1 |
class buildsystem { |
2 |
|
3 |
class base { |
4 |
$build_login = "iurt" |
5 |
$build_home_dir = "/home/$build_login" |
6 |
$sched_login = "schedbot" |
7 |
$sched_home_dir = "/var/lib/$sched_login" |
8 |
$packages_archivedir = "$sched_home_dir/old" |
9 |
$repository_root = "/distrib/bootstrap" |
10 |
$packagers_group = 'mga-packagers' |
11 |
$packagers_committers_group = 'mga-packagers-committers' |
12 |
|
13 |
include ssh::auth |
14 |
ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits |
15 |
home => $build_home_dir, |
16 |
} |
17 |
ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits |
18 |
home => $sched_home_dir, |
19 |
} |
20 |
} |
21 |
|
22 |
class mainnode inherits base { |
23 |
include iurtuser |
24 |
|
25 |
sshuser { $sched_login: |
26 |
homedir => $sched_home_dir, |
27 |
comment => "System user used to schedule builds", |
28 |
} |
29 |
|
30 |
ssh::auth::client { $sched_login: } |
31 |
|
32 |
ssh::auth::server { [$sched_login, $build_login]: } |
33 |
|
34 |
# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys |
35 |
$package_list = ['iurt'] |
36 |
package { $package_list: } |
37 |
|
38 |
$mirror_root = "/distrib/mirror" |
39 |
apache::vhost_other_app { "repository.$domain": |
40 |
vhost_file => "buildsystem/vhost_repository.conf", |
41 |
} |
42 |
|
43 |
$location = "/var/www/bs" |
44 |
file { ["$location","$location/data"]: |
45 |
ensure => directory, |
46 |
} |
47 |
|
48 |
apache::vhost_base { "pkgsubmit.$domain": |
49 |
aliases => { "/uploads" => "$sched_home_dir/uploads" }, |
50 |
location => $location, |
51 |
content => template("buildsystem/vhost_pkgsubmit.conf"), |
52 |
} |
53 |
|
54 |
subversion::snapshot { $location: |
55 |
source => "svn://svn.$domain/soft/buildsystem/web/", |
56 |
} |
57 |
|
58 |
define media_cfg() { |
59 |
$arch = $name |
60 |
file { "$repository_root/distrib/cauldron/$arch/media/media_info/media.cfg": |
61 |
owner => $sched_login, |
62 |
group => $sched_login, |
63 |
source => "puppet:///modules/buildsystem/$arch/media.cfg", |
64 |
} |
65 |
} |
66 |
|
67 |
media_cfg { ["i586","x86_64"]: } |
68 |
|
69 |
include scheduler |
70 |
include gatherer |
71 |
include buildsystem::mgarepo |
72 |
include buildsystem::signbot |
73 |
include youri_submit |
74 |
include buildsystem::check_missing_deps |
75 |
|
76 |
cron { "dispatch jobs": |
77 |
user => $sched_login, |
78 |
command => "emi ; ulri", |
79 |
minute => "*", |
80 |
} |
81 |
} |
82 |
|
83 |
class buildnode inherits base { |
84 |
include buildsystem::iurt |
85 |
} |
86 |
|
87 |
class scheduler { |
88 |
# ulri |
89 |
include iurtupload |
90 |
} |
91 |
|
92 |
class gatherer { |
93 |
# emi |
94 |
include iurtupload |
95 |
} |
96 |
|
97 |
class iurtupload { |
98 |
file { "/etc/iurt/upload.conf": |
99 |
require => File["/etc/iurt"], |
100 |
content => template("buildsystem/upload.conf") |
101 |
} |
102 |
} |
103 |
|
104 |
class youri_submit { |
105 |
include sudo |
106 |
|
107 |
local_script { |
108 |
"mga-youri-submit": content => template("buildsystem/mga-youri-submit"); |
109 |
"mga-youri-submit.wrapper": content => template("buildsystem/mga-youri-submit.wrapper"); |
110 |
"submit_package": content => template('buildsystem/submit_package.pl'); |
111 |
} |
112 |
|
113 |
sudo::sudoers_config { "mga-youri-submit": |
114 |
content => template("buildsystem/sudoers.youri") |
