[Buildbot-devel] slave connection over ssl possible?

Andy Howell AndyHowell at austin.rr.com
Wed Oct 7 14:02:52 UTC 2009


Marcus Lindblom wrote:
> Andy Howell wrote:
>> Marcus Lindblom wrote:
>>> Andy Howell wrote:
>>>> Hello,
>>>>
>>>> Is is possible to setup buildbot slaves to create an encrypted session to the master?
>>> Not out-of-the-box, I think.
>>>
>>> However, you could always setup an SSH-tunnel to the buildmaster host 
>>> yourself first, then have the buildslave work through that.
>>>
>>> Hope it helps,
>>>
>>> /Marcus
>>>
>> Marcus,
>>
>> 	Thanks, I may go that route. I've been going through the code trying to see how to works. 
>> Looks like the master side should work by specifying a port specification like:
>>
>> ssl:9989:privateKey=myket.pem:certKey=mycert.pem
>>
>> I think the slave side needs some changes to make this work, as it explicitly opens 
>> TCPClient in buildbot/slave/bot.py. I've hacked that a bit, replace that call with a 
>> ClientConnectionFactory and SSSClinet, but its not working yet. Still trying to understand 
>> how twisted and buildbot work :)
> 
> I was more thinking that you'd keep ssh out of buildbot completely, and 
> manually ssh from client to master setting up a port-forwarding from 
> master to client and connect client to a port on its localhost that is 
> tunneled to the master's slave port.
> 
> i.e. slave -> localport -> sshclient -> sshdaemon -> masterport -> master.
> 
> That would allow you to use ssh without changing buildbot at all.
> 
> Hope it makes sense.

Marcus,

	That makes sense. I've that while traveling to tunnel into my network. I've found that 
ssh can hang or drop the connection fairly regularly. For a long running application like 
a buildbot slave, that could make reliability an issue.


Thanks,

	Andy




More information about the devel mailing list