[Buildbot-devel] slave connection over ssl possible?

[exarkun at twistedmatrix.com]

On 7 Oct, 11:53 pm, warner at lothar.com wrote:
>
>The last time I put thought into this (a few years ago), my intention
>was to add Foolscap support. (disclaimer: I wrote foolscap). It's 
>almost
>exactly the same API as PB, by design, and provides strong encryption
>and authentication in both directions, running on top of SSL but with
>sensible capability-oriented access-control on top (no certificate
>authorities).

I think the biggest argument against this is that buildbot doesn't 
really need any of the features Foolscap provides that PB doesn't.  In 
fact, buildbot hardly even needs any of the features that PB provides 
that, say, AMP or XML-RPC don't.
>
>The biggest change would be configuration. Each slave would get a
>"FURL", which is like a URL but also contains the cryptographic goo
>needed to make sure you're talking securely to the right party. The
>'buildbot create-slave' command would take a FURL instead of the
>host/port/name/passwd 4-tuple. The master.cfg c['buildslaves'] entry
>would need to change, probably just to indicate that you want to use
>Foolscap for this slave. At some point during startup, the buildmaster
>would write each slave's FURLs out to a file (maybe the logfile) and
>you'd cut-and-paste that to give to the buildslave admin for their
>setup.
>
>For more details, check out the Foolscap home page at
>http://foolscap.lothar.com/trac . The biggest downside of adding this 
>to
>buildbot would be the extra dependency load (foolscap and
>python-openssl). But I think we could do it in such a way that it only
>got imported if you actually use those features.

One of the claims I often hear leveled against buildbot (unfairly, I 
think, but there you go) is the difficulty of setting up new slaves.  I 
think that dealing with a FURL would be fodder for this sort of 
argument.

When you were thinking about this, what was your motivation?  What does 
Foolscap bring to buildbot?

Jean-Paul