buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $repository_root = "/distrib/bootstrap"
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mdv-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }
    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8	$sign_login = "signbot"
9	$sign_home_dir = "/var/lib/$sign_login"
10	$repository_root = "/distrib/bootstrap"
11	$packagers_group = 'mga-packagers'
12	$createsrpm_path = '/usr/share/repsys/create-srpm'
13
14	include ssh::auth
15	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
16	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
17	}
18
19	class mainnode inherits base {
20	include iurtuser
21
22	sshuser { $sched_login:
23	homedir => $sched_home_dir,
24	comment => "System user used to schedule builds",
25	}
26
27	sshuser { $sign_login:
28	homedir => $sign_home_dir,
29	comment => "System user used to sign packages",
30	}
31
32	ssh::auth::client { $sched_login: }
33	ssh::auth::server { $sched_login: }
34	ssh::auth::server { $build_login: }
35
36	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
37	$package_list = ['iurt']
38	package { $package_list:
39	ensure => "installed"
40	}
41
42	apache::vhost_other_app { "repository.$domain":
43	vhost_file => "buildsystem/vhost_repository.conf",
44	}
45
46	apache::vhost_other_app { "pkgsubmit.$domain":
47	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
48	}
49
50	include scheduler
51	include gatherer
52	include mgarepo
53	include youri_submit
54	include check_missing_deps
55	}
56
57	class buildnode inherits base {
58	include iurt
59	}
60
61	class scheduler {
62	# ulri
63	include iurtupload
64	}
65
66	class gatherer {
67	# emi
68	include iurtupload
69	}
70
71	class iurtupload {
72	file { "/etc/iurt/upload.conf":
73	ensure => present,
74	owner => $build_login,
75	group => $build_login,
76	mode => 644,
77	require => File["/etc/iurt"],
78	content => template("buildsystem/upload.conf")
79	}
80	}
81
82	class mgarepo {
83	package { 'mgarepo':
84
85	}
86
87	package { 'rpm-build':
88	}
89
90	file { "repsys.conf":
91	path => "/etc/repsys.conf",
92	owner => root,
93	group => root,
94	mode => 644,
95	content => template("buildsystem/repsys.conf")
96	}
97
98	file { "$sched_home_dir/repsys":
99	ensure => "directory",
100	owner => $sched_login,
101	require => File[$sched_home_dir],
102	}
103
104	file { "$sched_home_dir/repsys/tmp":
105	ensure => "directory",
106	owner => $sched_login,
107	group => "mga-packagers",
108	mode => 1775,
109	require => File["$sched_home_dir/repsys"],
110	}
111
112	file { "$sched_home_dir/repsys/srpms":
113	ensure => "directory",
114	owner => $sched_login,
115	group => "mga-packagers",
116	mode => 1775,
117	require => File["$sched_home_dir/repsys"],
118	}
119	}
120
121	class youri_submit {
122	include sudo
123
124	file { "/usr/local/bin/mdv-youri-submit":
125	owner => root,
126	group => root,
127	mode => 755,
128	content => template("buildsystem/mdv-youri-submit")
129	}
130
131	file { "/usr/local/bin/mdv-youri-submit.wrapper":
132	owner => root,
133	group => root,
134	mode => 755,
135	content => template("buildsystem/mdv-youri-submit.wrapper")
136	}
137
138	sudo::sudoers_config { "mdv-youri-submit":
139	content => template("buildsystem/sudoers.youri")
140	}
141
142	file { "/etc/youri":
143	ensure => "directory",
144	}
145
146	file { "/etc/youri/submit-todo.conf":
147	ensure => present,
148	mode => 644,
149	require => File["/etc/youri"],
150	content => template("buildsystem/submit-todo.conf")
151	}
152
153	file { "/etc/youri/submit-upload.conf":
154	ensure => present,
155	mode => 644,
156	require => File["/etc/youri"],
157	content => template("buildsystem/submit-upload.conf")
158	}
159
160	file { "/etc/youri/acl.conf":
161	ensure => present,
162	mode => 644,
163	require => File["/etc/youri"],
164	content => template("buildsystem/youri_acl.conf")
165	}
166
167	file { '/usr/local/bin/submit_package':
168	ensure => present,
169	mode => 755,
170	content => template('buildsystem/submit_package')
171	}
172	}
173
174	define sshuser($homedir, $comment) {
175	group {"$title":
176	ensure => present,
177	}
178
179	user {"$title":
180	ensure => present,
181	comment => $comment,
182	managehome => true,
183	gid => $title,
184	shell => "/bin/bash",
185	notify => Exec["unlock$title"],
186	require => Group[$title],
187	}
188
189	# set password to * to unlock the account but forbid login through login
190	exec { "unlock$title":
191	command => "usermod -p '*' $title",
192	refreshonly => true,
193	}
194
195	file { $homedir:
196	ensure => "directory",
197	require => User[$title],
198	}
199
200	file { "$homedir/.ssh":
201	ensure => "directory",
202	mode => 600,
203	owner => $title,
204	group => $title,
205	require => File[$homedir],
206	}
207	}
208
209	class iurtuser {
210	sshuser { $build_login:
211	homedir => $build_home_dir,
212	comment => "System user used to run build bots",
213	}
214
215	file { "/etc/iurt":
216	ensure => "directory",
217	}
218	}
219
220	class iurt {
221	include sudo
222	include iurtuser
223	ssh::auth::client { $build_login: }
224	ssh::auth::server { $sched_login: user => $build_login }
225
226	# build node common settings
227	# we could have the following skip list to use less space:
228	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
229	$package_list = ['task-bs-cluster-chroot', 'iurt']
230	package { $package_list:
231	ensure => installed;
232	}
233
234	file { "/etc/iurt/build":
235	ensure => "directory",
236	require => File["/etc/iurt"],
237	}
238
239	file { "/etc/iurt/build/cauldron.conf":
240	ensure => present,
241	owner => $build_login,
242	group => $build_login,
243	mode => 644,
244	require => File["/etc/iurt/build"],
245	content => template("buildsystem/iurt.cauldron.conf")
246	}
247
248	file { "/etc/iurt/build/mandriva2010.1.conf":
249	ensure => present,
250	owner => $build_login,
251	group => $build_login,
252	mode => 644,
253	require => File["/etc/iurt/build"],
254	content => template("buildsystem/iurt.mandriva2010.1.conf")
255	}
256
257	sudo::sudoers_config { "iurt":
258	content => template("buildsystem/sudoers.iurt")
259	}
260	}
261
262	# temporary script to create home dir with ssh key
263	# taking login and url as arguments
264	class mgacreatehome {
265	file { "/usr/local/sbin/mgacreatehome":
266	ensure => present,
267	owner => root,
268	group => root,
269	mode => 700,
270	content => template("buildsystem/mgacreatehome")
271	}
272	}
273
274	class check_missing_deps {
275	file { "/usr/local/bin/missing-deps.sh":
276	ensure => present,
277	owner => root,
278	group => root,
279	mode => 700,
280	content => "puppet:///modules/buildsystem/missing-deps.sh",
281	}
282
283	# FIXME hardcoded path
284	cron { "check missing deps":
285	command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
286	minute => "*/15",
287	}
288	}
289	}