/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 772 - (hide annotations) (download)
Wed Jan 12 22:58:33 2011 UTC (13 years, 2 months ago) by boklm
File size: 6977 byte(s)
add youri acl config to be able to blacklist some packages
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 blino 393 $sched_home_dir = "/home/$sched_login"
8 blino 545 $repository_root = "/distrib/bootstrap"
9 blino 366
10     include ssh::auth
11     ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
12 blino 395 ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
13 boklm 356 }
14 boklm 355
15 boklm 356 class mainnode inherits base {
16 blino 381 include iurtuser
17 blino 353
18 blino 395 sshuser { $sched_login:
19     homedir => $sched_home_dir,
20     comment => "System user used to schedule builds",
21     }
22    
23 blino 399 ssh::auth::client { $sched_login: }
24 blino 573 ssh::auth::server { $sched_login: }
25 blino 399 ssh::auth::server { $build_login: }
26    
27 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
28     $package_list = ['iurt']
29 blino 398 package { $package_list:
30 blino 350 ensure => "installed"
31     }
32 blino 403
33     apache::vhost_other_app { "repository.$domain":
34 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
35 blino 403 }
36    
37 blino 466 apache::vhost_other_app { "pkgsubmit.$domain":
38     vhost_file => "buildsystem/vhost_pkgsubmit.conf",
39     }
40    
41 blino 430 include scheduler
42 blino 431 include gatherer
43 pterjan 700 include mgarepo
44 blino 517 include youri_submit
45 blino 350 }
46    
47 boklm 356 class buildnode inherits base {
48 misc 213 include iurt
49 dmorgan 86 }
50    
51 misc 265 class scheduler {
52     # ulri
53 blino 430 include iurtupload
54 misc 265 }
55    
56 blino 431 class gatherer {
57 misc 265 # emi
58 blino 430 include iurtupload
59 misc 265 }
60 blino 430
61     class iurtupload {
62 blino 432 file { "/etc/iurt/upload.conf":
63 blino 430 ensure => present,
64     owner => $build_login,
65     group => $build_login,
66     mode => 644,
67     require => File["/etc/iurt"],
68     content => template("buildsystem/upload.conf")
69     }
70     }
71 misc 265
72 pterjan 700 class mgarepo {
73     package { 'mgarepo':
74 misc 265
75     }
76    
77 blino 505 package { 'rpm-build':
78     }
79    
80 blino 500 file { "repsys.conf":
81     path => "/etc/repsys.conf",
82     owner => root,
83     group => root,
84     mode => 644,
85     content => template("buildsystem/repsys.conf")
86     }
87 blino 502
88     file { "$sched_home_dir/repsys":
89     ensure => "directory",
90 blino 508 owner => $sched_login,
91 blino 502 require => File[$sched_home_dir],
92     }
93    
94     file { "$sched_home_dir/repsys/tmp":
95     ensure => "directory",
96 blino 508 owner => $sched_login,
97 boklm 512 group => "mga-packagers",
98 boklm 510 mode => 1775,
99 blino 502 require => File["$sched_home_dir/repsys"],
100     }
101    
102     file { "$sched_home_dir/repsys/srpms":
103     ensure => "directory",
104 blino 508 owner => $sched_login,
105 boklm 512 group => "mga-packagers",
106 boklm 510 mode => 1775,
107 blino 502 require => File["$sched_home_dir/repsys"],
108     }
109 misc 265 }
110    
111 blino 516 class youri_submit {
112 boklm 522 include sudo
113    
114 blino 516 file { "/usr/local/bin/mdv-youri-submit":
115     owner => root,
116     group => root,
117     mode => 755,
118     content => template("buildsystem/mdv-youri-submit")
119     }
120    
121     file { "/usr/local/bin/mdv-youri-submit.wrapper":
122     owner => root,
123     group => root,
124     mode => 755,
125     content => template("buildsystem/mdv-youri-submit.wrapper")
126     }
127    
128 boklm 770 sudo::sudoers_config { "mdv-youri-submit":
129 blino 516 content => template("buildsystem/sudoers.youri")
130     }
131 blino 543
132     file { "/etc/youri":
