buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $build_login: }

        $package_list = ['task-bs-cluster-main', 'iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include repsys
        include youri_submit
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class repsys {
        package { 'repsys':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        file { "/etc/sudoers.d/mdv-youri-submit":
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
            require => File["/etc/youri"],
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }
    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/sudoers.d/iurt":
            ensure => present,
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.iurt")
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8
9	include ssh::auth
10	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
11	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
12	}
13
14	class mainnode inherits base {
15	include iurtuser
16
17	sshuser { $sched_login:
18	homedir => $sched_home_dir,
19	comment => "System user used to schedule builds",
20	}
21
22	ssh::auth::client { $sched_login: }
23	ssh::auth::server { $build_login: }
24
25	$package_list = ['task-bs-cluster-main', 'iurt']
26	package { $package_list:
27	ensure => "installed"
28	}
29
30	apache::vhost_other_app { "repository.$domain":
31	vhost_file => "buildsystem/vhost_repository.conf",
32	}
33
34	apache::vhost_other_app { "pkgsubmit.$domain":
35	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
36	}
37
38	include scheduler
39	include gatherer
40	include repsys
41	include youri_submit
42	}
43
44	class buildnode inherits base {
45	include iurt
46	}
47
48	class scheduler {
49	# ulri
50	include iurtupload
51	}
52
53	class gatherer {
54	# emi
55	include iurtupload
56	}
57
58	class iurtupload {
59	file { "/etc/iurt/upload.conf":
60	ensure => present,
61	owner => $build_login,
62	group => $build_login,
63	mode => 644,
64	require => File["/etc/iurt"],
65	content => template("buildsystem/upload.conf")
66	}
67	}
68
69	class repsys {
70	package { 'repsys':
71
72	}
73
74	package { 'rpm-build':
75	}
76
77	file { "repsys.conf":
78	path => "/etc/repsys.conf",
79	owner => root,
80	group => root,
81	mode => 644,
82	content => template("buildsystem/repsys.conf")
83	}
84
85	file { "$sched_home_dir/repsys":
86	ensure => "directory",
87	owner => $sched_login,
88	require => File[$sched_home_dir],
89	}
90
91	file { "$sched_home_dir/repsys/tmp":
92	ensure => "directory",
93	owner => $sched_login,
94	group => "mga-packagers",
95	mode => 1775,
96	require => File["$sched_home_dir/repsys"],
97	}
98
99	file { "$sched_home_dir/repsys/srpms":
100	ensure => "directory",
101	owner => $sched_login,
102	group => "mga-packagers",
103	mode => 1775,
104	require => File["$sched_home_dir/repsys"],
105	}
106	}
107
108	class youri_submit {
109	include sudo
110
111	file { "/usr/local/bin/mdv-youri-submit":
112	owner => root,
113	group => root,
114	mode => 755,
115	content => template("buildsystem/mdv-youri-submit")
116	}
117
118	file { "/usr/local/bin/mdv-youri-submit.wrapper":
119	owner => root,
120	group => root,
121	mode => 755,
122	content => template("buildsystem/mdv-youri-submit.wrapper")
123	}
124
125	file { "/etc/sudoers.d/mdv-youri-submit":
126	owner => root,
127	group => root,
128	mode => 440,
129	content => template("buildsystem/sudoers.youri")
130	}
131
132	file { "/etc/youri":
133	ensure => "directory",
134	require => File["/etc/youri"],
135	}
136
137	file { "/etc/youri/submit-todo.conf":
138	ensure => present,
139	mode => 644,
140	require => File["/etc/youri"],
141	content => template("buildsystem/submit-todo.conf")
142	}
143	}
144
145	define sshuser($homedir, $comment) {
146	group {"$title":
147	ensure => present,
148	}
149
150	user {"$title":
151	ensure => present,
152	comment => $comment,
153	managehome => true,
154	gid => $title,
155	shell => "/bin/bash",
156	notify => Exec["unlock$title"],
157	require => Group[$title],
158	}
159
160	# set password to * to unlock the account but forbid login through login
161	exec { "unlock$title":
162	command => "usermod -p '*' $title",
163	refreshonly => true,
164	}
165
166	file { $homedir:
167	ensure => "directory",
168	require => User[$title],
169	}
170
171	file { "$homedir/.ssh":
172	ensure => "directory",
173	mode => 600,
174	owner => $title,
175	group => $title,
176	require => File[$homedir],
177	}
178	}
179
180	class iurtuser {
181	sshuser { $build_login:
182	homedir => $build_home_dir,
183	comment => "System user used to run build bots",
184	}
185
186	file { "/etc/iurt":
187	ensure => "directory",
188	}
189	}
190
191	class iurt {
192	include sudo
193	include iurtuser
194	ssh::auth::client { $build_login: }
195	ssh::auth::server { $sched_login: user => $build_login }
196
197	# build node common settings
198	# we could have the following skip list to use less space:
199	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
200	$package_list = ['task-bs-cluster-chroot', 'iurt']
201	package { $package_list:
202	ensure => installed;
203	}
204
205	file { "/etc/iurt/build":
206	ensure => "directory",
207	require => File["/etc/iurt"],
208	}
209
210	file { "/etc/iurt/build/cauldron.conf":
211	ensure => present,
212	owner => $build_login,
213	group => $build_login,
214	mode => 644,
215	require => File["/etc/iurt/build"],
216	content => template("buildsystem/iurt.cauldron.conf")
217	}
218
219	file { "/etc/sudoers.d/iurt":
220	ensure => present,
221	owner => root,
222	group => root,
223	mode => 440,
224	content => template("buildsystem/sudoers.iurt")
225	}
226	}
227	}