buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/var/lib/$sched_login"
        $packages_archivedir = "$sched_home_dir/old"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $sign_keydir = "$sign_home_dir/keys"
        # FIXME: maybe keyid should be defined at an other place
        $sign_keyid = "80420F66"
        $repository_root = "/distrib/bootstrap"
        $mirror_root = "/distrib/mirror"
        $maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
        # FIXME: Test password. Real password should be in extdata.
        $maintdb_key = 'm1g234'
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
                home => $build_home_dir,
        }
        ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
                home => $sched_home_dir,
        }
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        $location = "/var/www/bs"
        apache::vhost_base { "pkgsubmit.$domain":
            aliases => { "/uploads" => "$sched_home_dir/uploads" },
            location => $location,
            content => template("buildsystem/vhost_pkgsubmit.conf"),
        }

        subversion::snapshot { $location:
            source => "svn://svn.$domain/soft/buildsystem/web/",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
        include signbot
    }

    class buildnode inherits base {
        include iurt
    }

    class signbot {
        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
          groups => [$sched_login],
        }

        gnupg::keys{"packages":
          email => "packages@$domain",
          #FIXME there should be a variable somewhere to change the name of the distribution
          key_name => 'Mageia Packages',
          login => $sign_login,
          batchdir => "$sign_home_dir/batches",
          keydir => $sign_keydir,
        }

        sudo::sudoers_config { "signpackage":
            content => template("buildsystem/sudoers.signpackage")
        }

        file { "$sign_home_dir/.rpmmacros":
            ensure => present,
            owner => root,
            group => root,
            mode => 644,
            content => template("buildsystem/signbot-rpmmacros")
        }

        file { "/usr/local/bin/sign-check-package":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template("buildsystem/sign-check-package")
        }
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$packages_archivedir":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
        #file { "$sched_home_dir/uploads":
        #    ensure => "directory",
        #    owner  => $sched_login,
        #    require => File[$sched_home_dir],
        #}

        # too tedious to create everything by hand
        # so I prefered to used some puppet ruby module
        # the exact content and directory name should IMHO be consolidated somewhere
        import "create_upload_dir.rb"
        create_upload_dir { "$sched_home_dir/uploads":
            owner => $sched_login, 
            group => $sched_login,
        } 
        
        tidy { "$sched_home_dir/uploads/":
            age     => "2w",
            matches => "*",
            recurse => true,
            type    => "ctime",
        }

        tidy { "$packages_archivedir":
            age     => "1w",
            matches => "*.rpm",
            recurse => true,
            type    => "ctime",
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mga-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mga-youri-submit")
        }

        file { "/usr/local/bin/mga-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mga-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mga-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }

        # FIXME use the correct perl directory
        file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
            ensure => "directory",
        }

        file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
            ensure => present,
            mode => 644,
            require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
            source => "puppet:///modules/buildsystem/Mageia.pm",
        }

        $package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
                         'perl-Youri-Package', 'perl-Youri-Repository',
                         'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']

        package { $package_list:
            ensure => installed;
        }
    }

    # $groups: array of secondary groups (only local groups, no ldap)
    define sshuser($homedir, $comment, $groups = []) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            home => $homedir,
            gid => $title,
            groups => $groups,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            source => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }

