/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 917 - (hide annotations) (download)
Sat Jan 29 15:43:55 2011 UTC (13 years, 2 months ago) by boklm
File size: 8679 byte(s) 
change schebot home to /var/lib/schedbot
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 boklm 917 $sched_home_dir = "/var/lib/$sched_login"
8 boklm 861 $sign_login = "signbot"
9     $sign_home_dir = "/var/lib/$sign_login"
10 blino 545 $repository_root = "/distrib/bootstrap"
11 boklm 817 $packagers_group = 'mga-packagers'
12     $createsrpm_path = '/usr/share/repsys/create-srpm'
13 blino 366
14     include ssh::auth
15     ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
16 blino 395 ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
17 boklm 356 }
18 boklm 355
19 boklm 356 class mainnode inherits base {
20 blino 381 include iurtuser
21 blino 353
22 blino 395 sshuser { $sched_login:
23     homedir => $sched_home_dir,
24     comment => "System user used to schedule builds",
25     }
26    
27 boklm 861 sshuser { $sign_login:
28     homedir => $sign_home_dir,
29     comment => "System user used to sign packages",
30 boklm 867 groups => [$sched_login],
31 boklm 861 }
32    
33 blino 399 ssh::auth::client { $sched_login: }
34 blino 573 ssh::auth::server { $sched_login: }
35 blino 399 ssh::auth::server { $build_login: }
36    
37 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
38     $package_list = ['iurt']
39 blino 398 package { $package_list:
40 blino 350 ensure => "installed"
41     }
42 blino 403
43     apache::vhost_other_app { "repository.$domain":
44 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
45 blino 403 }
46    
47 blino 466 apache::vhost_other_app { "pkgsubmit.$domain":
48     vhost_file => "buildsystem/vhost_pkgsubmit.conf",
49     }
50    
51 blino 430 include scheduler
52 blino 431 include gatherer
53 pterjan 700 include mgarepo
54 blino 517 include youri_submit
55 misc 860 include check_missing_deps
56 blino 350 }
57    
58 boklm 356 class buildnode inherits base {
59 misc 213 include iurt
60 dmorgan 86 }
61    
62 misc 265 class scheduler {
63     # ulri
64 blino 430 include iurtupload
65 misc 265 }
66    
67 blino 431 class gatherer {
68 misc 265 # emi
69 blino 430 include iurtupload
70 misc 265 }
71 blino 430
72     class iurtupload {
73 blino 432 file { "/etc/iurt/upload.conf":
74 blino 430 ensure => present,
75     owner => $build_login,
76     group => $build_login,
77     mode => 644,
78     require => File["/etc/iurt"],
79     content => template("buildsystem/upload.conf")
80     }
81     }
82 misc 265
83 pterjan 700 class mgarepo {
84     package { 'mgarepo':
85 misc 265
86     }
87    
88 blino 505 package { 'rpm-build':
89     }
90    
91 blino 500 file { "repsys.conf":
92     path => "/etc/repsys.conf",
93     owner => root,
94     group => root,
95     mode => 644,
96     content => template("buildsystem/repsys.conf")
97     }
98 blino 502
99     file { "$sched_home_dir/repsys":
100     ensure => "directory",
101 blino 508 owner => $sched_login,
102 blino 502 require => File[$sched_home_dir],
103     }
104    
105     file { "$sched_home_dir/repsys/tmp":
106     ensure => "directory",
107 blino 508 owner => $sched_login,
108 boklm 512 group => "mga-packagers",
109 boklm 510 mode => 1775,
110 blino 502 require => File["$sched_home_dir/repsys"],
111     }
112    
113     file { "$sched_home_dir/repsys/srpms":
114     ensure => "directory",
115 blino 508 owner => $sched_login,
116 boklm 512 group => "mga-packagers",
117 boklm 510 mode => 1775,
118 blino 502 require => File["$sched_home_dir/repsys"],
119     }
120 blino 885
121 boklm 915 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
122     #file { "$sched_home_dir/uploads":
123     # ensure => "directory",
124     # owner => $sched_login,
125     # require => File[$sched_home_dir],
126     #}
127 misc 886
128     # too tedious to create everything by hand
129     # so I prefered to used some puppet ruby module
130     # the exact content and directory name should IMHO be consolidated somewhere
131     import "create_upload_dir.rb"
132 boklm 915 create_upload_dir { "$sched_home_dir/uploads":
133     owner => $sched_login,
134     }
135 misc 265 }
136    
137 blino 516 class youri_submit {
138 boklm 522 include sudo
139    
140 blino 516 file { "/usr/local/bin/mdv-youri-submit":
141     owner => root,
142     group => root,
143     mode => 755,
144     content => template("buildsystem/mdv-youri-submit")
145     }
146    
147     file { "/usr/local/bin/mdv-youri-submit.wrapper":
148     owner => root,
149     group => root,
150     mode => 755,
151     content => template("buildsystem/mdv-youri-submit.wrapper")
152     }
153    
154 boklm 770 sudo::sudoers_config { "mdv-youri-submit":
