buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/var/lib/$sched_login"
        $packages_archivedir = "$sched_home_dir/old"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $sign_keydir = "$sign_home_dir/keys"
        # FIXME: maybe keyid should be defined at an other place
        $sign_keyid = "80420F66"
        $repository_root = "/distrib/bootstrap"
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
                home => $build_home_dir,
        }
        ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
                home => $sched_home_dir,
        }
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
        include signbot
    }

    class buildnode inherits base {
        include iurt
    }

    class signbot {
        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
          groups => [$sched_login],
        }

        gnupg::keys{"packages":
          email => "packages@$domain",
          #FIXME there should be a variable somewhere to change the name of the distribution
          key_name => 'Mageia Packages',
          login => $sign_login,
          batchdir => "$sign_home_dir/batches",
          keydir => $sign_keydir,
        }

        sudo::sudoers_config { "signpackage":
            content => template("buildsystem/sudoers.signpackage")
        }

        file { "$sign_home_dir/.rpmmacros":
            ensure => present,
            owner => root,
            group => root,
            mode => 644,
            content => template("buildsystem/signbot-rpmmacros")
        }

        file { "/usr/local/bin/sign-check-package":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template("buildsystem/sign-check-package")
        }
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$packages_archivedir":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
        #file { "$sched_home_dir/uploads":
        #    ensure => "directory",
        #    owner  => $sched_login,
        #    require => File[$sched_home_dir],
        #}

        # too tedious to create everything by hand
        # so I prefered to used some puppet ruby module
        # the exact content and directory name should IMHO be consolidated somewhere
        import "create_upload_dir.rb"
        create_upload_dir { "$sched_home_dir/uploads":
            owner => $sched_login, 
            group => $sched_login,
        } 

        tidy { "$packages_archivedir":
            age     => "2d",
            matches => "*.rpm",
            recurse => true,
            type    => "mtime",
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mdv-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }
    }

