/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 964 - (hide annotations) (download)
Mon Feb 7 12:06:01 2011 UTC (13 years, 2 months ago) by boklm
File size: 9063 byte(s) 
create packages key
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 boklm 917 $sched_home_dir = "/var/lib/$sched_login"
8 boklm 861 $sign_login = "signbot"
9     $sign_home_dir = "/var/lib/$sign_login"
10 blino 545 $repository_root = "/distrib/bootstrap"
11 boklm 817 $packagers_group = 'mga-packagers'
12     $createsrpm_path = '/usr/share/repsys/create-srpm'
13 blino 366
14     include ssh::auth
15 boklm 918 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
16     home => $build_home_dir,
17     }
18     ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
19     home => $sched_home_dir,
20     }
21 boklm 356 }
22 boklm 355
23 boklm 356 class mainnode inherits base {
24 blino 381 include iurtuser
25 blino 353
26 blino 395 sshuser { $sched_login:
27     homedir => $sched_home_dir,
28     comment => "System user used to schedule builds",
29     }
30    
31 blino 399 ssh::auth::client { $sched_login: }
32 blino 573 ssh::auth::server { $sched_login: }
33 blino 399 ssh::auth::server { $build_login: }
34    
35 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
36     $package_list = ['iurt']
37 blino 398 package { $package_list:
38 blino 350 ensure => "installed"
39     }
40 blino 403
41     apache::vhost_other_app { "repository.$domain":
42 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
43 blino 403 }
44    
45 blino 466 apache::vhost_other_app { "pkgsubmit.$domain":
46     vhost_file => "buildsystem/vhost_pkgsubmit.conf",
47     }
48    
49 blino 430 include scheduler
50 blino 431 include gatherer
51 pterjan 700 include mgarepo
52 blino 517 include youri_submit
53 misc 860 include check_missing_deps
54 boklm 964 include signbot
55 blino 350 }
56    
57 boklm 356 class buildnode inherits base {
58 misc 213 include iurt
59 dmorgan 86 }
60    
61 boklm 964 class signbot {
62     sshuser { $sign_login:
63     homedir => $sign_home_dir,
64     comment => "System user used to sign packages",
65     groups => [$sched_login],
66     }
67    
68     gnupg::keys{"packages":
69     email => "packages@$domain",
70     #FIXME there should be a variable somewhere to change the name of the distribution
71     key_name => 'Mageia Packages',
72     login => $sign_login,
73     batchdir => "$sign_home_dir/batches",
74     keydir => "$sign_home_dir/keys",
75     }
76     }
77    
78 misc 265 class scheduler {
79     # ulri
80 blino 430 include iurtupload
81 misc 265 }
82    
83 blino 431 class gatherer {
84 misc 265 # emi
85 blino 430 include iurtupload
86 misc 265 }
87 blino 430
88     class iurtupload {
89 blino 432 file { "/etc/iurt/upload.conf":
90 blino 430 ensure => present,
91     owner => $build_login,
92     group => $build_login,
93     mode => 644,
94     require => File["/etc/iurt"],
95     content => template("buildsystem/upload.conf")
96     }
97     }
98 misc 265
99 pterjan 700 class mgarepo {
100     package { 'mgarepo':
101 misc 265
102     }
103    
104 blino 505 package { 'rpm-build':
105     }
106    
107 blino 500 file { "repsys.conf":
108     path => "/etc/repsys.conf",
109     owner => root,
110     group => root,
111     mode => 644,
112     content => template("buildsystem/repsys.conf")
113     }
114 blino 502
115     file { "$sched_home_dir/repsys":
116     ensure => "directory",
117 blino 508 owner => $sched_login,
118 blino 502 require => File[$sched_home_dir],
119     }
120    
121     file { "$sched_home_dir/repsys/tmp":
122     ensure => "directory",
123 blino 508 owner => $sched_login,
124 boklm 512 group => "mga-packagers",
125 boklm 510 mode => 1775,
126 blino 502 require => File["$sched_home_dir/repsys"],
127     }
128    
129     file { "$sched_home_dir/repsys/srpms":
130     ensure => "directory",
131 blino 508 owner => $sched_login,
132 boklm 512 group => "mga-packagers",
133 boklm 510 mode => 1775,
134 blino 502 require => File["$sched_home_dir/repsys"],
135     }
136 blino 885
137 boklm 915 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
138     #file { "$sched_home_dir/uploads":
139     # ensure => "directory",
140     # owner => $sched_login,
141     # require => File[$sched_home_dir],
142     #}
143 misc 886
144     # too tedious to create everything by hand
145     # so I prefered to used some puppet ruby module
146     # the exact content and directory name should IMHO be consolidated somewhere
147     import "create_upload_dir.rb"
148 boklm 915 create_upload_dir { "$sched_home_dir/uploads":
149     owner => $sched_login,
150     }
151 misc 265 }
152    
153 blino 516 class youri_submit {
154 boklm 522 include sudo
155    
156 blino 516 file { "/usr/local/bin/mdv-youri-submit":
157     owner => root,
158     group => root,
159     mode => 755,
160     content => template("buildsystem/mdv-youri-submit")
161     }
162    
163     file { "/usr/local/bin/mdv-youri-submit.wrapper":
