[users at bb.net] Using SSH keys with GitPoller and Git step?

Chris Spencer chrisspen at gmail.com
Mon Mar 13 15:50:18 UTC 2017


I've done that, but Buildbot is giving me the following error:

    git fetch -t git at bitbucket.org:myproject/myproject.git branch1
     in dir
/usr/local/myproject/src/buildbot/worker/myproject_runtests/build (timeout
1200 secs)
     watching logfiles {}
     argv: ['git', 'fetch', '-t', 'git at bitbucket.org:myproject/myproject.git',
'branch1']
     environment:
      HOME=/home/ubuntu
      LANG=en_US.UTF-8
      LOGNAME=buildbot
      MAIL=/var/mail/buildbot
      OLDPWD=/home/ubuntu
      PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      PWD=/usr/local/myproject/src/buildbot/worker/myproject_runtests/build
      SHELL=/bin/bash
      SHLVL=1
      SUDO_COMMAND=/bin/bash -c cd /usr/local/myproject/src/buildbot;
/usr/local/myproject/.env/bin/buildbot-worker restart worker
      SUDO_GID=1000
      SUDO_UID=1000
      SUDO_USER=ubuntu
      TERM=vt100
      USER=buildbot
      USERNAME=buildbot
      _=/usr/local/myproject/.env/bin/buildbot-worker
     using PTY: False
    Host key verification failed.
    fatal: Could not read from remote repository.

Presumably, the problem is that Buildbot is using /home/ubuntu for HOME
instead of /var/lib/buildbot. However, Buildbot is running as the buildbot
user, so I'm unsure why it would be using the ubuntu user's home directory.
How do I fix this?

On Mon, Mar 13, 2017 at 11:41 AM, Bob Drummond <bob.drummond at netronome.com>
wrote:

> Assuming /var/lib/buildbot is the home directory of your buildbot
> worker/slave user, yes, that's all you should have to do. If you can log in
> interactively as the buildbot user and SSH without a password, you should
> be set. I've found the "ssh -v" flag is useful in debugging what key is
> actually being used.
>
> Bob Drummond
> Software Engineer
>
>
> Netronome | 3159 Unionville Road, Suite 100 Cranberry Twp., PA 16066
>
> Phone: +1 (724) 778-3295 <(724)%20778-3295> |  www.netronome.com
>
> On Mar 13, 2017 11:08, "Chris Spencer" <chrisspen at gmail.com> wrote:
>
> My preference would be to use SSH keys. However, since there's no official
> documentation explaining how to use them with Buildbot, and these replies
> have mentioned a lot of caveats, I was acting as though SSH keys are
> officially not supported.
>
> I posted this question to SO over a year ago, and the only reply I
> received was essentially "just use a username and password".
>
> How do I configure Buildbot to use SSH keys? I only have a single slave
> running on the same server as master, so can I simply upload my custom SSH
> key to /var/lib/buildbot/.ssh/mykey.pem or do I need to update something
> in my tac or cfg files?
>
> On Mon, Mar 6, 2017 at 2:47 PM, Pierre Tardy <tardyp at gmail.com> wrote:
>
>> It is not implemented because people are supposed to use SSH keys. Is
>> there a reason why you can't use SSH keys ?
>>
>> Buildbot has capabilities to redact password from commands. It's used I
>> think in svn
>>
>> Le lun. 6 mars 2017 20:32, Chris Spencer <chrisspen at gmail.com> a écrit :
>>
>>> Is there any way to suppress the output of the Git step (
>>> http://docs.buildbot.net/latest/manual/cfg-buildsteps.html#step-Git),
>>> so my password isn't visible in the logs? It doesn't appear to accept any
>>> type of "gitbin" option.
>>>
>>> On Thu, Mar 2, 2017 at 6:42 PM, Will Rosecrans <wrosecrans at gmail.com>
>>> wrote:
>>>
>>> As far as I know, the GitPoller doesn't directly support that.  I have
>>> mostly used salt to set up the buildslave machine, and included ssh and git
>>> config as part of the buildslave's system config rather than the buildbot
>>> config.  If you are using GitHub, it's also easy to set up token passwords
>>> on an account and use that for service work.  It uses a password rather
>>> than an actual key, but the password is a long string of gibberish, and you
>>> can use the token as a sub account, with different permissions for the
>>> tokens and the ability tp revoke them individually.
>>>
>>> You can also set the GitPoller's gitbin to point to a script that runs
>>> git with whatever key setup you like, and have buildbot just invoke that
>>> script.
>>>
>>>
>>> On Wed, Mar 1, 2017 at 5:18 PM, Chris Spencer <chrisspen at gmail.com>
>>> wrote:
>>>
>>> How do you specify the ssh key to use with the Gitpoller and Git step
>>> classes?
>>>
>>> I'm currently hard-coding my username/password in the repourl, and I'd
>>> like to move away from that for security reasons. However, even after
>>> reading the docs and looking at the source, I can see no obvious way to
>>> specify the pem key file to checkout and fetch via ssh.
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at buildbot.net
>>> https://lists.buildbot.net/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at buildbot.net
>>> https://lists.buildbot.net/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> users mailing list
> users at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170313/3ef6cce6/attachment.html>


More information about the users mailing list