/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1524 - (hide annotations) (download)
Mon Apr 18 09:41:37 2011 UTC (12 years, 11 months ago) by boklm
File size: 11728 byte(s)
add software GPG key
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 boklm 917 $sched_home_dir = "/var/lib/$sched_login"
8 boklm 1223 $packages_archivedir = "$sched_home_dir/old"
9 boklm 861 $sign_login = "signbot"
10     $sign_home_dir = "/var/lib/$sign_login"
11 boklm 969 $sign_keydir = "$sign_home_dir/keys"
12     # FIXME: maybe keyid should be defined at an other place
13     $sign_keyid = "80420F66"
14 blino 545 $repository_root = "/distrib/bootstrap"
15 blino 1398 $mirror_root = "/distrib/mirror"
16 boklm 1388 $maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
17 boklm 1384 # FIXME: Test password. Real password should be in extdata.
18     $maintdb_key = 'm1g234'
19 boklm 817 $packagers_group = 'mga-packagers'
20     $createsrpm_path = '/usr/share/repsys/create-srpm'
21 blino 366
22     include ssh::auth
23 boklm 918 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
24     home => $build_home_dir,
25     }
26     ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
27     home => $sched_home_dir,
28     }
29 boklm 356 }
30 boklm 355
31 boklm 356 class mainnode inherits base {
32 blino 381 include iurtuser
33 blino 353
34 blino 395 sshuser { $sched_login:
35     homedir => $sched_home_dir,
36     comment => "System user used to schedule builds",
37     }
38    
39 blino 399 ssh::auth::client { $sched_login: }
40 blino 573 ssh::auth::server { $sched_login: }
41 blino 399 ssh::auth::server { $build_login: }
42    
43 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
44     $package_list = ['iurt']
45 blino 398 package { $package_list:
46 blino 350 ensure => "installed"
47     }
48 blino 403
49     apache::vhost_other_app { "repository.$domain":
50 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
51 blino 403 }
52    
53 misc 1284 $location = "/var/www/bs"
54 misc 1283 apache::vhost_base { "pkgsubmit.$domain":
55     aliases => { "/uploads" => "$sched_home_dir/uploads" },
56 misc 1284 location => $location,
57 boklm 1300 content => template("buildsystem/vhost_pkgsubmit.conf"),
58 blino 466 }
59    
60 misc 1284 subversion::snapshot { $location:
61     source => "svn://svn.$domain/soft/buildsystem/web/",
62     }
63    
64 blino 430 include scheduler
65 blino 431 include gatherer
66 pterjan 700 include mgarepo
67 blino 517 include youri_submit
68 misc 860 include check_missing_deps
69 boklm 964 include signbot
70 blino 350 }
71    
72 boklm 356 class buildnode inherits base {
73 misc 213 include iurt
74 dmorgan 86 }
75    
76 boklm 964 class signbot {
77     sshuser { $sign_login:
78     homedir => $sign_home_dir,
79     comment => "System user used to sign packages",
80     groups => [$sched_login],
81     }
82    
83     gnupg::keys{"packages":
84     email => "packages@$domain",
85     #FIXME there should be a variable somewhere to change the name of the distribution
86     key_name => 'Mageia Packages',
87     login => $sign_login,
88     batchdir => "$sign_home_dir/batches",
89 boklm 969 keydir => $sign_keydir,
90 boklm 964 }
91 boklm 966
92 boklm 1524 gnupg::keys{"software":
93     email => "software@$domain",
94     #FIXME there should be a variable somewhere to change the name of the distribution
95     key_name => 'Mageia Software',
96     login => $sign_login,
97     batchdir => "$sign_home_dir/batches",
98     keydir => $sign_keydir,
99     }
100    
101 boklm 966 sudo::sudoers_config { "signpackage":
102     content => template("buildsystem/sudoers.signpackage")
103     }
104 boklm 976
105     file { "$sign_home_dir/.rpmmacros":
106     ensure => present,
107     owner => root,
108     group => root,
109     mode => 644,
110     content => template("buildsystem/signbot-rpmmacros")
111     }
112 boklm 1023
113     file { "/usr/local/bin/sign-check-package":
114     ensure => present,
115     owner => root,
116     group => root,
117     mode => 755,
118     content => template("buildsystem/sign-check-package")
119     }
120 boklm 964 }
121    
122 misc 265 class scheduler {
123     # ulri
124 blino 430 include iurtupload
125 misc 265 }
126    
127 blino 431 class gatherer {
128 misc 265 # emi
129 blino 430 include iurtupload
130 misc 265 }
131 blino 430