    # $groups: array of secondary groups (only local groups, no ldap)
    define sshuser($homedir, $comment, $groups = []) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            home => $homedir,
            gid => $title,
            groups => $groups,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            source => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }
}
1	misc	213	class buildsystem {
2	dmorgan	86
3	boklm	356	class base {
4			$build_login = "iurt"
5	blino	387	$build_home_dir = "/home/$build_login"
6	blino	397	$sched_login = "schedbot"
7	boklm	917	$sched_home_dir = "/var/lib/$sched_login"
8	boklm	1223	$packages_archivedir = "$sched_home_dir/old"
9	boklm	861	$sign_login = "signbot"
10			$sign_home_dir = "/var/lib/$sign_login"
11	boklm	969	$sign_keydir = "$sign_home_dir/keys"
12			# FIXME: maybe keyid should be defined at an other place
13			$sign_keyid = "80420F66"
14	blino	545	$repository_root = "/distrib/bootstrap"
15	boklm	817	$packagers_group = 'mga-packagers'
16			$createsrpm_path = '/usr/share/repsys/create-srpm'
17	blino	366
18			include ssh::auth
19	boklm	918	ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
20			home => $build_home_dir,
21			}
22			ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
23			home => $sched_home_dir,
24			}
25	boklm	356	}
26	boklm	355
27	boklm	356	class mainnode inherits base {
28	blino	381	include iurtuser
29	blino	353
30	blino	395	sshuser { $sched_login:
31			homedir => $sched_home_dir,
32			comment => "System user used to schedule builds",
33			}
34
35	blino	399	ssh::auth::client { $sched_login: }
36	blino	573	ssh::auth::server { $sched_login: }
37	blino	399	ssh::auth::server { $build_login: }
38
39	pterjan	703	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
40			$package_list = ['iurt']
41	blino	398	package { $package_list:
42	blino	350	ensure => "installed"
43			}
44	blino	403
45			apache::vhost_other_app { "repository.$domain":
46	blino	404	vhost_file => "buildsystem/vhost_repository.conf",
47	blino	403	}
48
49	blino	466	apache::vhost_other_app { "pkgsubmit.$domain":
50			vhost_file => "buildsystem/vhost_pkgsubmit.conf",
51			}
52
53	blino	430	include scheduler
54	blino	431	include gatherer
55	pterjan	700	include mgarepo
56	blino	517	include youri_submit
57	misc	860	include check_missing_deps
58	boklm	964	include signbot
59	blino	350	}
60
61	boklm	356	class buildnode inherits base {
62	misc	213	include iurt
63	dmorgan	86	}
64
65	boklm	964	class signbot {
66			sshuser { $sign_login:
67			homedir => $sign_home_dir,
68			comment => "System user used to sign packages",
69			groups => [$sched_login],
70			}
71
72			gnupg::keys{"packages":
73			email => "packages@$domain",
74			#FIXME there should be a variable somewhere to change the name of the distribution
75			key_name => 'Mageia Packages',
76			login => $sign_login,
77			batchdir => "$sign_home_dir/batches",
78	boklm	969	keydir => $sign_keydir,
79	boklm	964	}
80	boklm	966
81			sudo::sudoers_config { "signpackage":
82			content => template("buildsystem/sudoers.signpackage")
83			}
84	boklm	976
85			file { "$sign_home_dir/.rpmmacros":
86			ensure => present,
87			owner => root,
88			group => root,
89			mode => 644,
90			content => template("buildsystem/signbot-rpmmacros")
91			}
92	boklm	1023
93			file { "/usr/local/bin/sign-check-package":
94			ensure => present,
95			owner => root,
96			group => root,
97			mode => 755,
98			content => template("buildsystem/sign-check-package")
99			}
100	boklm	964	}
101
102	misc	265	class scheduler {
103			# ulri
104	blino	430	include iurtupload
105	misc	265	}
106
107	blino	431	class gatherer {
108	misc	265	# emi
109	blino	430	include iurtupload
110	misc	265	}
111	blino	430
112			class iurtupload {
113	blino	432	file { "/etc/iurt/upload.conf":
114	blino	430	ensure => present,
115			owner => $build_login,
116			group => $build_login,
117			mode => 644,
118			require => File["/etc/iurt"],
119			content => template("buildsystem/upload.conf")
120			}
121			}
122	misc	265
123	pterjan	700	class mgarepo {
124			package { 'mgarepo':
125	misc	265
126			}
127
128	blino	505	package { 'rpm-build':
129			}
130
131	blino	500	file { "repsys.conf":
132			path => "/etc/repsys.conf",
133			owner => root,
134			group => root,
135			mode => 644,
136			content => template("buildsystem/repsys.conf")
137			}
138	blino	502
139	boklm	1223	file { "$packages_archivedir":
140			ensure => "directory",
141			owner => $sched_login,
142			require => File[$sched_home_dir],
143			}
144
145	blino	502	file { "$sched_home_dir/repsys":
146			ensure => "directory",
147	blino	508	owner => $sched_login,
148	blino	502	require => File[$sched_home_dir],
149			}
150
151			file { "$sched_home_dir/repsys/tmp":
152			ensure => "directory",
153	blino	508	owner => $sched_login,
154	boklm	512	group => "mga-packagers",
155	boklm	510	mode => 1775,
156	blino	502	require => File["$sched_home_dir/repsys"],
157			}
158
159			file { "$sched_home_dir/repsys/srpms":
160			ensure => "directory",
161	blino	508	owner => $sched_login,
162	boklm	512	group => "mga-packagers",
163	boklm	510	mode => 1775,
164	blino	502	require => File["$sched_home_dir/repsys"],
165			}
166	blino	885
167	boklm	915	# FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
168			#file { "$sched_home_dir/uploads":
169			# ensure => "directory",
170			# owner => $sched_login,
171			# require => File[$sched_home_dir],
172			#}
173	misc	886
174			# too tedious to create everything by hand
175			# so I prefered to used some puppet ruby module
