buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $build_login: }

        $package_list = ['task-bs-cluster-main', 'iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include repsys
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class repsys {
        package { 'repsys':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            group => "mga-committers",
            mode => 775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            require => File["$sched_home_dir/repsys"],
        }
    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/sudoers.d/iurt":
            ensure => present,
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.iurt")
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8
9	include ssh::auth
10	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
11	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
12	}
13
14	class mainnode inherits base {
15	include iurtuser
16
17	sshuser { $sched_login:
18	homedir => $sched_home_dir,
19	comment => "System user used to schedule builds",
20	}
21
22	ssh::auth::client { $sched_login: }
23	ssh::auth::server { $build_login: }
24
25	$package_list = ['task-bs-cluster-main', 'iurt']
26	package { $package_list:
27	ensure => "installed"
28	}
29
30	apache::vhost_other_app { "repository.$domain":
31	vhost_file => "buildsystem/vhost_repository.conf",
32	}
33
34	apache::vhost_other_app { "pkgsubmit.$domain":
35	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
36	}
37
38	include scheduler
39	include gatherer
40	include repsys
41	}
42
43	class buildnode inherits base {
44	include iurt
45	}
46
47	class scheduler {
48	# ulri
49	include iurtupload
50	}
51
52	class gatherer {
53	# emi
54	include iurtupload
55	}
56
57	class iurtupload {
58	file { "/etc/iurt/upload.conf":
59	ensure => present,
60	owner => $build_login,
61	group => $build_login,
62	mode => 644,
63	require => File["/etc/iurt"],
64	content => template("buildsystem/upload.conf")
65	}
66	}
67
68	class repsys {
69	package { 'repsys':
70
71	}
72
73	package { 'rpm-build':
74	}
75
76	file { "repsys.conf":
77	path => "/etc/repsys.conf",
78	owner => root,
79	group => root,
80	mode => 644,
81	content => template("buildsystem/repsys.conf")
82	}
83
84	file { "$sched_home_dir/repsys":
85	ensure => "directory",
86	require => File[$sched_home_dir],
87	}
88
89	file { "$sched_home_dir/repsys/tmp":
90	ensure => "directory",
91	group => "mga-committers",
92	mode => 775,
93	require => File["$sched_home_dir/repsys"],
94	}
95
96	file { "$sched_home_dir/repsys/srpms":
97	ensure => "directory",
98	require => File["$sched_home_dir/repsys"],
99	}
100	}
101
102	define sshuser($homedir, $comment) {
103	group {"$title":
104	ensure => present,
105	}
106
107	user {"$title":
108	ensure => present,
109	comment => $comment,
110	managehome => true,
111	gid => $title,
112	shell => "/bin/bash",
113	notify => Exec["unlock$title"],
114	require => Group[$title],
115	}
116
117	# set password to * to unlock the account but forbid login through login
118	exec { "unlock$title":
119	command => "usermod -p '*' $title",
120	refreshonly => true,
121	}
122
123	file { $homedir:
124	ensure => "directory",
125	require => User[$title],
126	}
127
128	file { "$homedir/.ssh":
129	ensure => "directory",
130	mode => 600,
131	owner => $title,
132	group => $title,
133	require => File[$homedir],
134	}
135	}
136
137	class iurtuser {
138	sshuser { $build_login:
139	homedir => $build_home_dir,
140	comment => "System user used to run build bots",
141	}
142
143	file { "/etc/iurt":
144	ensure => "directory",
145	}
146	}
147
148	class iurt {
149	include sudo
150	include iurtuser
151	ssh::auth::client { $build_login: }
152	ssh::auth::server { $sched_login: user => $build_login }
153
154	# build node common settings
155	# we could have the following skip list to use less space:
156	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
157	$package_list = ['task-bs-cluster-chroot', 'iurt']
158	package { $package_list:
159	ensure => installed;
160	}
161
162	file { "/etc/iurt/build":
163	ensure => "directory",
164	require => File["/etc/iurt"],
165	}
166
167	file { "/etc/iurt/build/cauldron.conf":
168	ensure => present,
169	owner => $build_login,
170	group => $build_login,
171	mode => 644,
172	require => File["/etc/iurt/build"],
173	content => template("buildsystem/iurt.cauldron.conf")
174	}
175
176	file { "/etc/sudoers.d/iurt":
177	ensure => present,
178	owner => root,
179	group => root,
180	mode => 440,
181	content => template("buildsystem/sudoers.iurt")
182	}
183	}
184	}