132     class iurtupload {
133 blino 432 file { "/etc/iurt/upload.conf":
134 blino 430 ensure => present,
135     owner => $build_login,
136     group => $build_login,
137     mode => 644,
138     require => File["/etc/iurt"],
139     content => template("buildsystem/upload.conf")
140     }
141     }
142 misc 265
143 pterjan 700 class mgarepo {
144     package { 'mgarepo':
145 misc 265
146     }
147    
148 blino 505 package { 'rpm-build':
149     }
150    
151 blino 500 file { "repsys.conf":
152     path => "/etc/repsys.conf",
153     owner => root,
154     group => root,
155     mode => 644,
156     content => template("buildsystem/repsys.conf")
157     }
158 blino 502
159 boklm 1223 file { "$packages_archivedir":
160     ensure => "directory",
161     owner => $sched_login,
162     require => File[$sched_home_dir],
163     }
164    
165 blino 502 file { "$sched_home_dir/repsys":
166     ensure => "directory",
167 blino 508 owner => $sched_login,
168 blino 502 require => File[$sched_home_dir],
169     }
170    
171 misc 1484 file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
172 blino 502 ensure => "directory",
173 blino 508 owner => $sched_login,
174 boklm 512 group => "mga-packagers",
175 boklm 510 mode => 1775,
176 blino 502 require => File["$sched_home_dir/repsys"],
177     }
178    
179 boklm 915 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
180     #file { "$sched_home_dir/uploads":
181     # ensure => "directory",
182     # owner => $sched_login,
183     # require => File[$sched_home_dir],
184     #}
185 misc 886
186     # too tedious to create everything by hand
187     # so I prefered to used some puppet ruby module
188     # the exact content and directory name should IMHO be consolidated somewhere
189     import "create_upload_dir.rb"
190 boklm 915 create_upload_dir { "$sched_home_dir/uploads":
191     owner => $sched_login,
192 boklm 968 group => $sched_login,
193 boklm 915 }
194 pterjan 1511
195 pterjan 1515 tidy { "$sched_home_dir/uploads":
196 pterjan 1511 age => "2w",
197     recurse => true,
198     type => "ctime",
199     }
200 pterjan 1224
201     tidy { "$packages_archivedir":
202 pterjan 1225 age => "1w",
203 pterjan 1224 matches => "*.rpm",
204     recurse => true,
205 pterjan 1226 type => "ctime",
206 pterjan 1224 }
207 misc 265 }
208    
209 blino 516 class youri_submit {
210 boklm 522 include sudo
211    
212 blino 1469 file { "/usr/local/bin/mga-youri-submit":
213 blino 516 owner => root,
214     group => root,
215     mode => 755,
216 blino 1469 content => template("buildsystem/mga-youri-submit")
217 blino 516 }
218    
219 blino 1469 file { "/usr/local/bin/mga-youri-submit.wrapper":
220 blino 516 owner => root,
221     group => root,
222     mode => 755,
223 blino 1469 content => template("buildsystem/mga-youri-submit.wrapper")
224 blino 516 }
225    
226 blino 1469 sudo::sudoers_config { "mga-youri-submit":
227 blino 516 content => template("buildsystem/sudoers.youri")
228     }
229 blino 543
230     file { "/etc/youri":
231     ensure => "directory",
232     }
233    
234     file { "/etc/youri/submit-todo.conf":
235     ensure => present,
236     mode => 644,
237     require => File["/etc/youri"],
238     content => template("buildsystem/submit-todo.conf")
239     }
240 pterjan 682
241 pterjan 685 file { "/etc/youri/submit-upload.conf":
242 pterjan 682 ensure => present,
243     mode => 644,
244     require => File["/etc/youri"],
245 pterjan 685 content => template("buildsystem/submit-upload.conf")
246 pterjan 682 }
247 boklm 772
248     file { "/etc/youri/acl.conf":
249     ensure => present,
250     mode => 644,
251     require => File["/etc/youri"],
252     content => template("buildsystem/youri_acl.conf")
253     }
254 boklm 817
255     file { '/usr/local/bin/submit_package':
256     ensure => present,
257     mode => 755,
258     content => template('buildsystem/submit_package')
259     }
260 pterjan 1390
261     # FIXME use the correct perl directory
262     file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
263     ensure => "directory",
264     }
265    
266     file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
267     ensure => present,
268     mode => 644,
269     require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
270     source => "puppet:///modules/buildsystem/Mageia.pm",
271     }
272    