    class iurt20101 inherits base {
       file { "/usr/local/bin/iurt2010.1":
           ensure => present,
           owner => root,
           group => root,
           mode => 755,
           content => template("buildsystem/iurt2010.1"),
       }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/var/lib/$sched_login"
8	$packages_archivedir = "$sched_home_dir/old"
9	$sign_login = "signbot"
10	$sign_home_dir = "/var/lib/$sign_login"
11	$sign_keydir = "$sign_home_dir/keys"
12	# FIXME: maybe keyid should be defined at an other place
13	$sign_keyid = "80420F66"
14	$repository_root = "/distrib/bootstrap"
15	$mirror_root = "/distrib/mirror"
16	$maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
17	# FIXME: Test password. Real password should be in extdata.
18	$maintdb_key = 'm1g234'
19	$packagers_group = 'mga-packagers'
20	$createsrpm_path = '/usr/share/repsys/create-srpm'
21
22	include ssh::auth
23	ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
24	home => $build_home_dir,
25	}
26	ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
27	home => $sched_home_dir,
28	}
29	}
30
31	class mainnode inherits base {
32	include iurtuser
33
34	sshuser { $sched_login:
35	homedir => $sched_home_dir,
36	comment => "System user used to schedule builds",
37	}
38
39	ssh::auth::client { $sched_login: }
40	ssh::auth::server { $sched_login: }
41	ssh::auth::server { $build_login: }
42
43	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
44	$package_list = ['iurt']
45	package { $package_list:
46	ensure => "installed"
47	}
48
49	apache::vhost_other_app { "repository.$domain":
50	vhost_file => "buildsystem/vhost_repository.conf",
51	}
52
53	$location = "/var/www/bs"
54	apache::vhost_base { "pkgsubmit.$domain":
55	aliases => { "/uploads" => "$sched_home_dir/uploads" },
56	location => $location,
57	content => template("buildsystem/vhost_pkgsubmit.conf"),
58	}
59
60	subversion::snapshot { $location:
61	source => "svn://svn.$domain/soft/buildsystem/web/",
62	}
63
64	include scheduler
65	include gatherer
66	include mgarepo
67	include youri_submit
68	include check_missing_deps
69	include signbot
70	}
71
72	class buildnode inherits base {
73	include iurt
74	}
75
76	class signbot {
77	sshuser { $sign_login:
78	homedir => $sign_home_dir,
79	comment => "System user used to sign packages",
80	groups => [$sched_login],
81	}
82
83	gnupg::keys{"packages":
84	email => "packages@$domain",
85	#FIXME there should be a variable somewhere to change the name of the distribution
86	key_name => 'Mageia Packages',
87	login => $sign_login,
88	batchdir => "$sign_home_dir/batches",
89	keydir => $sign_keydir,
90	}
91
92	sudo::sudoers_config { "signpackage":
93	content => template("buildsystem/sudoers.signpackage")
94	}
95
96	file { "$sign_home_dir/.rpmmacros":
97	ensure => present,
98	owner => root,
99	group => root,
100	mode => 644,
101	content => template("buildsystem/signbot-rpmmacros")
102	}
103
104	file { "/usr/local/bin/sign-check-package":
105	ensure => present,
106	owner => root,
107	group => root,
108	mode => 755,
109	content => template("buildsystem/sign-check-package")
110	}
111	}
112
113	class scheduler {
114	# ulri
115	include iurtupload
116	}
117
118	class gatherer {
119	# emi
120	include iurtupload
121	}
122
123	class iurtupload {
124	file { "/etc/iurt/upload.conf":
125	ensure => present,
126	owner => $build_login,
127	group => $build_login,
128	mode => 644,
129	require => File["/etc/iurt"],
130	content => template("buildsystem/upload.conf")
131	}
132	}
133
134	class mgarepo {
135	package { 'mgarepo':
136
137	}
138
139	package { 'rpm-build':
140	}
141
142	file { "repsys.conf":
143	path => "/etc/repsys.conf",
144	owner => root,
145	group => root,
146	mode => 644,
147	content => template("buildsystem/repsys.conf")
148	}
149
150	file { "$packages_archivedir":
151	ensure => "directory",
152	owner => $sched_login,
153	require => File[$sched_home_dir],
154	}
155
156	file { "$sched_home_dir/repsys":
157	ensure => "directory",
158	owner => $sched_login,
159	require => File[$sched_home_dir],
160	}
161
162	file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
163	ensure => "directory",
164	owner => $sched_login,
165	group => "mga-packagers",
166	mode => 1775,
167	require => File["$sched_home_dir/repsys"],
168	}
169
170	# FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
171	#file { "$sched_home_dir/uploads":
172	# ensure => "directory",
173	# owner => $sched_login,
174	# require => File[$sched_home_dir],
175	#}
176
177	# too tedious to create everything by hand
178	# so I prefered to used some puppet ruby module
179	# the exact content and directory name should IMHO be consolidated somewhere
180	import "create_upload_dir.rb"
181	create_upload_dir { "$sched_home_dir/uploads":
182	owner => $sched_login,
183	group => $sched_login,
184	}
185
186	tidy { "$sched_home_dir/uploads/":
187	age => "2w",
188	matches => "*",
189	recurse => true,
190	type => "ctime",
191	}
192
193	tidy { "$packages_archivedir":
194	age => "1w",
195	matches => "*.rpm",
196	recurse => true,
197	type => "ctime",
