[Buildbot-devel] slave connection over ssl possible?

Marcus Lindblom macke at yar.nu
Wed Oct 7 08:08:49 UTC 2009

Andy Howell wrote:
> Marcus Lindblom wrote:
>> Andy Howell wrote:
>>> Hello,
>>> Is is possible to setup buildbot slaves to create an encrypted session to the master?
>> Not out-of-the-box, I think.
>> However, you could always setup an SSH-tunnel to the buildmaster host 
>> yourself first, then have the buildslave work through that.
>> Hope it helps,
>> /Marcus
> Marcus,
> 	Thanks, I may go that route. I've been going through the code trying to see how to works. 
> Looks like the master side should work by specifying a port specification like:
> ssl:9989:privateKey=myket.pem:certKey=mycert.pem
> I think the slave side needs some changes to make this work, as it explicitly opens 
> TCPClient in buildbot/slave/bot.py. I've hacked that a bit, replace that call with a 
> ClientConnectionFactory and SSSClinet, but its not working yet. Still trying to understand 
> how twisted and buildbot work :)

I was more thinking that you'd keep ssh out of buildbot completely, and 
manually ssh from client to master setting up a port-forwarding from 
master to client and connect client to a port on its localhost that is 
tunneled to the master's slave port.

i.e. slave -> localport -> sshclient -> sshdaemon -> masterport -> master.

That would allow you to use ssh without changing buildbot at all.

Hope it makes sense.


More information about the devel mailing list