/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Annotation of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 966 - (hide annotations) (download)
Mon Feb 7 18:43:41 2011 UTC (13 years, 2 months ago) by boklm
File size: 9180 byte(s) 
add sudoers config to allow schedbot to run mga-signpackage as signbot
1 misc 213 class buildsystem {
2 dmorgan 86
3 boklm 356 class base {
4     $build_login = "iurt"
5 blino 387 $build_home_dir = "/home/$build_login"
6 blino 397 $sched_login = "schedbot"
7 boklm 917 $sched_home_dir = "/var/lib/$sched_login"
8 boklm 861 $sign_login = "signbot"
9     $sign_home_dir = "/var/lib/$sign_login"
10 blino 545 $repository_root = "/distrib/bootstrap"
11 boklm 817 $packagers_group = 'mga-packagers'
12     $createsrpm_path = '/usr/share/repsys/create-srpm'
13 blino 366
14     include ssh::auth
15 boklm 918 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
16     home => $build_home_dir,
17     }
18     ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
19     home => $sched_home_dir,
20     }
21 boklm 356 }
22 boklm 355
23 boklm 356 class mainnode inherits base {
24 blino 381 include iurtuser
25 blino 353
26 blino 395 sshuser { $sched_login:
27     homedir => $sched_home_dir,
28     comment => "System user used to schedule builds",
29     }
30    
31 blino 399 ssh::auth::client { $sched_login: }
32 blino 573 ssh::auth::server { $sched_login: }
33 blino 399 ssh::auth::server { $build_login: }
34    
35 pterjan 703 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
36     $package_list = ['iurt']
37 blino 398 package { $package_list:
38 blino 350 ensure => "installed"
39     }
40 blino 403
41     apache::vhost_other_app { "repository.$domain":
42 blino 404 vhost_file => "buildsystem/vhost_repository.conf",
43 blino 403 }
44    
45 blino 466 apache::vhost_other_app { "pkgsubmit.$domain":
46     vhost_file => "buildsystem/vhost_pkgsubmit.conf",
47     }
48    
49 blino 430 include scheduler
50 blino 431 include gatherer
51 pterjan 700 include mgarepo
52 blino 517 include youri_submit
53 misc 860 include check_missing_deps
54 boklm 964 include signbot
55 blino 350 }
56    
57 boklm 356 class buildnode inherits base {
58 misc 213 include iurt
59 dmorgan 86 }
60    
61 boklm 964 class signbot {
62     sshuser { $sign_login:
63     homedir => $sign_home_dir,
64     comment => "System user used to sign packages",
65     groups => [$sched_login],
66     }
67    
68     gnupg::keys{"packages":
69     email => "packages@$domain",
70     #FIXME there should be a variable somewhere to change the name of the distribution
71     key_name => 'Mageia Packages',
72     login => $sign_login,
73     batchdir => "$sign_home_dir/batches",
74     keydir => "$sign_home_dir/keys",
75     }
76 boklm 966
77     sudo::sudoers_config { "signpackage":
78     content => template("buildsystem/sudoers.signpackage")
79     }
80 boklm 964 }
81    
82 misc 265 class scheduler {
83     # ulri
84 blino 430 include iurtupload
85 misc 265 }
86    
87 blino 431 class gatherer {
88 misc 265 # emi
89 blino 430 include iurtupload
90 misc 265 }
91 blino 430
92     class iurtupload {
93 blino 432 file { "/etc/iurt/upload.conf":
94 blino 430 ensure => present,
95     owner => $build_login,
96     group => $build_login,
97     mode => 644,
98     require => File["/etc/iurt"],
99     content => template("buildsystem/upload.conf")
100     }
101     }
102 misc 265
103 pterjan 700 class mgarepo {
104     package { 'mgarepo':
105 misc 265
106     }
107    
108 blino 505 package { 'rpm-build':
109     }
110    
111 blino 500 file { "repsys.conf":
112     path => "/etc/repsys.conf",
113     owner => root,
114     group => root,
115     mode => 644,
116     content => template("buildsystem/repsys.conf")
117     }
118 blino 502
119     file { "$sched_home_dir/repsys":
120     ensure => "directory",
121 blino 508 owner => $sched_login,
122 blino 502 require => File[$sched_home_dir],
123     }
124    
125     file { "$sched_home_dir/repsys/tmp":
126     ensure => "directory",
127 blino 508 owner => $sched_login,
128 boklm 512 group => "mga-packagers",
129 boklm 510 mode => 1775,
130 blino 502 require => File["$sched_home_dir/repsys"],
131     }
132    
133     file { "$sched_home_dir/repsys/srpms":
134     ensure => "directory",
135 blino 508 owner => $sched_login,
136 boklm 512 group => "mga-packagers",
137 boklm 510 mode => 1775,
138 blino 502 require => File["$sched_home_dir/repsys"],
139     }
140 blino 885
141 boklm 915 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
142     #file { "$sched_home_dir/uploads":
143     # ensure => "directory",
144     # owner => $sched_login,
145     # require => File[$sched_home_dir],
146     #}
147 misc 886
148     # too tedious to create everything by hand
149     # so I prefered to used some puppet ruby module
150     # the exact content and directory name should IMHO be consolidated somewhere
151     import "create_upload_dir.rb"
152 boklm 915 create_upload_dir { "$sched_home_dir/uploads":
153     owner => $sched_login,
154     }
155 misc 265 }
156    
157 blino 516 class youri_submit {
158 boklm 522 include sudo
159    
160 blino 516 file { "/usr/local/bin/mdv-youri-submit":
