buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"
        $repository_root = "/distrib/bootstrap"

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $build_login: }

        $package_list = ['task-bs-cluster-main', 'iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include repsys
        include youri_submit
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class repsys {
        package { 'repsys':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        file { "/etc/sudoers.d/mdv-youri-submit":
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }
    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/sudoers.d/iurt":
            ensure => present,
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.iurt")
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8	$repository_root = "/distrib/bootstrap"
9
10	include ssh::auth
11	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
12	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
13	}
14
15	class mainnode inherits base {
16	include iurtuser
17
18	sshuser { $sched_login:
19	homedir => $sched_home_dir,
20	comment => "System user used to schedule builds",
21	}
22
23	ssh::auth::client { $sched_login: }
24	ssh::auth::server { $build_login: }
25
26	$package_list = ['task-bs-cluster-main', 'iurt']
27	package { $package_list:
28	ensure => "installed"
29	}
30
31	apache::vhost_other_app { "repository.$domain":
32	vhost_file => "buildsystem/vhost_repository.conf",
33	}
34
35	apache::vhost_other_app { "pkgsubmit.$domain":
36	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
37	}
38
39	include scheduler
40	include gatherer
41	include repsys
42	include youri_submit
43	}
44
45	class buildnode inherits base {
46	include iurt
47	}
48
49	class scheduler {
50	# ulri
51	include iurtupload
52	}
53
54	class gatherer {
55	# emi
56	include iurtupload
57	}
58
59	class iurtupload {
60	file { "/etc/iurt/upload.conf":
61	ensure => present,
62	owner => $build_login,
63	group => $build_login,
64	mode => 644,
65	require => File["/etc/iurt"],
66	content => template("buildsystem/upload.conf")
67	}
68	}
69
70	class repsys {
71	package { 'repsys':
72
73	}
74
75	package { 'rpm-build':
76	}
77
78	file { "repsys.conf":
79	path => "/etc/repsys.conf",
80	owner => root,
81	group => root,
82	mode => 644,
83	content => template("buildsystem/repsys.conf")
84	}
85
86	file { "$sched_home_dir/repsys":
87	ensure => "directory",
88	owner => $sched_login,
89	require => File[$sched_home_dir],
90	}
91
92	file { "$sched_home_dir/repsys/tmp":
93	ensure => "directory",
94	owner => $sched_login,
95	group => "mga-packagers",
96	mode => 1775,
97	require => File["$sched_home_dir/repsys"],
98	}
99
100	file { "$sched_home_dir/repsys/srpms":
101	ensure => "directory",
102	owner => $sched_login,
103	group => "mga-packagers",
104	mode => 1775,
105	require => File["$sched_home_dir/repsys"],
106	}
107	}
108
109	class youri_submit {
110	include sudo
111
112	file { "/usr/local/bin/mdv-youri-submit":
113	owner => root,
114	group => root,
115	mode => 755,
116	content => template("buildsystem/mdv-youri-submit")
117	}
118
119	file { "/usr/local/bin/mdv-youri-submit.wrapper":
120	owner => root,
121	group => root,
122	mode => 755,
123	content => template("buildsystem/mdv-youri-submit.wrapper")
124	}
125
126	file { "/etc/sudoers.d/mdv-youri-submit":
127	owner => root,
128	group => root,
129	mode => 440,
130	content => template("buildsystem/sudoers.youri")
131	}
132
133	file { "/etc/youri":
134	ensure => "directory",
135	}
136
137	file { "/etc/youri/submit-todo.conf":
138	ensure => present,
139	mode => 644,
140	require => File["/etc/youri"],
141	content => template("buildsystem/submit-todo.conf")
142	}
143	}
144
145	define sshuser($homedir, $comment) {
146	group {"$title":
147	ensure => present,
148	}
149
150	user {"$title":
151	ensure => present,
152	comment => $comment,
153	managehome => true,
154	gid => $title,
155	shell => "/bin/bash",
156	notify => Exec["unlock$title"],
157	require => Group[$title],
158	}
159
160	# set password to * to unlock the account but forbid login through login
161	exec { "unlock$title":
162	command => "usermod -p '*' $title",
163	refreshonly => true,
164	}
165
166	file { $homedir:
167	ensure => "directory",
168	require => User[$title],
169	}
170
171	file { "$homedir/.ssh":
172	ensure => "directory",
173	mode => 600,
174	owner => $title,
175	group => $title,
176	require => File[$homedir],
177	}
178	}
179
180	class iurtuser {
181	sshuser { $build_login:
182	homedir => $build_home_dir,
183	comment => "System user used to run build bots",
184	}
185
186	file { "/etc/iurt":
187	ensure => "directory",
188	}
189	}
190
191	class iurt {
192	include sudo
193	include iurtuser
194	ssh::auth::client { $build_login: }
195	ssh::auth::server { $sched_login: user => $build_login }
196
197	# build node common settings
198	# we could have the following skip list to use less space:
199	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
200	$package_list = ['task-bs-cluster-chroot', 'iurt']
201	package { $package_list:
202	ensure => installed;
203	}
204
205	file { "/etc/iurt/build":
206	ensure => "directory",
207	require => File["/etc/iurt"],
208	}
209
210	file { "/etc/iurt/build/cauldron.conf":
211	ensure => present,
212	owner => $build_login,
213	group => $build_login,
214	mode => 644,
215	require => File["/etc/iurt/build"],
216	content => template("buildsystem/iurt.cauldron.conf")
217	}
218
219	file { "/etc/sudoers.d/iurt":
220	ensure => present,
221	owner => root,
222	group => root,
223	mode => 440,
224	content => template("buildsystem/sudoers.iurt")
225	}
226	}
227	}