Caution

Buildbot no longer supports Python 2.7 on the Buildbot master.

2.5.20. Manhole

Manhole is an interactive Python shell which allows full access to the Buildbot master instance. It is probably only useful for buildbot developers.

Using Manhole requires cryptography and pyasn1 python packages to be installed. These are not part of the normal Buildbot dependencies.

There are multiple implementations of Manhole available which differ by the authentication mechanisms and the security of the connection.

Note

Manhole exposes full access to the buildmaster’s account (including the ability to modify and delete files). It’s recommended not to expose the manhole to the public internet or to use a strong password.

class buildbot.plugins.util.AuthorizedKeysManhole(port, keyfile, ssh_hostkey_dir)

A manhole implementation that accepts encrypted ssh connections and authenticates by ssh keys. The prospective client have an ssh private key that matches one of the public keys in our authorized keys file.

Parameters
  • port (string or int) – The port to listen on. This is a strports specification string, like tcp:12345 or tcp:12345:interface=127.0.0.1. Bare integers are treated as a simple tcp port.

  • keyfile (string) – The path to the file containing public parts of the authorized SSH keys. The path is interpreted relative to the buildmaster’s basedir. The file should contain one public SSH key per line. This is the exact same format as used by sshd in ~/.ssh/authorized_keys.

  • ssh_hostkey_dir (str) – The path to the directory which contains ssh host keys for this server.

class buildbot.plugins.util.PasswordManhole(port, username, password, ssh_hostkey_dir)

A manhole implementation that accepts encrypted ssh connections and authenticates by username and password.

Parameters
  • port (string or int) – The port to listen on. This is a strports specification string, like tcp:12345 or tcp:12345:interface=127.0.0.1. Bare integers are treated as a simple tcp port.

  • username (string) – The username to authenticate

  • password (string) – The password of the user to authenticate.

  • ssh_hostkey_dir (str) – The path to the directory which contains ssh host keys for this server.

class buildbot.plugins.util.TelnetManhole(port, username, password)

A manhole implementation that accepts unencrypted telnet connections and authenticates by username and password.

Note

This connection method is not secure and should not be used anywhere where the port is exposed to the public internet.

Parameters
  • port (string or int) – The port to listen on. This is a strports specification string, like tcp:12345 or tcp:12345:interface=127.0.0.1. Bare integers are treated as a simple tcp port.

  • username (string) – The username to authenticate

  • password (string) – The password of the user to authenticate.

2.5.20.1. Using manhole

The interactive Python shell can be entered by simply connecting to the host in question. For example, in the case of ssh password-based manhole, the configuration may look like this:

from buildbot import manhole
c['manhole'] = manhole.PasswordManhole("tcp:1234:interface=127.0.0.1",
                                       "admin", "passwd",
                                       ssh_hostkey_dir="/data/ssh_host_keys/")

A connection attempt may look like this:

ssh -p1234 admin@127.0.0.1
# enter passwd at prompt

After connection is established, objects can be explored in more depth using dir(x) or the helper function show(x). For example:

>>> master.workers.workers
{'example-worker': <Worker 'example-worker', current builders: runtests>}

>>> show(master)
data attributes of <buildbot.master.BuildMaster instance at 0x7f7a4ab7df38>
                       basedir : '/home/dustin/code/buildbot/t/buildbot/'...
                     botmaster : <type 'instance'>
                buildCacheSize : None
                  buildHorizon : None
                   buildbotURL : http://localhost:8010/
               changeCacheSize : None
                    change_svc : <type 'instance'>
                configFileName : master.cfg
                            db : <class 'buildbot.db.connector.DBConnector'>
                        db_url : sqlite:///state.sqlite
                              ...
>>> show(master.botmaster.builders['win32'])
data attributes of <Builder ''builder'' at 48963528>

The buildmaster’s SSH server will use a different host key than the normal sshd running on a typical unix host. This will cause the ssh client to complain about a host key mismatch, because it does not realize there are two separate servers running on the same host. To avoid this, use a clause like the following in your .ssh/config file:

Host remotehost-buildbot
HostName remotehost
HostKeyAlias remotehost-buildbot
Port 9999
# use 'user' if you use PasswordManhole and your name is not 'admin'.
# if you use AuthorizedKeysManhole, this probably doesn't matter.
User admin