273     $package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
274     'perl-Youri-Package', 'perl-Youri-Repository',
275 blino 1470 'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']
276 pterjan 1390
277     package { $package_list:
278     ensure => installed;
279     }
280 blino 516 }
281    
282 boklm 862 # $groups: array of secondary groups (only local groups, no ldap)
283     define sshuser($homedir, $comment, $groups = []) {
284 blino 394 group {"$title":
285 blino 351 ensure => present,
286     }
287    
288 blino 394 user {"$title":
289 blino 351 ensure => present,
290 blino 393 comment => $comment,
291 blino 351 managehome => true,
292 boklm 916 home => $homedir,
293 blino 394 gid => $title,
294 boklm 862 groups => $groups,
295 blino 351 shell => "/bin/bash",
296 blino 394 notify => Exec["unlock$title"],
297 blino 424 require => Group[$title],
298 blino 351 }
299 blino 372
300 blino 386 # set password to * to unlock the account but forbid login through login
301 blino 394 exec { "unlock$title":
302     command => "usermod -p '*' $title",
303 blino 386 refreshonly => true,
304     }
305    
306 blino 393 file { $homedir:
307 blino 383 ensure => "directory",
308 blino 423 require => User[$title],
309 blino 383 }
310    
311 blino 393 file { "$homedir/.ssh":
312 blino 372 ensure => "directory",
313     mode => 600,
314 blino 394 owner => $title,
315     group => $title,
316 blino 423 require => File[$homedir],
317 blino 372 }
318 blino 351 }
319    
320 blino 393 class iurtuser {
321 blino 394 sshuser { $build_login:
322     homedir => $build_home_dir,
323     comment => "System user used to run build bots",
324     }
325 blino 429
326     file { "/etc/iurt":
327     ensure => "directory",
328     }
329 blino 393 }
330    
331 misc 213 class iurt {
332 boklm 216 include sudo
333 blino 381 include iurtuser
334 blino 366 ssh::auth::client { $build_login: }
335 blino 396 ssh::auth::server { $sched_login: user => $build_login }
336 misc 213
337     # build node common settings
338     # we could have the following skip list to use less space:
339     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
340     $package_list = ['task-bs-cluster-chroot', 'iurt']
341     package { $package_list:
342     ensure => installed;
343     }
344    
345 blino 426 file { "/etc/iurt/build":
346     ensure => "directory",
347 blino 428 require => File["/etc/iurt"],
348 blino 426 }
349    
350 blino 425 file { "/etc/iurt/build/cauldron.conf":
351 misc 213 ensure => present,
352     owner => $build_login,
353     group => $build_login,
354     mode => 644,
355 blino 426 require => File["/etc/iurt/build"],
356 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
357 misc 213 }
358    
359 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
360     ensure => present,
361     owner => $build_login,
362     group => $build_login,
363     mode => 644,
364     require => File["/etc/iurt/build"],
365     content => template("buildsystem/iurt.mandriva2010.1.conf")
366     }
367    
368 boklm 770 sudo::sudoers_config { "iurt":
369 boklm 218 content => template("buildsystem/sudoers.iurt")
370 boklm 216 }
371 dmorgan 86 }
372 boklm 696
373     # temporary script to create home dir with ssh key
374     # taking login and url as arguments
375     class mgacreatehome {
376     file { "/usr/local/sbin/mgacreatehome":
377     ensure => present,
378     owner => root,
379     group => root,
380     mode => 700,
381     content => template("buildsystem/mgacreatehome")
382     }
383     }
384 misc 859
385     class check_missing_deps {
386     file { "/usr/local/bin/missing-deps.sh":
387     ensure => present,
388     owner => root,
389     group => root,
390 boklm 869 mode => 755,
391 boklm 868 source => "puppet:///modules/buildsystem/missing-deps.sh",
392 misc 859 }
393    
394     # FIXME hardcoded path
395     cron { "check missing deps":
396     command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
397     minute => "*/15",
398     }
399     }
400 boklm 1489
401 boklm 1491 class iurt20101 inherits base {
402 boklm 1489 file { "/usr/local/bin/iurt2010.1":
403     ensure => present,
404     owner => root,
405     group => root,
406     mode => 755,
407 boklm 1492 content => template("buildsystem/iurt2010.1"),
408 boklm 1489 }
409     }
410 dmorgan 86 }

  ViewVC Help
Powered by ViewVC 1.1.30