115 |
} |
116 |
|
117 |
package { "rpmlint": } |
118 |
|
119 |
file { "/etc/rpmlint/config": |
120 |
require => Package['rpmlint'], |
121 |
content => template("buildsystem/rpmlint.conf") |
122 |
} |
123 |
|
124 |
# directory that hold configuration auto extracted after upload |
125 |
# of the rpmlint policy |
126 |
file { "/etc/rpmlint/extracted.d/": |
127 |
ensure => directory, |
128 |
require => Package['rpmlint'], |
129 |
owner => $sched_login, |
130 |
} |
131 |
|
132 |
# ordering is automatic : |
133 |
# http://docs.puppetlabs.com/learning/ordering.html#autorequire |
134 |
file { "/etc/youri": |
135 |
ensure => "directory", |
136 |
} |
137 |
|
138 |
file { |
139 |
"/etc/youri/submit-todo.conf": content => template("buildsystem/submit-todo.conf"); |
140 |
"/etc/youri/submit-upload.conf": content => template("buildsystem/submit-upload.conf"); |
141 |
"/etc/youri/acl.conf": content => template("buildsystem/youri_acl.conf"); |
142 |
} |
143 |
|
144 |
# FIXME use the correct perl directory |
145 |
file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository": |
146 |
ensure => "directory", |
147 |
} |
148 |
|
149 |
file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm': |
150 |
source => "puppet:///modules/buildsystem/Mageia.pm", |
151 |
} |
152 |
|
153 |
$package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media', |
154 |
'perl-Youri-Package', 'perl-Youri-Repository', |
155 |
'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit'] |
156 |
|
157 |
package { $package_list: } |
158 |
} |
159 |
|
160 |
# $groups: array of secondary groups (only local groups, no ldap) |
161 |
define sshuser($homedir, $comment, $groups = []) { |
162 |
group {"$title": |
163 |
ensure => present, |
164 |
} |
165 |
|
166 |
user {"$title": |
167 |
ensure => present, |
168 |
comment => $comment, |
169 |
managehome => true, |
170 |
home => $homedir, |
171 |
gid => $title, |
172 |
groups => $groups, |
173 |
shell => "/bin/bash", |
174 |
notify => Exec["unlock$title"], |
175 |
require => Group[$title], |
176 |
} |
177 |
|
178 |
# set password to * to unlock the account but forbid login through login |
179 |
exec { "unlock$title": |
180 |
command => "usermod -p '*' $title", |
181 |
refreshonly => true, |
182 |
} |
183 |
|
184 |
file { $homedir: |
185 |
ensure => "directory", |
186 |
owner => $title, |
187 |
group => $title, |
188 |
require => User[$title], |
189 |
} |
190 |
|
191 |
file { "$homedir/.ssh": |
192 |
ensure => "directory", |
193 |
mode => 600, |
194 |
owner => $title, |
195 |
group => $title, |
196 |
require => File[$homedir], |
197 |
} |
198 |
} |
199 |
|
200 |
class iurtuser { |
201 |
sshuser { $build_login: |
202 |
homedir => $build_home_dir, |
203 |
comment => "System user used to run build bots", |
204 |
} |
205 |
|
206 |
file { "/etc/iurt": |
207 |
ensure => "directory", |
208 |
} |
209 |
} |
210 |
|
211 |
# A script to copy on valstar the 2010.1 rpms built on jonund |
212 |
class sync20101 inherits base { |
213 |
local_script { "sync2010.1": |
214 |
content => template("buildsystem/sync2010.1"), |
215 |
} |
216 |
} |
217 |
|
218 |
# a script to build 2010.1 packages. used on jonund |
219 |
class iurt20101 inherits base { |
220 |
local_script { "iurt2010.1": |
221 |
content => template("buildsystem/iurt2010.1"), |
222 |
} |
223 |
} |
224 |
} |