buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/var/lib/$sched_login"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $repository_root = "/distrib/bootstrap"
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
                home => $build_home_dir,
        }
        ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
                home => $sched_home_dir,
        }
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
          groups => [$sched_login],
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
        #file { "$sched_home_dir/uploads":
        #    ensure => "directory",
        #    owner  => $sched_login,
        #    require => File[$sched_home_dir],
        #}

        # too tedious to create everything by hand
        # so I prefered to used some puppet ruby module
        # the exact content and directory name should IMHO be consolidated somewhere
        import "create_upload_dir.rb"
        create_upload_dir { "$sched_home_dir/uploads":
            owner => $sched_login, 
        } 
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mdv-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }
    }

    # $groups: array of secondary groups (only local groups, no ldap)
    define sshuser($homedir, $comment, $groups = []) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            home => $homedir,
            gid => $title,
            groups => $groups,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            source => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/var/lib/$sched_login"
8	$sign_login = "signbot"
9	$sign_home_dir = "/var/lib/$sign_login"
10	$repository_root = "/distrib/bootstrap"
11	$packagers_group = 'mga-packagers'
12	$createsrpm_path = '/usr/share/repsys/create-srpm'
13
14	include ssh::auth
15	ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
16	home => $build_home_dir,
17	}
18	ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
19	home => $sched_home_dir,
20	}
21	}
22
23	class mainnode inherits base {
24	include iurtuser
25
26	sshuser { $sched_login:
27	homedir => $sched_home_dir,
28	comment => "System user used to schedule builds",
29	}
30
31	sshuser { $sign_login:
32	homedir => $sign_home_dir,
33	comment => "System user used to sign packages",
34	groups => [$sched_login],
35	}
36
37	ssh::auth::client { $sched_login: }
38	ssh::auth::server { $sched_login: }
39	ssh::auth::server { $build_login: }
40
41	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
42	$package_list = ['iurt']
43	package { $package_list:
44	ensure => "installed"
45	}
46
47	apache::vhost_other_app { "repository.$domain":
48	vhost_file => "buildsystem/vhost_repository.conf",
49	}
50
51	apache::vhost_other_app { "pkgsubmit.$domain":
52	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
53	}
54
55	include scheduler
56	include gatherer
57	include mgarepo
58	include youri_submit
59	include check_missing_deps
60	}
61
62	class buildnode inherits base {
63	include iurt
64	}
65
66	class scheduler {
67	# ulri
68	include iurtupload
69	}
70
71	class gatherer {
72	# emi
73	include iurtupload
74	}
75
76	class iurtupload {
77	file { "/etc/iurt/upload.conf":
78	ensure => present,
79	owner => $build_login,
80	group => $build_login,
81	mode => 644,
82	require => File["/etc/iurt"],
83	content => template("buildsystem/upload.conf")
84	}
85	}
86
87	class mgarepo {
88	package { 'mgarepo':
89
90	}
91
92	package { 'rpm-build':
93	}
94
95	file { "repsys.conf":
96	path => "/etc/repsys.conf",
97	owner => root,
98	group => root,
99	mode => 644,
100	content => template("buildsystem/repsys.conf")
101	}
102
103	file { "$sched_home_dir/repsys":
104	ensure => "directory",
105	owner => $sched_login,
106	require => File[$sched_home_dir],
107	}
108
109	file { "$sched_home_dir/repsys/tmp":
110	ensure => "directory",
111	owner => $sched_login,
112	group => "mga-packagers",
113	mode => 1775,
114	require => File["$sched_home_dir/repsys"],
115	}
116
117	file { "$sched_home_dir/repsys/srpms":
118	ensure => "directory",
119	owner => $sched_login,
120	group => "mga-packagers",
121	mode => 1775,
122	require => File["$sched_home_dir/repsys"],
123	}
124
125	# FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
126	#file { "$sched_home_dir/uploads":
127	# ensure => "directory",
128	# owner => $sched_login,
129	# require => File[$sched_home_dir],
130	#}
131
132	# too tedious to create everything by hand
