.. _Manhole: .. py:module:: buildbot.plugins.util Manhole ------- Manhole is an interactive Python shell which allows full access to the Buildbot master instance. It is probably only useful for buildbot developers. Using Manhole requires ``cryptography`` and ``pyasn1`` python packages to be installed. These are not part of the normal Buildbot dependencies. There are multiple implementations of Manhole available which differ by the authentication mechanisms and the security of the connection. .. note:: Manhole exposes full access to the buildmaster's account (including the ability to modify and delete files). It's recommended not to expose the manhole to the public internet or to use a strong password. .. py:class:: AuthorizedKeysManhole(port, keyfile, ssh_hostkey_dir) A manhole implementation that accepts encrypted ssh connections and authenticates by ssh keys. The prospective client have an ssh private key that matches one of the public keys in our authorized keys file. :type port: string or int :param port: The port to listen on. This is a `strports `__ specification string, like ``tcp:12345`` or ``tcp:12345:interface=127.0.0.1``. Bare integers are treated as a simple tcp port. :type keyfile: string :param keyfile: The path to the file containing public parts of the authorized SSH keys. The path is interpreted relative to the buildmaster's basedir. The file should contain one public SSH key per line. This is the exact same format as used by sshd in ``~/.ssh/authorized_keys``. :type ssh_hostkey_dir: str :param ssh_hostkey_dir: The path to the directory which contains ssh host keys for this server. .. py:class:: PasswordManhole(port, username, password, ssh_hostkey_dir) A manhole implementation that accepts encrypted ssh connections and authenticates by username and password. :type port: string or int :param port: The port to listen on. This is a `strports `__ specification string, like ``tcp:12345`` or ``tcp:12345:interface=127.0.0.1``. Bare integers are treated as a simple tcp port. :type username: string :param username: The username to authenticate :type password: string :param password: The password of the user to authenticate. :type ssh_hostkey_dir: str :param ssh_hostkey_dir: The path to the directory which contains ssh host keys for this server. .. py:class:: TelnetManhole(port, username, password) A manhole implementation that accepts unencrypted telnet connections and authenticates by username and password. .. note:: This connection method is not secure and should not be used anywhere where the port is exposed to the public internet. :type port: string or int :param port: The port to listen on. This is a `strports `__ specification string, like ``tcp:12345`` or ``tcp:12345:interface=127.0.0.1``. Bare integers are treated as a simple tcp port. :type username: string :param username: The username to authenticate :type password: string :param password: The password of the user to authenticate. Using manhole ~~~~~~~~~~~~~ The interactive Python shell can be entered by simply connecting to the host in question. For example, in the case of ssh password-based manhole, the configuration may look like this: .. code-block:: python from buildbot import manhole c['manhole'] = manhole.PasswordManhole("tcp:1234:interface=127.0.0.1", "admin", "passwd", ssh_hostkey_dir="/data/ssh_host_keys/") A connection attempt may look like this: .. code-block:: bash ssh -p1234 admin@127.0.0.1 # enter passwd at prompt After connection is established, objects can be explored in more depth using `dir(x)` or the helper function `show(x)`. For example: .. code-block:: python >>> master.workers.workers {'example-worker': } >>> show(master) data attributes of basedir : '/home/dustin/code/buildbot/t/buildbot/'... botmaster : buildCacheSize : None buildHorizon : None buildbotURL : http://localhost:8010/ changeCacheSize : None change_svc : configFileName : master.cfg db : db_url : sqlite:///state.sqlite ... >>> show(master.botmaster.builders['win32']) data attributes of The buildmaster's SSH server will use a different host key than the normal sshd running on a typical unix host. This will cause the ssh client to complain about a `host key mismatch`, because it does not realize there are two separate servers running on the same host. To avoid this, use a clause like the following in your :file:`.ssh/config` file: .. code-block:: none Host remotehost-buildbot HostName remotehost HostKeyAlias remotehost-buildbot Port 9999 # use 'user' if you use PasswordManhole and your name is not 'admin'. # if you use AuthorizedKeysManhole, this probably doesn't matter. User admin