198	}
199	}
200
201	class youri_submit {
202	include sudo
203
204	file { "/usr/local/bin/mga-youri-submit":
205	owner => root,
206	group => root,
207	mode => 755,
208	content => template("buildsystem/mga-youri-submit")
209	}
210
211	file { "/usr/local/bin/mga-youri-submit.wrapper":
212	owner => root,
213	group => root,
214	mode => 755,
215	content => template("buildsystem/mga-youri-submit.wrapper")
216	}
217
218	sudo::sudoers_config { "mga-youri-submit":
219	content => template("buildsystem/sudoers.youri")
220	}
221
222	file { "/etc/youri":
223	ensure => "directory",
224	}
225
226	file { "/etc/youri/submit-todo.conf":
227	ensure => present,
228	mode => 644,
229	require => File["/etc/youri"],
230	content => template("buildsystem/submit-todo.conf")
231	}
232
233	file { "/etc/youri/submit-upload.conf":
234	ensure => present,
235	mode => 644,
236	require => File["/etc/youri"],
237	content => template("buildsystem/submit-upload.conf")
238	}
239
240	file { "/etc/youri/acl.conf":
241	ensure => present,
242	mode => 644,
243	require => File["/etc/youri"],
244	content => template("buildsystem/youri_acl.conf")
245	}
246
247	file { '/usr/local/bin/submit_package':
248	ensure => present,
249	mode => 755,
250	content => template('buildsystem/submit_package')
251	}
252
253	# FIXME use the correct perl directory
254	file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
255	ensure => "directory",
256	}
257
258	file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
259	ensure => present,
260	mode => 644,
261	require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
262	source => "puppet:///modules/buildsystem/Mageia.pm",
263	}
264
265	$package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
266	'perl-Youri-Package', 'perl-Youri-Repository',
267	'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']
268
269	package { $package_list:
270	ensure => installed;
271	}
272	}
273
274	# $groups: array of secondary groups (only local groups, no ldap)
275	define sshuser($homedir, $comment, $groups = []) {
276	group {"$title":
277	ensure => present,
278	}
279
280	user {"$title":
281	ensure => present,
282	comment => $comment,
283	managehome => true,
284	home => $homedir,
285	gid => $title,
286	groups => $groups,
287	shell => "/bin/bash",
288	notify => Exec["unlock$title"],
289	require => Group[$title],
290	}
291
292	# set password to * to unlock the account but forbid login through login
293	exec { "unlock$title":
294	command => "usermod -p '*' $title",
295	refreshonly => true,
296	}
297
298	file { $homedir:
299	ensure => "directory",
300	require => User[$title],
301	}
302
303	file { "$homedir/.ssh":
304	ensure => "directory",
305	mode => 600,
306	owner => $title,
307	group => $title,
308	require => File[$homedir],
309	}
310	}
311
312	class iurtuser {
313	sshuser { $build_login:
314	homedir => $build_home_dir,
315	comment => "System user used to run build bots",
316	}
317
318	file { "/etc/iurt":
319	ensure => "directory",
320	}
321	}
322
323	class iurt {
324	include sudo
325	include iurtuser
326	ssh::auth::client { $build_login: }
327	ssh::auth::server { $sched_login: user => $build_login }
328
329	# build node common settings
330	# we could have the following skip list to use less space:
331	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
332	$package_list = ['task-bs-cluster-chroot', 'iurt']
333	package { $package_list:
334	ensure => installed;
335	}
336
337	file { "/etc/iurt/build":
338	ensure => "directory",
339	require => File["/etc/iurt"],
340	}
341
342	file { "/etc/iurt/build/cauldron.conf":
343	ensure => present,
344	owner => $build_login,
345	group => $build_login,
346	mode => 644,
347	require => File["/etc/iurt/build"],
348	content => template("buildsystem/iurt.cauldron.conf")
349	}
350
351	file { "/etc/iurt/build/mandriva2010.1.conf":
352	ensure => present,
353	owner => $build_login,
354	group => $build_login,
355	mode => 644,
356	require => File["/etc/iurt/build"],
357	content => template("buildsystem/iurt.mandriva2010.1.conf")
358	}
359
360	sudo::sudoers_config { "iurt":
361	content => template("buildsystem/sudoers.iurt")
362	}
363	}
364
365	# temporary script to create home dir with ssh key
366	# taking login and url as arguments
367	class mgacreatehome {
368	file { "/usr/local/sbin/mgacreatehome":
369	ensure => present,
370	owner => root,
371	group => root,
372	mode => 700,
373	content => template("buildsystem/mgacreatehome")
374	}
375	}
376
377	class check_missing_deps {
378	file { "/usr/local/bin/missing-deps.sh":
379	ensure => present,
380	owner => root,
381	group => root,
382	mode => 755,
383	source => "puppet:///modules/buildsystem/missing-deps.sh",
384	}
385
386	# FIXME hardcoded path
387	cron { "check missing deps":
388	command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
389	minute => "*/15",
390	}
391	}
392
393	class iurt20101 inherits base {
394	file { "/usr/local/bin/iurt2010.1":
395	ensure => present,
396	owner => root,
397	group => root,
398	mode => 755,
399	content => template("buildsystem/iurt2010.1"),
400	}
401	}
402	}