<html lang="en">
<head>
<title>Try Schedulers - BuildBot Manual - 0.8.4p1</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="BuildBot Manual - 0.8.4p1">
<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="start" href="index.html#Top">
<link rel="up" href="Schedulers.html#Schedulers" title="Schedulers">
<link rel="prev" href="Nightly-Scheduler.html#Nightly-Scheduler" title="Nightly Scheduler">
<link rel="next" href="Triggerable-Scheduler.html#Triggerable-Scheduler" title="Triggerable Scheduler">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<!--
This is the BuildBot manual for Buildbot version 0.8.4p1.
Copyright (C) 2005, 2006, 2009, 2010 Brian Warner
Copying and distribution of this file, with or without
modification, are permitted in any medium without royalty
provided the copyright notice and this notice are preserved.-->
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.display { font-family:inherit }
pre.format { font-family:inherit }
pre.smalldisplay { font-family:inherit; font-size:smaller }
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
span.sc { font-variant:small-caps }
span.roman { font-family:serif; font-weight:normal; }
span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<div class="node">
<a name="Try-Schedulers"></a>
<p>
Next: <a rel="next" accesskey="n" href="Triggerable-Scheduler.html#Triggerable-Scheduler">Triggerable Scheduler</a>,
Previous: <a rel="previous" accesskey="p" href="Nightly-Scheduler.html#Nightly-Scheduler">Nightly Scheduler</a>,
Up: <a rel="up" accesskey="u" href="Schedulers.html#Schedulers">Schedulers</a>
<hr>
</div>
<h4 class="subsection">4.8.8 Try Schedulers</h4>
<p><a name="index-buildbot_002eschedulers_002etrysched_002eTry_005fJobdir-63"></a><a name="index-buildbot_002eschedulers_002etrysched_002eTry_005fUserpass-64"></a>
This scheduler allows developers to use the <code>buildbot try</code>
command to trigger builds of code they have not yet committed. See
<a href="try.html#try">try</a> for complete details.
<p>Two implementations are available: <code>Try_Jobdir</code> and
<code>Try_Userpass</code>. The former monitors a job directory, specified
by the <code>jobdir</code> parameter, while the latter listens for PB
connections on a specific <code>port</code>, and authenticates against
<code>userport</code>.
<p>The buildmaster must have a scheduler instance in the config file's
<code>c['schedulers']</code> list to receive try requests. This lets the
administrator control who may initiate these “trial” builds, which branches
are eligible for trial builds, and which Builders should be used for them.
<p>The scheduler has various means to accept build requests.
All of them enforce more security than the usual buildmaster ports do.
Any source code being built can be used to compromise the buildslave
accounts, but in general that code must be checked out from the VC
repository first, so only people with commit privileges can get
control of the buildslaves. The usual force-build control channels can
waste buildslave time but do not allow arbitrary commands to be
executed by people who don't have those commit privileges. However,
the source code patch that is provided with the trial build does not
have to go through the VC system first, so it is important to make
sure these builds cannot be abused by a non-committer to acquire as
much control over the buildslaves as a committer has. Ideally, only
developers who have commit access to the VC repository would be able
to start trial builds, but unfortunately the buildmaster does not, in
general, have access to VC system's user list.
<p>As a result, the try scheduler requires a bit more configuration. There are
currently two ways to set this up:
<dl>
<dt><strong>jobdir (ssh)</strong><dd>
This approach creates a command queue directory, called the
“jobdir”, in the buildmaster's working directory. The buildmaster
admin sets the ownership and permissions of this directory to only
grant write access to the desired set of developers, all of whom must
have accounts on the machine. The <code>buildbot try</code> command creates
a special file containing the source stamp information and drops it in
the jobdir, just like a standard maildir. When the buildmaster notices
the new file, it unpacks the information inside and starts the builds.
<p>The config file entries used by 'buildbot try' either specify a local
queuedir (for which write and mv are used) or a remote one (using scp
and ssh).
<p>The advantage of this scheme is that it is quite secure, the
disadvantage is that it requires fiddling outside the buildmaster
config (to set the permissions on the jobdir correctly). If the
buildmaster machine happens to also house the VC repository, then it
can be fairly easy to keep the VC userlist in sync with the
trial-build userlist. If they are on different machines, this will be
much more of a hassle. It may also involve granting developer accounts
on a machine that would not otherwise require them.
<p>To implement this, the buildslave invokes 'ssh -l username host
buildbot tryserver ARGS', passing the patch contents over stdin. The
arguments must include the inlet directory and the revision
information.
<br><dt><strong>user+password (PB)</strong><dd>
In this approach, each developer gets a username/password pair, which
are all listed in the buildmaster's configuration file. When the
developer runs <code>buildbot try</code>, their machine connects to the
buildmaster via PB and authenticates themselves using that username
and password, then sends a PB command to start the trial build.
<p>The advantage of this scheme is that the entire configuration is
performed inside the buildmaster's config file. The disadvantages are
that it is less secure (while the “cred” authentication system does
not expose the password in plaintext over the wire, it does not offer
most of the other security properties that SSH does). In addition, the
buildmaster admin is responsible for maintaining the username/password
list, adding and deleting entries as developers come and go.
</dl>
<p>For example, to set up the “jobdir” style of trial build, using a
command queue directory of <samp><span class="file">MASTERDIR/jobdir</span></samp> (and assuming that
all your project developers were members of the <code>developers</code> unix
group), you would first set up that directory:
<pre class="example"> mkdir -p MASTERDIR/jobdir MASTERDIR/jobdir/new MASTERDIR/jobdir/cur MASTERDIR/jobdir/tmp
chgrp developers MASTERDIR/jobdir MASTERDIR/jobdir/*
chmod g+rwx,o-rwx MASTERDIR/jobdir MASTERDIR/jobdir/*
</pre>
<p>and then use the following scheduler in the buildmaster's config file:
<pre class="example"> from buildbot.schedulers.trysched import Try_Jobdir
s = Try_Jobdir(name="try1",
builderNames=["full-linux", "full-netbsd", "full-OSX"],
jobdir="jobdir")
c['schedulers'] = [s]
</pre>
<p>Note that you must create the jobdir before telling the buildmaster to
use this configuration, otherwise you will get an error. Also remember
that the buildmaster must be able to read and write to the jobdir as
well. Be sure to watch the <samp><span class="file">twistd.log</span></samp> file (see <a href="Logfiles.html#Logfiles">Logfiles</a>)
as you start using the jobdir, to make sure the buildmaster is happy
with it.
<p>To use the username/password form of authentication, create a
<code>Try_Userpass</code> instance instead. It takes the same
<code>builderNames</code> argument as the <code>Try_Jobdir</code> form, but
accepts an addtional <code>port</code> argument (to specify the TCP port to
listen on) and a <code>userpass</code> list of username/password pairs to
accept. Remember to use good passwords for this: the security of the
buildslave accounts depends upon it:
<pre class="example"> from buildbot.schedulers.trysched import Try_Userpass
s = Try_Userpass(name="try2",
builderNames=["full-linux", "full-netbsd", "full-OSX"],
port=8031,
userpass=[("alice","pw1"), ("bob", "pw2")] )
c['schedulers'] = [s]
</pre>
<p>Like most places in the buildbot, the <code>port</code> argument takes a
strports specification. See <code>twisted.application.strports</code> for
details.
</body></html>
