[Buildbot-devel] BuildBot for Desired State Configuration

Samuli Seppänen samuli at openvpn.net
Mon Feb 23 09:00:37 UTC 2015

> I have been searching for a simple way to execute commands against all
> of my BuildBot slaves to perform on demand maintenance to the boxes.
> Maybe I need to rotate and SSH key, run Windows Update, or install a
> program. Since I administer Windows and Linux buildslaves (mostly
> Windows), I can’t use a single technology to do this with, or if I
> could, it’s extremely frustrating to configure, especially on windows.
> I was thinking that I could setup a builder one each of the
> buildslaves that would run scripts to do maintenance/configuration on
> the machine, and to protect those builders I could only let them be
> forced after an authorized user logs in and they’d only be show in a
> special category, so they wouldn’t appear on the normal waterfall page
> everyone sees. I know there’s a lot of tools out there for configuring
> systems like Puppet or Powershell DSC, but I was wondering, has anyone
> has ever tried to do it with BuildBot as the delivery mechanism, and
> custom scripts for the actual configuration?
> Thanks,
> Jeremy Cornett

You could probably maintain buildslave state using buildbot if you were
really motivated. That said, it's definitely the right tool for the job.
I'm almost certain you'd have to spend more time hacking your custom
solution together than if you learned a proper cross-platform
state-based configuration management platform such as Chef or Puppet.
The Powershell DSC is out of the question if you want to maintain
non-Windows systems, plus it's in quite immature afaik.

With buildbot you'd have write tons of tests before every configuration
change or the end state could get corrupted, which can take a
surprisingly large amount of time. The problem is the same as when
writing scripts which need to be able to run multiple times in a row -
it takes a lot of care to ensure the same change is not made twice. Then
you have things like ordering of configuration changes. For example,
when you modify a daemon's configuration file you'd need to restart the
daemon afterwards. I'm also not sure how you'd handle differences
between Windows and *NIX buildslaves in your scripts. Even if you'd
write the scripts in Python you'd still end up with differing file paths
and such. On top of this you'd need to hack buildbot to hide these
configuration management builders which are not real builders. Basically
it will get nasty really quickly, unless you needs are extremely simple.
Then again, if your needs are simple, then solving them with Puppet or
Chef or whatever won't be very difficult, either :).

I went down the above road when I tried to introduce Fabric[1] as a
"simpler" alternative to Puppet for a few sysadmin colleagues. My logic
was that writing Fabric tasks - basically shell commands wrapped in
Python - would be easier than learning the Puppet language. While the
logic was valid, I scrapped the idea after reinventing the wheel several
times over several hours[2].

Best regards,


[1] SSH in a for loop on steroids: <http://www.fabfile.org/>
[2] For example: how to add the client's FQDN dynamically to a file on
the client. I basically had to reinvent a simple templating system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20150223/e8b03261/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://buildbot.net/pipermail/devel/attachments/20150223/e8b03261/attachment.bin>

More information about the devel mailing list