176			# the exact content and directory name should IMHO be consolidated somewhere
177			import "create_upload_dir.rb"
178	boklm	915	create_upload_dir { "$sched_home_dir/uploads":
179			owner => $sched_login,
180	boklm	968	group => $sched_login,
181	boklm	915	}
182	pterjan	1224
183			tidy { "$packages_archivedir":
184			age => "2d",
185			matches => "*.rpm",
186			recurse => true,
187			type => "mtime",
188			}
189	misc	265	}
190
191	blino	516	class youri_submit {
192	boklm	522	include sudo
193
194	blino	516	file { "/usr/local/bin/mdv-youri-submit":
195			owner => root,
196			group => root,
197			mode => 755,
198			content => template("buildsystem/mdv-youri-submit")
199			}
200
201			file { "/usr/local/bin/mdv-youri-submit.wrapper":
202			owner => root,
203			group => root,
204			mode => 755,
205			content => template("buildsystem/mdv-youri-submit.wrapper")
206			}
207
208	boklm	770	sudo::sudoers_config { "mdv-youri-submit":
209	blino	516	content => template("buildsystem/sudoers.youri")
210			}
211	blino	543
212			file { "/etc/youri":
213			ensure => "directory",
214			}
215
216			file { "/etc/youri/submit-todo.conf":
217			ensure => present,
218			mode => 644,
219			require => File["/etc/youri"],
220			content => template("buildsystem/submit-todo.conf")
221			}
222	pterjan	682
223	pterjan	685	file { "/etc/youri/submit-upload.conf":
224	pterjan	682	ensure => present,
225			mode => 644,
226			require => File["/etc/youri"],
227	pterjan	685	content => template("buildsystem/submit-upload.conf")
228	pterjan	682	}
229	boklm	772
230			file { "/etc/youri/acl.conf":
231			ensure => present,
232			mode => 644,
233			require => File["/etc/youri"],
234			content => template("buildsystem/youri_acl.conf")
235			}
236	boklm	817
237			file { '/usr/local/bin/submit_package':
238			ensure => present,
239			mode => 755,
240			content => template('buildsystem/submit_package')
241			}
242	blino	516	}
243
244	boklm	862	# $groups: array of secondary groups (only local groups, no ldap)
245			define sshuser($homedir, $comment, $groups = []) {
246	blino	394	group {"$title":
247	blino	351	ensure => present,
248			}
249
250	blino	394	user {"$title":
251	blino	351	ensure => present,
252	blino	393	comment => $comment,
253	blino	351	managehome => true,
254	boklm	916	home => $homedir,
255	blino	394	gid => $title,
256	boklm	862	groups => $groups,
257	blino	351	shell => "/bin/bash",
258	blino	394	notify => Exec["unlock$title"],
259	blino	424	require => Group[$title],
260	blino	351	}
261	blino	372
262	blino	386	# set password to * to unlock the account but forbid login through login
263	blino	394	exec { "unlock$title":
264			command => "usermod -p '*' $title",
265	blino	386	refreshonly => true,
266			}
267
268	blino	393	file { $homedir:
269	blino	383	ensure => "directory",
270	blino	423	require => User[$title],
271	blino	383	}
272
273	blino	393	file { "$homedir/.ssh":
274	blino	372	ensure => "directory",
275			mode => 600,
276	blino	394	owner => $title,
277			group => $title,
278	blino	423	require => File[$homedir],
279	blino	372	}
280	blino	351	}
281
282	blino	393	class iurtuser {
283	blino	394	sshuser { $build_login:
284			homedir => $build_home_dir,
285			comment => "System user used to run build bots",
286			}
287	blino	429
288			file { "/etc/iurt":
289			ensure => "directory",
290			}
291	blino	393	}
292
293	misc	213	class iurt {
294	boklm	216	include sudo
295	blino	381	include iurtuser
296	blino	366	ssh::auth::client { $build_login: }
297	blino	396	ssh::auth::server { $sched_login: user => $build_login }
298	misc	213
299			# build node common settings
300			# we could have the following skip list to use less space:
301			# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
302			$package_list = ['task-bs-cluster-chroot', 'iurt']
303			package { $package_list:
304			ensure => installed;
305			}
306
307	blino	426	file { "/etc/iurt/build":
308			ensure => "directory",
309	blino	428	require => File["/etc/iurt"],
310	blino	426	}
311
312	blino	425	file { "/etc/iurt/build/cauldron.conf":
313	misc	213	ensure => present,
314			owner => $build_login,
315			group => $build_login,
316			mode => 644,
317	blino	426	require => File["/etc/iurt/build"],
318	boklm	218	content => template("buildsystem/iurt.cauldron.conf")
319	misc	213	}
320
321	boklm	648	file { "/etc/iurt/build/mandriva2010.1.conf":
322			ensure => present,
323			owner => $build_login,
324			group => $build_login,
325			mode => 644,
326			require => File["/etc/iurt/build"],
327			content => template("buildsystem/iurt.mandriva2010.1.conf")
328			}
329
330	boklm	770	sudo::sudoers_config { "iurt":
331	boklm	218	content => template("buildsystem/sudoers.iurt")
332	boklm	216	}
333	dmorgan	86	}
334	boklm	696
335			# temporary script to create home dir with ssh key
336			# taking login and url as arguments
337			class mgacreatehome {
338			file { "/usr/local/sbin/mgacreatehome":
339			ensure => present,
340			owner => root,
341			group => root,
342			mode => 700,
343			content => template("buildsystem/mgacreatehome")
344			}
345			}
346	misc	859
347			class check_missing_deps {
348			file { "/usr/local/bin/missing-deps.sh":
349			ensure => present,
350			owner => root,
351			group => root,
352	boklm	869	mode => 755,
353	boklm	868	source => "puppet:///modules/buildsystem/missing-deps.sh",
354	misc	859	}
355
356			# FIXME hardcoded path
357			cron { "check missing deps":
358			command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
359			minute => "*/15",
360			}
361			}
362	dmorgan	86	}