155 blino 516 content => template("buildsystem/sudoers.youri")
156     }
157 blino 543
158     file { "/etc/youri":
159     ensure => "directory",
160     }
161    
162     file { "/etc/youri/submit-todo.conf":
163     ensure => present,
164     mode => 644,
165     require => File["/etc/youri"],
166     content => template("buildsystem/submit-todo.conf")
167     }
168 pterjan 682
169 pterjan 685 file { "/etc/youri/submit-upload.conf":
170 pterjan 682 ensure => present,
171     mode => 644,
172     require => File["/etc/youri"],
173 pterjan 685 content => template("buildsystem/submit-upload.conf")
174 pterjan 682 }
175 boklm 772
176     file { "/etc/youri/acl.conf":
177     ensure => present,
178     mode => 644,
179     require => File["/etc/youri"],
180     content => template("buildsystem/youri_acl.conf")
181     }
182 boklm 817
183     file { '/usr/local/bin/submit_package':
184     ensure => present,
185     mode => 755,
186     content => template('buildsystem/submit_package')
187     }
188 blino 516 }
189    
190 boklm 862 # $groups: array of secondary groups (only local groups, no ldap)
191     define sshuser($homedir, $comment, $groups = []) {
192 blino 394 group {"$title":
193 blino 351 ensure => present,
194     }
195    
196 blino 394 user {"$title":
197 blino 351 ensure => present,
198 blino 393 comment => $comment,
199 blino 351 managehome => true,
200 boklm 916 home => $homedir,
201 blino 394 gid => $title,
202 boklm 862 groups => $groups,
203 blino 351 shell => "/bin/bash",
204 blino 394 notify => Exec["unlock$title"],
205 blino 424 require => Group[$title],
206 blino 351 }
207 blino 372
208 blino 386 # set password to * to unlock the account but forbid login through login
209 blino 394 exec { "unlock$title":
210     command => "usermod -p '*' $title",
211 blino 386 refreshonly => true,
212     }
213    
214 blino 393 file { $homedir:
215 blino 383 ensure => "directory",
216 blino 423 require => User[$title],
217 blino 383 }
218    
219 blino 393 file { "$homedir/.ssh":
220 blino 372 ensure => "directory",
221     mode => 600,
222 blino 394 owner => $title,
223     group => $title,
224 blino 423 require => File[$homedir],
225 blino 372 }
226 blino 351 }
227    
228 blino 393 class iurtuser {
229 blino 394 sshuser { $build_login:
230     homedir => $build_home_dir,
231     comment => "System user used to run build bots",
232     }
233 blino 429
234     file { "/etc/iurt":
235     ensure => "directory",
236     }
237 blino 393 }
238    
239 misc 213 class iurt {
240 boklm 216 include sudo
241 blino 381 include iurtuser
242 blino 366 ssh::auth::client { $build_login: }
243 blino 396 ssh::auth::server { $sched_login: user => $build_login }
244 misc 213
245     # build node common settings
246     # we could have the following skip list to use less space:
247     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
248     $package_list = ['task-bs-cluster-chroot', 'iurt']
249     package { $package_list:
250     ensure => installed;
251     }
252    
253 blino 426 file { "/etc/iurt/build":
254     ensure => "directory",
255 blino 428 require => File["/etc/iurt"],
256 blino 426 }
257    
258 blino 425 file { "/etc/iurt/build/cauldron.conf":
259 misc 213 ensure => present,
260     owner => $build_login,
261     group => $build_login,
262     mode => 644,
263 blino 426 require => File["/etc/iurt/build"],
264 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
265 misc 213 }
266    
267 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
268     ensure => present,
269     owner => $build_login,
270     group => $build_login,
271     mode => 644,
272     require => File["/etc/iurt/build"],
273     content => template("buildsystem/iurt.mandriva2010.1.conf")
274     }
275    
276 boklm 770 sudo::sudoers_config { "iurt":
277 boklm 218 content => template("buildsystem/sudoers.iurt")
278 boklm 216 }
279 dmorgan 86 }
280 boklm 696
281     # temporary script to create home dir with ssh key
282     # taking login and url as arguments
283     class mgacreatehome {
284     file { "/usr/local/sbin/mgacreatehome":
285     ensure => present,
286     owner => root,
287     group => root,
288     mode => 700,
289     content => template("buildsystem/mgacreatehome")
290     }
291     }
292 misc 859
293     class check_missing_deps {
294     file { "/usr/local/bin/missing-deps.sh":
295     ensure => present,
296     owner => root,
297     group => root,
298 boklm 869 mode => 755,
299 boklm 868 source => "puppet:///modules/buildsystem/missing-deps.sh",
300 misc 859 }
301    
302     # FIXME hardcoded path
303     cron { "check missing deps":
304     command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
305     minute => "*/15",
306     }
307     }
308 dmorgan 86 }
  ViewVC Help
Powered by ViewVC 1.1.30