View Issue Details

IDProjectCategoryView StatusLast Update
0005075Talerdeployment and operationspublic2017-12-08 12:31
ReporterMarcello StanisciAssigned ToMarcello Stanisci 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.5Fixed in Version 
Summary0005075: Buildbot various issues
DescriptionFrom a Florian's e-mail:


* We openly expose the buildbot master port to the world! So anybody on
the internet can connect to our BB master and pretend to be a worker.

* That's especially bad since we just use passwords for woker
authentication and have them in the deployment.git. BB supports other
authentication mechanisms such as ssh keys, which we should use!

* The build steps are not named nicely, but build_1, build_2, build_3
etc., which leads to a not-so-nice web interface and failure notifications.

* Git should not be polled, but we should use hooks to notify BB of new
changes

* Change sources don't provide projects, which means that currently
whenever ANY repo has a change, anything will be rebuilt! I.e. pushing
to the wallet would rebuild rebuld the exchange documentation.

* Eventually we want authentication for the web interface for the parts
that influence the BB's execution. Right now, everybody on the internet
can force rebuilds! Web authentication sucks unfortunately (and Mozilla
Persona got abandoned), the "state of the art" here is OpenID Connect,
which requires you to register with each provider individually or run
your own provider, neither of which is great. However until we have
more "project-internal" services that requires authentication, we
probably shouldn't worry about this too much yet.
TagsNo tags attached.

Activities

Marcello Stanisci

2017-07-11 09:06

manager   ~0012325

Last edited: 2017-07-11 09:08

View 2 revisions

From a first googling session, it looks like SSH is only available for this so-called "try scheduler" [1], and not for worker authentication.

("try scheduler" is something that lets developers test their changes *before* committing, and its client side runs on the developer's machine, IIUIC)

[1] http://docs.buildbot.net/current/manual/cmdline.html#developer-tools

Please provide links if you find something about worker authentication via SSH.

Florian Dold

2017-07-12 18:45

manager   ~0012331

Looks like I was mistaken, for normal workers there is only password authentication. I've seen some projects simply store the passwords for workers in a file not committed to git but accessible on the file system by all worker user accounts.

It's not urgent to implement this though. I'd suggest that for now we simply bind the buildbot port to localhost. This is described here: http://docs.buildbot.net/latest/manual/cfg-global.html#setting-the-pb-port-for-workers

Marcello Stanisci

2017-10-18 14:01

manager   ~0012493

what you suggest in 12331 is implemented in d37685124d0..

Marcello Stanisci

2017-10-18 14:16

manager   ~0012494

build steps have specific names at 290337abb8..

Marcello Stanisci

2017-10-18 22:44

manager   ~0012497

Amoong the other things, docs builder needs to be triggererd upon each commit on documentation.

Marcello Stanisci

2017-10-23 17:15

manager   ~0012513

adding hooks @ 7bb658..

Marcello Stanisci

2017-12-08 12:30

manager   ~0012637

Closing and reporting the last bullet point as a separate issue.

Issue History

Date Modified Username Field Change
2017-06-10 10:50 Marcello Stanisci New Issue
2017-07-11 09:06 Marcello Stanisci Note Added: 0012325
2017-07-11 09:08 Marcello Stanisci Note Edited: 0012325 View Revisions
2017-07-12 18:45 Florian Dold Note Added: 0012331
2017-10-18 14:01 Marcello Stanisci Note Added: 0012493
2017-10-18 14:16 Marcello Stanisci Note Added: 0012494
2017-10-18 22:44 Marcello Stanisci Note Added: 0012497
2017-10-23 10:22 Christian Grothoff Assigned To => Marcello Stanisci
2017-10-23 10:22 Christian Grothoff Status new => assigned
2017-10-23 10:38 Christian Grothoff Product Version => SVN HEAD
2017-10-23 10:38 Christian Grothoff Target Version => 0.5
2017-10-23 17:15 Marcello Stanisci Note Added: 0012513
2017-12-08 12:30 Marcello Stanisci Note Added: 0012637
2017-12-08 12:31 Marcello Stanisci Status assigned => closed
2017-12-08 12:31 Marcello Stanisci Resolution open => fixed