164     owner => root,
165     group => root,
166     mode => 755,
167     content => template("buildsystem/mdv-youri-submit.wrapper")
168     }
169    
170 boklm 770 sudo::sudoers_config { "mdv-youri-submit":
171 blino 516 content => template("buildsystem/sudoers.youri")
172     }
173 blino 543
174     file { "/etc/youri":
175     ensure => "directory",
176     }
177    
178     file { "/etc/youri/submit-todo.conf":
179     ensure => present,
180     mode => 644,
181     require => File["/etc/youri"],
182     content => template("buildsystem/submit-todo.conf")
183     }
184 pterjan 682
185 pterjan 685 file { "/etc/youri/submit-upload.conf":
186 pterjan 682 ensure => present,
187     mode => 644,
188     require => File["/etc/youri"],
189 pterjan 685 content => template("buildsystem/submit-upload.conf")
190 pterjan 682 }
191 boklm 772
192     file { "/etc/youri/acl.conf":
193     ensure => present,
194     mode => 644,
195     require => File["/etc/youri"],
196     content => template("buildsystem/youri_acl.conf")
197     }
198 boklm 817
199     file { '/usr/local/bin/submit_package':
200     ensure => present,
201     mode => 755,
202     content => template('buildsystem/submit_package')
203     }
204 blino 516 }
205    
206 boklm 862 # $groups: array of secondary groups (only local groups, no ldap)
207     define sshuser($homedir, $comment, $groups = []) {
208 blino 394 group {"$title":
209 blino 351 ensure => present,
210     }
211    
212 blino 394 user {"$title":
213 blino 351 ensure => present,
214 blino 393 comment => $comment,
215 blino 351 managehome => true,
216 boklm 916 home => $homedir,
217 blino 394 gid => $title,
218 boklm 862 groups => $groups,
219 blino 351 shell => "/bin/bash",
220 blino 394 notify => Exec["unlock$title"],
221 blino 424 require => Group[$title],
222 blino 351 }
223 blino 372
224 blino 386 # set password to * to unlock the account but forbid login through login
225 blino 394 exec { "unlock$title":
226     command => "usermod -p '*' $title",
227 blino 386 refreshonly => true,
228     }
229    
230 blino 393 file { $homedir:
231 blino 383 ensure => "directory",
232 blino 423 require => User[$title],
233 blino 383 }
234    
235 blino 393 file { "$homedir/.ssh":
236 blino 372 ensure => "directory",
237     mode => 600,
238 blino 394 owner => $title,
239     group => $title,
240 blino 423 require => File[$homedir],
241 blino 372 }
242 blino 351 }
243    
244 blino 393 class iurtuser {
245 blino 394 sshuser { $build_login:
246     homedir => $build_home_dir,
247     comment => "System user used to run build bots",
248     }
249 blino 429
250     file { "/etc/iurt":
251     ensure => "directory",
252     }
253 blino 393 }
254    
255 misc 213 class iurt {
256 boklm 216 include sudo
257 blino 381 include iurtuser
258 blino 366 ssh::auth::client { $build_login: }
259 blino 396 ssh::auth::server { $sched_login: user => $build_login }
260 misc 213
261     # build node common settings
262     # we could have the following skip list to use less space:
263     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
264     $package_list = ['task-bs-cluster-chroot', 'iurt']
265     package { $package_list:
266     ensure => installed;
267     }
268    
269 blino 426 file { "/etc/iurt/build":
270     ensure => "directory",
271 blino 428 require => File["/etc/iurt"],
272 blino 426 }
273    
274 blino 425 file { "/etc/iurt/build/cauldron.conf":
275 misc 213 ensure => present,
276     owner => $build_login,
277     group => $build_login,
278     mode => 644,
279 blino 426 require => File["/etc/iurt/build"],
280 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
281 misc 213 }
282    
283 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
284     ensure => present,
285     owner => $build_login,
286     group => $build_login,
287     mode => 644,
288     require => File["/etc/iurt/build"],
289     content => template("buildsystem/iurt.mandriva2010.1.conf")
290     }
291    
292 boklm 770 sudo::sudoers_config { "iurt":
293 boklm 218 content => template("buildsystem/sudoers.iurt")
294 boklm 216 }
295 dmorgan 86 }
296 boklm 696
297     # temporary script to create home dir with ssh key
298     # taking login and url as arguments
299     class mgacreatehome {
300     file { "/usr/local/sbin/mgacreatehome":
301     ensure => present,
302     owner => root,
303     group => root,
304     mode => 700,
305     content => template("buildsystem/mgacreatehome")
306     }
307     }
308 misc 859
309     class check_missing_deps {
310     file { "/usr/local/bin/missing-deps.sh":
311     ensure => present,
312     owner => root,
313     group => root,
314 boklm 869 mode => 755,
315 boklm 868 source => "puppet:///modules/buildsystem/missing-deps.sh",
316 misc 859 }
317    
318     # FIXME hardcoded path
319     cron { "check missing deps":
320     command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
321     minute => "*/15",
322     }
323     }
324 dmorgan 86 }
  ViewVC Help
Powered by ViewVC 1.1.30