/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1283 - (hide annotations) (download)
Tue Mar 8 12:29:49 2011 UTC (13 years, 1 month ago) by misc
File size: 10118 byte(s) 
reuse standard apache vhost type ( one less specific configuration file )
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 boklm 917 $sched_home_dir = "/var/lib/$sched_login"
8 boklm 1223 $packages_archivedir = "$sched_home_dir/old"
9 boklm 861 $sign_login = "signbot"
10     $sign_home_dir = "/var/lib/$sign_login"
11 boklm 969 $sign_keydir = "$sign_home_dir/keys"
12     # FIXME: maybe keyid should be defined at an other place
13     $sign_keyid = "80420F66"
14 blino 545 $repository_root = "/distrib/bootstrap"
15 boklm 817 $packagers_group = 'mga-packagers'
16     $createsrpm_path = '/usr/share/repsys/create-srpm'
17 blino 366
18     include ssh::auth
19 boklm 918 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
20     home => $build_home_dir,
21     }
22     ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
23     home => $sched_home_dir,
24     }
25 boklm 356 }
26 boklm 355
27 boklm 356 class mainnode inherits base {
28 blino 381 include iurtuser
29 blino 353
30 blino 395 sshuser { $sched_login:
31     homedir => $sched_home_dir,
32     comment => "System user used to schedule builds",
33     }
34    
35 blino 399 ssh::auth::client { $sched_login: }
36 blino 573 ssh::auth::server { $sched_login: }
37 blino 399 ssh::auth::server { $build_login: }
38    
39 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
40     $package_list = ['iurt']
41 blino 398 package { $package_list:
42 blino 350 ensure => "installed"
43     }
44 blino 403
45     apache::vhost_other_app { "repository.$domain":
46 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
47 blino 403 }
48    
49 misc 1283 apache::vhost_base { "pkgsubmit.$domain":
50     aliases => { "/uploads" => "$sched_home_dir/uploads" },
51     location => "/var/www/bs/",
52 blino 466 }
53    
54 blino 430 include scheduler
55 blino 431 include gatherer
56 pterjan 700 include mgarepo
57 blino 517 include youri_submit
58 misc 860 include check_missing_deps
59 boklm 964 include signbot
60 blino 350 }
61    
62 boklm 356 class buildnode inherits base {
63 misc 213 include iurt
64 dmorgan 86 }
65    
66 boklm 964 class signbot {
67     sshuser { $sign_login:
68     homedir => $sign_home_dir,
69     comment => "System user used to sign packages",
70     groups => [$sched_login],
71     }
72    
73     gnupg::keys{"packages":
74     email => "packages@$domain",
75     #FIXME there should be a variable somewhere to change the name of the distribution
76     key_name => 'Mageia Packages',
77     login => $sign_login,
78     batchdir => "$sign_home_dir/batches",
79 boklm 969 keydir => $sign_keydir,
80 boklm 964 }
81 boklm 966
82     sudo::sudoers_config { "signpackage":
83     content => template("buildsystem/sudoers.signpackage")
84     }
85 boklm 976
86     file { "$sign_home_dir/.rpmmacros":
87     ensure => present,
88     owner => root,
89     group => root,
90     mode => 644,
91     content => template("buildsystem/signbot-rpmmacros")
92     }
93 boklm 1023
94     file { "/usr/local/bin/sign-check-package":
95     ensure => present,
96     owner => root,
97     group => root,
98     mode => 755,
99     content => template("buildsystem/sign-check-package")
100     }
101 boklm 964 }
102    
103 misc 265 class scheduler {
104     # ulri
105 blino 430 include iurtupload
106 misc 265 }
107    
108 blino 431 class gatherer {
109 misc 265 # emi
110 blino 430 include iurtupload
111 misc 265 }
112 blino 430
113     class iurtupload {
114 blino 432 file { "/etc/iurt/upload.conf":
115 blino 430 ensure => present,
116     owner => $build_login,
117     group => $build_login,
118     mode => 644,