161     owner => root,
162     group => root,
163     mode => 755,
164     content => template("buildsystem/mdv-youri-submit")
165     }
166    
167     file { "/usr/local/bin/mdv-youri-submit.wrapper":
168     owner => root,
169     group => root,
170     mode => 755,
171     content => template("buildsystem/mdv-youri-submit.wrapper")
172     }
173    
174 boklm 770 sudo::sudoers_config { "mdv-youri-submit":
175 blino 516 content => template("buildsystem/sudoers.youri")
176     }
177 blino 543
178     file { "/etc/youri":
179     ensure => "directory",
180     }
181    
182     file { "/etc/youri/submit-todo.conf":
183     ensure => present,
184     mode => 644,
185     require => File["/etc/youri"],
186     content => template("buildsystem/submit-todo.conf")
187     }
188 pterjan 682
189 pterjan 685 file { "/etc/youri/submit-upload.conf":
190 pterjan 682 ensure => present,
191     mode => 644,
192     require => File["/etc/youri"],
193 pterjan 685 content => template("buildsystem/submit-upload.conf")
194 pterjan 682 }
195 boklm 772
196     file { "/etc/youri/acl.conf":
197     ensure => present,
198     mode => 644,
199     require => File["/etc/youri"],
200     content => template("buildsystem/youri_acl.conf")
201     }
202 boklm 817
203     file { '/usr/local/bin/submit_package':
204     ensure => present,
205     mode => 755,
206     content => template('buildsystem/submit_package')
207     }
208 blino 516 }
209    
210 boklm 862 # $groups: array of secondary groups (only local groups, no ldap)
211     define sshuser($homedir, $comment, $groups = []) {
212 blino 394 group {"$title":
213 blino 351 ensure => present,
214     }
215    
216 blino 394 user {"$title":
217 blino 351 ensure => present,
218 blino 393 comment => $comment,
219 blino 351 managehome => true,
220 boklm 916 home => $homedir,
221 blino 394 gid => $title,
222 boklm 862 groups => $groups,
223 blino 351 shell => "/bin/bash",
224 blino 394 notify => Exec["unlock$title"],
225 blino 424 require => Group[$title],
226 blino 351 }
227 blino 372
228 blino 386 # set password to * to unlock the account but forbid login through login
229 blino 394 exec { "unlock$title":
230     command => "usermod -p '*' $title",
231 blino 386 refreshonly => true,
232     }
233    
234 blino 393 file { $homedir:
235 blino 383 ensure => "directory",
236 blino 423 require => User[$title],
237 blino 383 }
238    
239 blino 393 file { "$homedir/.ssh":
240 blino 372 ensure => "directory",
241     mode => 600,
242 blino 394 owner => $title,
243     group => $title,
244 blino 423 require => File[$homedir],
245 blino 372 }
246 blino 351 }
247    
248 blino 393 class iurtuser {
249 blino 394 sshuser { $build_login:
250     homedir => $build_home_dir,
251     comment => "System user used to run build bots",
252     }
253 blino 429
254     file { "/etc/iurt":
255     ensure => "directory",
256     }
257 blino 393 }
258    
259 misc 213 class iurt {
260 boklm 216 include sudo
261 blino 381 include iurtuser
262 blino 366 ssh::auth::client { $build_login: }
263 blino 396 ssh::auth::server { $sched_login: user => $build_login }
264 misc 213
265     # build node common settings
266     # we could have the following skip list to use less space:
267     # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
268     $package_list = ['task-bs-cluster-chroot', 'iurt']
269     package { $package_list:
270     ensure => installed;
271     }
272    
273 blino 426 file { "/etc/iurt/build":
274     ensure => "directory",
275 blino 428 require => File["/etc/iurt"],
276 blino 426 }
277    
278 blino 425 file { "/etc/iurt/build/cauldron.conf":
279 misc 213 ensure => present,
280     owner => $build_login,
281     group => $build_login,
282     mode => 644,
283 blino 426 require => File["/etc/iurt/build"],
284 boklm 218 content => template("buildsystem/iurt.cauldron.conf")
285 misc 213 }
286    
287 boklm 648 file { "/etc/iurt/build/mandriva2010.1.conf":
288     ensure => present,
289     owner => $build_login,
290     group => $build_login,
291     mode => 644,
292     require => File["/etc/iurt/build"],
293     content => template("buildsystem/iurt.mandriva2010.1.conf")
294     }
295    
296 boklm 770 sudo::sudoers_config { "iurt":
297 boklm 218 content => template("buildsystem/sudoers.iurt")
298 boklm 216 }
299 dmorgan 86 }
300 boklm 696
301     # temporary script to create home dir with ssh key
302     # taking login and url as arguments
303     class mgacreatehome {
304     file { "/usr/local/sbin/mgacreatehome":
305     ensure => present,
306     owner => root,
307     group => root,
308     mode => 700,
309     content => template("buildsystem/mgacreatehome")
310     }
311     }
312 misc 859
313     class check_missing_deps {
314     file { "/usr/local/bin/missing-deps.sh":
315     ensure => present,
316     owner => root,
317     group => root,
318 boklm 869 mode => 755,
319 boklm 868 source => "puppet:///modules/buildsystem/missing-deps.sh",
320 misc 859 }
321    
322     # FIXME hardcoded path
323     cron { "check missing deps":
324     command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
325     minute => "*/15",
326     }
327     }
328 dmorgan 86 }
  ViewVC Help
Powered by ViewVC 1.1.30