farm between a number of
>> different institutions. The groups involved would like to collaborate on
>> this because, by doing this, we can test our codes on a far wider range
>> of machines than if each group ran their own setup.
>>
>> However, doing this means that the buildbot server instance needs to be
>> accessible to the outside world. This shouldn't be too difficult, as I
>> can just punch a hole in our firewall to allow the clients to contact
>> the server, but I just wondered if anyone that knows more about the
>> buildbot architecture could comment on the security implications of 
>> this?
>>
>> Are the transactions between the server and client encrypted in any way,
>> or would it be possible for someone to monitor the packets between
>> machines and maybe learn how to hijack either the client or server?
>>
>> Another question is to do with the html status page. Ideally I'd like
>> this to visible externally so that our collaborators can see what's
>> happening, but I obviously don't want everyone to have access to this.
>> Is it possible to run the status server using authentication over SSL?
>>
>> Any comments/suggestions would be greatly appreciated!
>>
>> Best wishes,
>>
>> Jens
>>
>> ------------------------------------------------------------------------- 
>>
>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>> Don't miss this year's exciting event. There's still time to save $100.
>> Use priority code J8TL2D2.
>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone 
>>
>> _______________________________________________
>> Buildbot-devel mailing list
>> Buildbot-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/buildbot-devel
>
>


-- 
===================================================================
Jens Thomas,                email:  j.m.h.thomas at dl.ac.uk
STFC Daresbury Lab,         tel:    +44-1925-603849
Warrington,                 fax:    +44-1925-603634
WA4 4AD,  UK.               http:   http://www.cse.scitech.ac.uk
===================================================================

More information about the devel mailing list