119     require => File["/etc/iurt"],
120     content => template("buildsystem/upload.conf")
121     }
122     }
123 misc 265
124 pterjan 700 class mgarepo {
125     package { 'mgarepo':
126 misc 265
127     }
128    
129 blino 505 package { 'rpm-build':
130     }
131    
132 blino 500 file { "repsys.conf":
133     path => "/etc/repsys.conf",
134     owner => root,
135     group => root,
136     mode => 644,
137     content => template("buildsystem/repsys.conf")
138     }
139 blino 502
140 boklm 1223 file { "$packages_archivedir":
141     ensure => "directory",
142     owner => $sched_login,
143     require => File[$sched_home_dir],
144     }
145    
146 blino 502 file { "$sched_home_dir/repsys":
147     ensure => "directory",
148 blino 508 owner => $sched_login,
149 blino 502 require => File[$sched_home_dir],
150     }
151    
152     file { "$sched_home_dir/repsys/tmp":
153     ensure => "directory",
154 blino 508 owner => $sched_login,
155 boklm 512 group => "mga-packagers",
156 boklm 510 mode => 1775,
157 blino 502 require => File["$sched_home_dir/repsys"],
158     }
159    
160     file { "$sched_home_dir/repsys/srpms":
161     ensure => "directory",
162 blino 508 owner => $sched_login,
163 boklm 512 group => "mga-packagers",
164 boklm 510 mode => 1775,
165 blino 502 require => File["$sched_home_dir/repsys"],
166     }
167 blino 885
168 boklm 915 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
169     #file { "$sched_home_dir/uploads":
170     # ensure => "directory",
171     # owner => $sched_login,
172     # require => File[$sched_home_dir],
173     #}
174 misc 886
175     # too tedious to create everything by hand
176     # so I prefered to used some puppet ruby module
177     # the exact content and directory name should IMHO be consolidated somewhere
178     import "create_upload_dir.rb"
179 boklm 915 create_upload_dir { "$sched_home_dir/uploads":
180     owner => $sched_login,
181 boklm 968 group => $sched_login,
182 boklm 915 }
183 pterjan 1224
184     tidy { "$packages_archivedir":
185 pterjan 1225 age => "1w",
186 pterjan 1224 matches => "*.rpm",
187     recurse => true,
188 pterjan 1226 type => "ctime",
189 pterjan 1224 }
190 misc 265 }
191    
192 blino 516 class youri_submit {
193 boklm 522 include sudo
194    
195 blino 516 file { "/usr/local/bin/mdv-youri-submit":
196     owner => root,
197     group => root,
198     mode => 755,
199     content => template("buildsystem/mdv-youri-submit")
200     }
201    
202     file { "/usr/local/bin/mdv-youri-submit.wrapper":
203     owner => root,
204     group => root,
205     mode => 755,
206     content => template("buildsystem/mdv-youri-submit.wrapper")
207     }
208    
209 boklm 770 sudo::sudoers_config { "mdv-youri-submit":
210 blino 516 content => template("buildsystem/sudoers.youri")
211     }
212 blino 543
213     file { "/etc/youri":
214     ensure => "directory",
215     }
216    
217     file { "/etc/youri/submit-todo.conf":
218     ensure => present,
219     mode => 644,
220     require => File["/etc/youri"],
221     content => template("buildsystem/submit-todo.conf")
222     }
223 pterjan 682
224 pterjan 685 file { "/etc/youri/submit-upload.conf":
225 pterjan 682 ensure => present,
226     mode => 644,
227     require => File["/etc/youri"],
228 pterjan 685 content => template("buildsystem/submit-upload.conf")
229 pterjan 682 }
230 boklm 772
231     file { "/etc/youri/acl.conf":
232     ensure => present,
233     mode => 644,
234     require => File["/etc/youri"],
235     content => template("buildsystem/youri_acl.conf")
236     }
237 boklm 817
238     file { '/usr/local/bin/submit_package':
239     ensure => present,
240     mode => 755,
241     content => template('buildsystem/submit_package')
242     }
243 blino 516 }
