/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 916 - (show annotations) (download)
Sat Jan 29 15:34:43 2011 UTC (13 years, 2 months ago) by boklm
File size: 8676 byte(s)
set homedir
1 class buildsystem {
2
3 class base {
4 $build_login = "iurt"
5 $build_home_dir = "/home/$build_login"
6 $sched_login = "schedbot"
7 $sched_home_dir = "/home/$sched_login"
8 $sign_login = "signbot"
9 $sign_home_dir = "/var/lib/$sign_login"
10 $repository_root = "/distrib/bootstrap"
11 $packagers_group = 'mga-packagers'
12 $createsrpm_path = '/usr/share/repsys/create-srpm'
13
14 include ssh::auth
15 ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
16 ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
17 }
18
19 class mainnode inherits base {
20 include iurtuser
21
22 sshuser { $sched_login:
23 homedir => $sched_home_dir,
24 comment => "System user used to schedule builds",
25 }
26
27 sshuser { $sign_login:
28 homedir => $sign_home_dir,
29 comment => "System user used to sign packages",
30 groups => [$sched_login],
31 }
32
33 ssh::auth::client { $sched_login: }
34 ssh::auth::server { $sched_login: }
35 ssh::auth::server { $build_login: }
36
37 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
38 $package_list = ['iurt']
39 package { $package_list:
40 ensure => "installed"
41 }
42
43 apache::vhost_other_app { "repository.$domain":
44 vhost_file => "buildsystem/vhost_repository.conf",
45 }
46
47 apache::vhost_other_app { "pkgsubmit.$domain":
48 vhost_file => "buildsystem/vhost_pkgsubmit.conf",
49 }
50
51 include scheduler
52 include gatherer
53 include mgarepo
54 include youri_submit
55 include check_missing_deps
56 }
57
58 class buildnode inherits base {
59 include iurt
60 }
61
62 class scheduler {
63 # ulri
64 include iurtupload
65 }
66
67 class gatherer {
68 # emi
69 include iurtupload
70 }
71
72 class iurtupload {
73 file { "/etc/iurt/upload.conf":
74 ensure => present,
75 owner => $build_login,
76 group => $build_login,
77 mode => 644,
78 require => File["/etc/iurt"],
79 content => template("buildsystem/upload.conf")
80 }
81 }
82
83 class mgarepo {
84 package { 'mgarepo':
85
86 }
87
88 package { 'rpm-build':
89 }
90
91 file { "repsys.conf":
92 path => "/etc/repsys.conf",
93 owner => root,
94 group => root,
95 mode => 644,
96 content => template("buildsystem/repsys.conf")
97 }
98
99 file { "$sched_home_dir/repsys":
100 ensure => "directory",
101 owner => $sched_login,
102 require => File[$sched_home_dir],
103 }
104
105 file { "$sched_home_dir/repsys/tmp":
106 ensure => "directory",
107 owner => $sched_login,
108 group => "mga-packagers",
109 mode => 1775,
110 require => File["$sched_home_dir/repsys"],
111 }
112
113 file { "$sched_home_dir/repsys/srpms":
114 ensure => "directory",
115 owner => $sched_login,
116 group => "mga-packagers",
117 mode => 1775,
118 require => File["$sched_home_dir/repsys"],
119 }
120
121 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
122 #file { "$sched_home_dir/uploads":
123 # ensure => "directory",
124 # owner => $sched_login,
125 # require => File[$sched_home_dir],
126 #}
127
128 # too tedious to create everything by hand
129 # so I prefered to used some puppet ruby module
130 # the exact content and directory name should IMHO be consolidated somewhere
131 import "create_upload_dir.rb"
132 create_upload_dir { "$sched_home_dir/uploads":
133 owner => $sched_login,
134 }
135 }
136
137 class youri_submit {
138 include sudo
139
140 file { "/usr/local/bin/mdv-youri-submit":
141 owner => root,
142 group => root,
143 mode => 755,
144 content => template("buildsystem/mdv-youri-submit")
145 }
146
147 file { "/usr/local/bin/mdv-youri-submit.wrapper":
148 owner => root,
149 group => root,
150 mode => 755,
151 content => template("buildsystem/mdv-youri-submit.wrapper")
152 }
153
154 sudo::sudoers_config { "mdv-youri-submit":