133	# so I prefered to used some puppet ruby module
134	# the exact content and directory name should IMHO be consolidated somewhere
135	import "create_upload_dir.rb"
136	create_upload_dir { "$sched_home_dir/uploads":
137	owner => $sched_login,
138	}
139	}
140
141	class youri_submit {
142	include sudo
143
144	file { "/usr/local/bin/mdv-youri-submit":
145	owner => root,
146	group => root,
147	mode => 755,
148	content => template("buildsystem/mdv-youri-submit")
149	}
150
151	file { "/usr/local/bin/mdv-youri-submit.wrapper":
152	owner => root,
153	group => root,
154	mode => 755,
155	content => template("buildsystem/mdv-youri-submit.wrapper")
156	}
157
158	sudo::sudoers_config { "mdv-youri-submit":
159	content => template("buildsystem/sudoers.youri")
160	}
161
162	file { "/etc/youri":
163	ensure => "directory",
164	}
165
166	file { "/etc/youri/submit-todo.conf":
167	ensure => present,
168	mode => 644,
169	require => File["/etc/youri"],
170	content => template("buildsystem/submit-todo.conf")
171	}
172
173	file { "/etc/youri/submit-upload.conf":
174	ensure => present,
175	mode => 644,
176	require => File["/etc/youri"],
177	content => template("buildsystem/submit-upload.conf")
178	}
179
180	file { "/etc/youri/acl.conf":
181	ensure => present,
182	mode => 644,
183	require => File["/etc/youri"],
184	content => template("buildsystem/youri_acl.conf")
185	}
186
187	file { '/usr/local/bin/submit_package':
188	ensure => present,
189	mode => 755,
190	content => template('buildsystem/submit_package')
191	}
192	}
193
194	# $groups: array of secondary groups (only local groups, no ldap)
195	define sshuser($homedir, $comment, $groups = []) {
196	group {"$title":
197	ensure => present,
198	}
199
200	user {"$title":
201	ensure => present,
202	comment => $comment,
203	managehome => true,
204	home => $homedir,
205	gid => $title,
206	groups => $groups,
207	shell => "/bin/bash",
208	notify => Exec["unlock$title"],
209	require => Group[$title],
210	}
211
212	# set password to * to unlock the account but forbid login through login
213	exec { "unlock$title":
214	command => "usermod -p '*' $title",
215	refreshonly => true,
216	}
217
218	file { $homedir:
219	ensure => "directory",
220	require => User[$title],
221	}
222
223	file { "$homedir/.ssh":
224	ensure => "directory",
225	mode => 600,
226	owner => $title,
227	group => $title,
228	require => File[$homedir],
229	}
230	}
231
232	class iurtuser {
233	sshuser { $build_login:
234	homedir => $build_home_dir,
235	comment => "System user used to run build bots",
236	}
237
238	file { "/etc/iurt":
239	ensure => "directory",
240	}
241	}
242
243	class iurt {
244	include sudo
245	include iurtuser
246	ssh::auth::client { $build_login: }
247	ssh::auth::server { $sched_login: user => $build_login }
248
249	# build node common settings
250	# we could have the following skip list to use less space:
251	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
252	$package_list = ['task-bs-cluster-chroot', 'iurt']
253	package { $package_list:
254	ensure => installed;
255	}
256
257	file { "/etc/iurt/build":
258	ensure => "directory",
259	require => File["/etc/iurt"],
260	}
261
262	file { "/etc/iurt/build/cauldron.conf":
263	ensure => present,
264	owner => $build_login,
265	group => $build_login,
266	mode => 644,
267	require => File["/etc/iurt/build"],
268	content => template("buildsystem/iurt.cauldron.conf")
269	}
270
271	file { "/etc/iurt/build/mandriva2010.1.conf":
272	ensure => present,
273	owner => $build_login,
274	group => $build_login,
275	mode => 644,
276	require => File["/etc/iurt/build"],
277	content => template("buildsystem/iurt.mandriva2010.1.conf")
278	}
279
280	sudo::sudoers_config { "iurt":
281	content => template("buildsystem/sudoers.iurt")
282	}
283	}
284
285	# temporary script to create home dir with ssh key
286	# taking login and url as arguments
287	class mgacreatehome {
288	file { "/usr/local/sbin/mgacreatehome":
289	ensure => present,
290	owner => root,
291	group => root,
292	mode => 700,
293	content => template("buildsystem/mgacreatehome")
294	}
295	}
296
297	class check_missing_deps {
298	file { "/usr/local/bin/missing-deps.sh":
299	ensure => present,
300	owner => root,
301	group => root,
302	mode => 755,
303	source => "puppet:///modules/buildsystem/missing-deps.sh",
304	}
305
306	# FIXME hardcoded path
307	cron { "check missing deps":
308	command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
309	minute => "*/15",
310	}
311	}
312	}