[Buildbot-devel] VPN as alternative to stateless protocol

[Samuli Seppänen]

> Occasionally there is discussion about a stateless master-slave protocol, usually in the context of less-than-ideal networking conditions. While I haven't tried this myself, I wonder if using a VPN would handle those sorts of problems. In particular, OpenVPN's default transport is UDP, and if memory serves, it can tolerate one endpoint getting disconnected and changing IP addresses. The states of the TCP connections are kept on the endpoints, so as long as the VPN comes back up within the TCP timeout (and the Buildbot idle timeout), the Buildbot master should be none the wiser.
>
> Of course, this won't cover all of the potential use cases of a stateless protocol, but if I were implementing that feature, I would be concerned about all of the subtle problems that could crop up once you are freed from the guarantee of one active slave connection per slave name. Without a persistent TCP connection, I can envision problems cropping up if a slave VM is cloned and the slave name isn't changed. At the moment, the duplicate slave scenario should show up in the master logs (as of early 0.8.x versions; haven't verified that recently).
>
Hi,

Patches that greatly improved the floating support in OpenVPN were
recently merged into Git "master":

<https://github.com/OpenVPN/openvpn/commit/65eedc353349d2967fc03c54da807727e416e1b0>

If you want to try it out, use the following

- Latest Git "master" or the OpenVPN server
- 2.3.6 or later on the OpenVPN clients

I've always run buildbot inside an OpenVPN network, both for security
and for practical reasons and it works great.

Samuli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://buildbot.net/pipermail/devel/attachments/20150130/36a319a3/attachment.bin>