133     ensure => "directory",
134     }
135    
136     file { "/etc/youri/submit-todo.conf":
137     ensure => present,
138     mode => 644,
139     require => File["/etc/youri"],
140     content => template("buildsystem/submit-todo.conf")
141     }
142 pterjan 682
143 pterjan 685 file { "/etc/youri/submit-upload.conf":
144 pterjan 682 ensure => present,
145     mode => 644,
146     require => File["/etc/youri"],
147 pterjan 685 content => template("buildsystem/submit-upload.conf")
148 pterjan 682 }
149 boklm 772
150     file { "/etc/youri/acl.conf":
151     ensure => present,
152     mode => 644,
153     require => File["/etc/youri"],
154     content => template("buildsystem/youri_acl.conf")
155     }
156 blino 516 }
157    
158 blino 394 define sshuser($homedir, $comment) {
159     group {"$title":
160 blino 351 ensure => present,
161     }
162    
163 blino 394 user {"$title":
164 blino 351 ensure => present,
165 blino 393 comment => $comment,
166 blino 351 managehome => true,
167 blino 394 gid => $title,
168 blino 351 shell => "/bin/bash",
169 blino 394 notify => Exec["unlock$title"],
170 blino 424 require => Group[$title],
171 blino 351 }
172 blino 372
173 blino 386 # set password to * to unlock the account but forbid login through login
174 blino 394 exec { "unlock$title":
175     command => "usermod -p '*' $title",
176 blino 386 refreshonly => true,
177     }
178    
179 blino 393 file { $homedir:
180 blino 383 ensure => "directory",
181 blino 423 require => User[$title],
182 blino 383 }
183    
184 blino 393 file { "$homedir/.ssh":
185 blino 372 ensure => "directory",
186     mode => 600,
187 blino 394 owner => $title,
188     group => $title,
189 blino 423 require => File[$homedir],
190 blino 372 }
191 blino 351 }
192    
193 blino 393 class iurtuser {
194 blino 394 sshuser { $build_login:
195     homedir => $build_home_dir,
196     comment => "System user used to run build bots",
197     }
198 blino 429
199     file { "/etc/iurt":
200     ensure => "directory",
201     }
202 blino 393 }
203    
204 misc 213 class iurt {
205 boklm 216 include sudo
206 blino 381 include iurtuser
207 blino 366 ssh::auth::client { $build_login: }
208 blino 396 ssh::auth::server { $sched_login: user => $build_login }
209 misc 213
210     # build node common settings
211     # we could have the following skip list to use less space:
212     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
213     $package_list = ['task-bs-cluster-chroot', 'iurt']
214     package { $package_list:
215     ensure => installed;
216     }
217    
218 blino 426 file { "/etc/iurt/build":
219     ensure => "directory",
220 blino 428 require => File["/etc/iurt"],
221 blino 426 }
222    
223 blino 425 file { "/etc/iurt/build/cauldron.conf":
224 misc 213 ensure => present,
225     owner => $build_login,
226     group => $build_login,
227     mode => 644,
228 blino 426 require => File["/etc/iurt/build"],
229 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
230 misc 213 }
231    
232 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
233     ensure => present,
234     owner => $build_login,
235     group => $build_login,
236     mode => 644,
237     require => File["/etc/iurt/build"],
238     content => template("buildsystem/iurt.mandriva2010.1.conf")
239     }
240    
241 boklm 770 sudo::sudoers_config { "iurt":
242 boklm 218 content => template("buildsystem/sudoers.iurt")
243 boklm 216 }
244 dmorgan 86 }
245 boklm 696
246     # temporary script to create home dir with ssh key
247     # taking login and url as arguments
248     class mgacreatehome {
249     file { "/usr/local/sbin/mgacreatehome":
250     ensure => present,
251     owner => root,
252     group => root,
253     mode => 700,
254     content => template("buildsystem/mgacreatehome")
255     }
256     }
257 dmorgan 86 }

  ViewVC Help
Powered by ViewVC 1.1.30