buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser
        ssh::auth::client { $sched_login: }
        ssh::auth::server { $build_login: }

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        package { "task-bs-cluster-main":
            ensure => "installed"
        }
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
    }

    class dispatcher {
        # emi
    }
    
    class repsys {
        package { 'repsys':

        }


    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "$build_home_dir/.iurt.cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/sudoers.d/iurt":
            ensure => present,
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.iurt")
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8
9	include ssh::auth
10	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
11	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
12	}
13
14	class mainnode inherits base {
15	include iurtuser
16	ssh::auth::client { $sched_login: }
17	ssh::auth::server { $build_login: }
18
19	sshuser { $sched_login:
20	homedir => $sched_home_dir,
21	comment => "System user used to schedule builds",
22	}
23
24	package { "task-bs-cluster-main":
25	ensure => "installed"
26	}
27	}
28
29	class buildnode inherits base {
30	include iurt
31	}
32
33	class scheduler {
34	# ulri
35	}
36
37	class dispatcher {
38	# emi
39	}
40
41	class repsys {
42	package { 'repsys':
43
44	}
45
46
47	}
48
49	define sshuser($homedir, $comment) {
50	group {"$title":
51	ensure => present,
52	}
53
54	user {"$title":
55	ensure => present,
56	comment => $comment,
57	managehome => true,
58	gid => $title,
59	shell => "/bin/bash",
60	notify => Exec["unlock$title"],
61	}
62
63	# set password to * to unlock the account but forbid login through login
64	exec { "unlock$title":
65	command => "usermod -p '*' $title",
66	refreshonly => true,
67	}
68
69	file { $homedir:
70	ensure => "directory",
71	}
72
73	file { "$homedir/.ssh":
74	ensure => "directory",
75	mode => 600,
76	owner => $title,
77	group => $title,
78	}
79	}
80
81	class iurtuser {
82	sshuser { $build_login:
83	homedir => $build_home_dir,
84	comment => "System user used to run build bots",
85	}
86	}
87
88	class iurt {
89	include sudo
90	include iurtuser
91	ssh::auth::client { $build_login: }
92	ssh::auth::server { $sched_login: user => $build_login }
93
94	# build node common settings
95	# we could have the following skip list to use less space:
96	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
97	$package_list = ['task-bs-cluster-chroot', 'iurt']
98	package { $package_list:
99	ensure => installed;
100	}
101
102	file { "$build_home_dir/.iurt.cauldron.conf":
103	ensure => present,
104	owner => $build_login,
105	group => $build_login,
106	mode => 644,
107	content => template("buildsystem/iurt.cauldron.conf")
108	}
109
110	file { "/etc/sudoers.d/iurt":
111	ensure => present,
112	owner => root,
113	group => root,
114	mode => 440,
115	content => template("buildsystem/sudoers.iurt")
116	}
117	}
118	}