[users at bb.net] Using SSH keys with GitPoller and Git step?

Chris Spencer chrisspen at gmail.com
Mon Mar 13 15:50:18 UTC 2017

I've done that, but Buildbot is giving me the following error:

    git fetch -t git at bitbucket.org:myproject/myproject.git branch1
     in dir
/usr/local/myproject/src/buildbot/worker/myproject_runtests/build (timeout
1200 secs)
     watching logfiles {}
     argv: ['git', 'fetch', '-t', 'git at bitbucket.org:myproject/myproject.git',
      SUDO_COMMAND=/bin/bash -c cd /usr/local/myproject/src/buildbot;
/usr/local/myproject/.env/bin/buildbot-worker restart worker
     using PTY: False
    Host key verification failed.
    fatal: Could not read from remote repository.

Presumably, the problem is that Buildbot is using /home/ubuntu for HOME
instead of /var/lib/buildbot. However, Buildbot is running as the buildbot
user, so I'm unsure why it would be using the ubuntu user's home directory.
How do I fix this?

On Mon, Mar 13, 2017 at 11:41 AM, Bob Drummond <bob.drummond at netronome.com>

> Assuming /var/lib/buildbot is the home directory of your buildbot
> worker/slave user, yes, that's all you should have to do. If you can log in
> interactively as the buildbot user and SSH without a password, you should
> be set. I've found the "ssh -v" flag is useful in debugging what key is
> actually being used.
> Bob Drummond
> Software Engineer
> Netronome | 3159 Unionville Road, Suite 100 Cranberry Twp., PA 16066
> Phone: +1 (724) 778-3295 <(724)%20778-3295> |  www.netronome.com
> On Mar 13, 2017 11:08, "Chris Spencer" <chrisspen at gmail.com> wrote:
> My preference would be to use SSH keys. However, since there's no official
> documentation explaining how to use them with Buildbot, and these replies
> have mentioned a lot of caveats, I was acting as though SSH keys are
> officially not supported.
> I posted this question to SO over a year ago, and the only reply I
> received was essentially "just use a username and password".
> How do I configure Buildbot to use SSH keys? I only have a single slave
> running on the same server as master, so can I simply upload my custom SSH
> key to /var/lib/buildbot/.ssh/mykey.pem or do I need to update something
> in my tac or cfg files?
> On Mon, Mar 6, 2017 at 2:47 PM, Pierre Tardy <tardyp at gmail.com> wrote:
>> It is not implemented because people are supposed to use SSH keys. Is
>> there a reason why you can't use SSH keys ?
>> Buildbot has capabilities to redact password from commands. It's used I
>> think in svn
>> Le lun. 6 mars 2017 20:32, Chris Spencer <chrisspen at gmail.com> a écrit :
>>> Is there any way to suppress the output of the Git step (
>>> http://docs.buildbot.net/latest/manual/cfg-buildsteps.html#step-Git),
>>> so my password isn't visible in the logs? It doesn't appear to accept any
>>> type of "gitbin" option.
>>> On Thu, Mar 2, 2017 at 6:42 PM, Will Rosecrans <wrosecrans at gmail.com>
>>> wrote:
>>> As far as I know, the GitPoller doesn't directly support that.  I have
>>> mostly used salt to set up the buildslave machine, and included ssh and git
>>> config as part of the buildslave's system config rather than the buildbot
>>> config.  If you are using GitHub, it's also easy to set up token passwords
>>> on an account and use that for service work.  It uses a password rather
>>> than an actual key, but the password is a long string of gibberish, and you
>>> can use the token as a sub account, with different permissions for the
>>> tokens and the ability tp revoke them individually.
>>> You can also set the GitPoller's gitbin to point to a script that runs
>>> git with whatever key setup you like, and have buildbot just invoke that
>>> script.
>>> On Wed, Mar 1, 2017 at 5:18 PM, Chris Spencer <chrisspen at gmail.com>
>>> wrote:
>>> How do you specify the ssh key to use with the Gitpoller and Git step
>>> classes?
>>> I'm currently hard-coding my username/password in the repourl, and I'd
>>> like to move away from that for security reasons. However, even after
>>> reading the docs and looking at the source, I can see no obvious way to
>>> specify the pem key file to checkout and fetch via ssh.
>>> _______________________________________________
>>> users mailing list
>>> users at buildbot.net
>>> https://lists.buildbot.net/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> users at buildbot.net
>>> https://lists.buildbot.net/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170313/3ef6cce6/attachment.html>

More information about the users mailing list