244    
245 boklm 862 # $groups: array of secondary groups (only local groups, no ldap)
246     define sshuser($homedir, $comment, $groups = []) {
247 blino 394 group {"$title":
248 blino 351 ensure => present,
249     }
250    
251 blino 394 user {"$title":
252 blino 351 ensure => present,
253 blino 393 comment => $comment,
254 blino 351 managehome => true,
255 boklm 916 home => $homedir,
256 blino 394 gid => $title,
257 boklm 862 groups => $groups,
258 blino 351 shell => "/bin/bash",
259 blino 394 notify => Exec["unlock$title"],
260 blino 424 require => Group[$title],
261 blino 351 }
262 blino 372
263 blino 386 # set password to * to unlock the account but forbid login through login
264 blino 394 exec { "unlock$title":
265     command => "usermod -p '*' $title",
266 blino 386 refreshonly => true,
267     }
268    
269 blino 393 file { $homedir:
270 blino 383 ensure => "directory",
271 blino 423 require => User[$title],
272 blino 383 }
273    
274 blino 393 file { "$homedir/.ssh":
275 blino 372 ensure => "directory",
276     mode => 600,
277 blino 394 owner => $title,
278     group => $title,
279 blino 423 require => File[$homedir],
280 blino 372 }
281 blino 351 }
282    
283 blino 393 class iurtuser {
284 blino 394 sshuser { $build_login:
285     homedir => $build_home_dir,
286     comment => "System user used to run build bots",
287     }
288 blino 429
289     file { "/etc/iurt":
290     ensure => "directory",
291     }
292 blino 393 }
293    
294 misc 213 class iurt {
295 boklm 216 include sudo
296 blino 381 include iurtuser
297 blino 366 ssh::auth::client { $build_login: }
298 blino 396 ssh::auth::server { $sched_login: user => $build_login }
299 misc 213
300     # build node common settings
301     # we could have the following skip list to use less space:
302     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
303     $package_list = ['task-bs-cluster-chroot', 'iurt']
304     package { $package_list:
305     ensure => installed;
306     }
307    
308 blino 426 file { "/etc/iurt/build":
309     ensure => "directory",
310 blino 428 require => File["/etc/iurt"],
311 blino 426 }
312    
313 blino 425 file { "/etc/iurt/build/cauldron.conf":
314 misc 213 ensure => present,
315     owner => $build_login,
316     group => $build_login,
317     mode => 644,
318 blino 426 require => File["/etc/iurt/build"],
319 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
320 misc 213 }
321    
322 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
323     ensure => present,
324     owner => $build_login,
325     group => $build_login,
326     mode => 644,
327     require => File["/etc/iurt/build"],
328     content => template("buildsystem/iurt.mandriva2010.1.conf")
329     }
330    
331 boklm 770 sudo::sudoers_config { "iurt":
332 boklm 218 content => template("buildsystem/sudoers.iurt")
333 boklm 216 }
334 dmorgan 86 }
335 boklm 696
336     # temporary script to create home dir with ssh key
337     # taking login and url as arguments
338     class mgacreatehome {
339     file { "/usr/local/sbin/mgacreatehome":
340     ensure => present,
341     owner => root,
342     group => root,
343     mode => 700,
344     content => template("buildsystem/mgacreatehome")
345     }
346     }
347 misc 859
348     class check_missing_deps {
349     file { "/usr/local/bin/missing-deps.sh":
350     ensure => present,
351     owner => root,
352     group => root,
353 boklm 869 mode => 755,
354 boklm 868 source => "puppet:///modules/buildsystem/missing-deps.sh",
355 misc 859 }
356    
357     # FIXME hardcoded path
358     cron { "check missing deps":
359     command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
360     minute => "*/15",
361     }
362     }
363 dmorgan 86 }
  ViewVC Help
Powered by ViewVC 1.1.30