Installing a CI/CD Environment with Buildbot on FreeBSD
What will you learn in this guide?
In this guide, a secure CI/CD environment will be established using the FreeBSD Jail architecture.
Buildbot Master and Worker components will be isolated, network access will be managed with IPFW, and the web interface will be published via Nginx.
Preliminary Preparations
The following requirements must be met before starting the installation:
- A server running FreeBSD 11.2 or above
- Installed Nginx service
- User with root privileges
- Domain name (optional, recommended for SSL)
1. Preparation of Jail Environments for Buildbot Master and Worker
Since Buildbot runs externally sourced code, isolation is critical.
FreeBSD Jail architecture provides this isolation with low resource consumption.
Creating Loopback Interface
sudo sysrc cloned_interfaces+=lo1
sudo service netif cloneup
- These commands enable private network communication between jails.
Master Jail Configuration
buildbot-master {
host.hostname = buildbot-master.localdomain;
ip4.addr = "lo1|10.0.0.2/24";
path = "/usr/jails/buildbot-master";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
persist;
}
- A special IP and file path is assigned to Jail.
Worker Jail Configuration
buildbot-worker0 {
host.hostname = buildbot-worker0.localdomain;
ip4.addr = "lo1|10.0.0.3/24";
path = "/usr/jails/buildbot-worker0";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
persist;
}
2. Internet Access for Jailers (IPFW and NAT)
- NAT is configured so that jails can download packages.
sudo sysrc firewall_nat_interface=vtnet0
IPFW Rules
ipfw nat 123 config if $ext_if
ipfw add 1 allow all from any to any via lo1
ipfw add 2 nat 123 ip4 from any to any in via $ext_if
- These rules bring jail traffic to the internet in a controlled manner.
3. Buildbot Master Installation
sudo jexec buildbot-master csh
pkg install py36-buildbot py36-buildbot-www git-lite
- These commands install the Buildbot Master component.
buildbot-3.6 create-master /var/buildbot-master
- Master configuration is created.
4. Buildbot Worker Installation
sudo jexec buildbot-worker0 csh
pkg install py36-buildbot-worker git-lite py27-twisted
- Worker side is installed and connected to the Master.
buildbot-worker-3.6 create-worker /var/buildbot-worker 10.0.0.2 worker0 PAROLA
5. Publishing a Web Interface with Nginx
location /buildbot/ {
proxy_pass http://10.0.0.2:8010/;
}
location /buildbot/ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://10.0.0.2:8010/ws;
}
- This build securely publishes the Buildbot interface.
Frequently Asked Questions (FAQ)
-
Why is Jail used? It provides isolation and separates CI processes from the main system.
-
Can more than one Worker be added? Yes, horizontal scaling is possible with additional jails.
-
Is SSL required? Recommended in production environment.
Result
With this guide, an isolated, secure and scalable Buildbot CI/CD infrastructure has been established on FreeBSD. Development processes have become automated and centrally manageable.
This structure can be run on FreeBSD-based servers with high performance on the GenixNode infrastructure.