155 content => template("buildsystem/sudoers.youri")
156 }
157
158 file { "/etc/youri":
159 ensure => "directory",
160 }
161
162 file { "/etc/youri/submit-todo.conf":
163 ensure => present,
164 mode => 644,
165 require => File["/etc/youri"],
166 content => template("buildsystem/submit-todo.conf")
167 }
168
169 file { "/etc/youri/submit-upload.conf":
170 ensure => present,
171 mode => 644,
172 require => File["/etc/youri"],
173 content => template("buildsystem/submit-upload.conf")
174 }
175
176 file { "/etc/youri/acl.conf":
177 ensure => present,
178 mode => 644,
179 require => File["/etc/youri"],
180 content => template("buildsystem/youri_acl.conf")
181 }
182
183 file { '/usr/local/bin/submit_package':
184 ensure => present,
185 mode => 755,
186 content => template('buildsystem/submit_package')
187 }
188 }
189
190 # $groups: array of secondary groups (only local groups, no ldap)
191 define sshuser($homedir, $comment, $groups = []) {
192 group {"$title":
193 ensure => present,
194 }
195
196 user {"$title":
197 ensure => present,
198 comment => $comment,
199 managehome => true,
200 home => $homedir,
201 gid => $title,
202 groups => $groups,
203 shell => "/bin/bash",
204 notify => Exec["unlock$title"],
205 require => Group[$title],
206 }
207
208 # set password to * to unlock the account but forbid login through login
209 exec { "unlock$title":
210 command => "usermod -p '*' $title",
211 refreshonly => true,
212 }
213
214 file { $homedir:
215 ensure => "directory",
216 require => User[$title],
217 }
218
219 file { "$homedir/.ssh":
220 ensure => "directory",
221 mode => 600,
222 owner => $title,
223 group => $title,
224 require => File[$homedir],
225 }
226 }
227
228 class iurtuser {
229 sshuser { $build_login:
230 homedir => $build_home_dir,
231 comment => "System user used to run build bots",
232 }
233
234 file { "/etc/iurt":
235 ensure => "directory",
236 }
237 }
238
239 class iurt {
240 include sudo
241 include iurtuser
242 ssh::auth::client { $build_login: }
243 ssh::auth::server { $sched_login: user => $build_login }
244
245 # build node common settings
246 # we could have the following skip list to use less space:
247 # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
248 $package_list = ['task-bs-cluster-chroot', 'iurt']
249 package { $package_list:
250 ensure => installed;
251 }
252
253 file { "/etc/iurt/build":
254 ensure => "directory",
255 require => File["/etc/iurt"],
256 }
257
258 file { "/etc/iurt/build/cauldron.conf":
259 ensure => present,
260 owner => $build_login,
261 group => $build_login,
262 mode => 644,
263 require => File["/etc/iurt/build"],
264 content => template("buildsystem/iurt.cauldron.conf")
265 }
266
267 file { "/etc/iurt/build/mandriva2010.1.conf":
268 ensure => present,
269 owner => $build_login,
270 group => $build_login,
271 mode => 644,
272 require => File["/etc/iurt/build"],
273 content => template("buildsystem/iurt.mandriva2010.1.conf")
274 }
275
276 sudo::sudoers_config { "iurt":
277 content => template("buildsystem/sudoers.iurt")
278 }
279 }
280
281 # temporary script to create home dir with ssh key
282 # taking login and url as arguments
283 class mgacreatehome {
284 file { "/usr/local/sbin/mgacreatehome":
285 ensure => present,
286 owner => root,
287 group => root,
288 mode => 700,
289 content => template("buildsystem/mgacreatehome")
290 }
291 }
292
293 class check_missing_deps {
294 file { "/usr/local/bin/missing-deps.sh":
295 ensure => present,
296 owner => root,
297 group => root,
298 mode => 755,
299 source => "puppet:///modules/buildsystem/missing-deps.sh",
300 }
301
302 # FIXME hardcoded path
303 cron { "check missing deps":
304 command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
305 minute => "*/15",
306 }
307 }
308 }

  ViewVC Help
Powered by ViewVC 1.1.30