buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/var/lib/$sched_login"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $repository_root = "/distrib/bootstrap"
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
                home => $build_home_dir,
        }
        ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
                home => $sched_home_dir,
        }
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
        include signbot
    }

    class buildnode inherits base {
        include iurt
    }

    class signbot {
        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
          groups => [$sched_login],
        }

        gnupg::keys{"packages":
          email => "packages@$domain",
          #FIXME there should be a variable somewhere to change the name of the distribution
          key_name => 'Mageia Packages',
          login => $sign_login,
          batchdir => "$sign_home_dir/batches",
          keydir => "$sign_home_dir/keys",
        }

        sudo::sudoers_config { "signpackage":
            content => template("buildsystem/sudoers.signpackage")
        }
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
        #file { "$sched_home_dir/uploads":
        #    ensure => "directory",
        #    owner  => $sched_login,
        #    require => File[$sched_home_dir],
        #}

        # too tedious to create everything by hand
        # so I prefered to used some puppet ruby module
        # the exact content and directory name should IMHO be consolidated somewhere
        import "create_upload_dir.rb"
        create_upload_dir { "$sched_home_dir/uploads":
            owner => $sched_login, 
            group => $sched_login,
        } 
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mdv-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }
    }

    # $groups: array of secondary groups (only local groups, no ldap)
    define sshuser($homedir, $comment, $groups = []) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            home => $homedir,
            gid => $title,
            groups => $groups,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            source => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/var/lib/$sched_login"
8	$sign_login = "signbot"
9	$sign_home_dir = "/var/lib/$sign_login"
10	$repository_root = "/distrib/bootstrap"
11	$packagers_group = 'mga-packagers'
12	$createsrpm_path = '/usr/share/repsys/create-srpm'
13
14	include ssh::auth
15	ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
16	home => $build_home_dir,
17	}
18	ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
19	home => $sched_home_dir,
20	}
21	}
22
23	class mainnode inherits base {
24	include iurtuser
25
26	sshuser { $sched_login:
27	homedir => $sched_home_dir,
28	comment => "System user used to schedule builds",
29	}
30
31	ssh::auth::client { $sched_login: }
32	ssh::auth::server { $sched_login: }
33	ssh::auth::server { $build_login: }
34
35	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
36	$package_list = ['iurt']
37	package { $package_list:
38	ensure => "installed"
39	}
40
41	apache::vhost_other_app { "repository.$domain":
42	vhost_file => "buildsystem/vhost_repository.conf",
43	}
44
45	apache::vhost_other_app { "pkgsubmit.$domain":
46	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
47	}
48
49	include scheduler
50	include gatherer
51	include mgarepo
52	include youri_submit
53	include check_missing_deps
54	include signbot
55	}
56
57	class buildnode inherits base {
58	include iurt
59	}
60
61	class signbot {
62	sshuser { $sign_login:
63	homedir => $sign_home_dir,
64	comment => "System user used to sign packages",
65	groups => [$sched_login],
66	}
67
68	gnupg::keys{"packages":
69	email => "packages@$domain",
70	#FIXME there should be a variable somewhere to change the name of the distribution
71	key_name => 'Mageia Packages',
72	login => $sign_login,
73	batchdir => "$sign_home_dir/batches",
74	keydir => "$sign_home_dir/keys",
75	}
76
77	sudo::sudoers_config { "signpackage":
78	content => template("buildsystem/sudoers.signpackage")
79	}
80	}
81
82	class scheduler {
83	# ulri
84	include iurtupload
85	}
86
87	class gatherer {
88	# emi
89	include iurtupload
90	}
91
92	class iurtupload {
93	file { "/etc/iurt/upload.conf":
94	ensure => present,
95	owner => $build_login,
96	group => $build_login,
97	mode => 644,
98	require => File["/etc/iurt"],
99	content => template("buildsystem/upload.conf")
100	}
101	}
102
103	class mgarepo {
104	package { 'mgarepo':
105
106	}
107
108	package { 'rpm-build':
109	}
110
111	file { "repsys.conf":
112	path => "/etc/repsys.conf",
113	owner => root,
114	group => root,
115	mode => 644,
116	content => template("buildsystem/repsys.conf")
117	}
118
119	file { "$sched_home_dir/repsys":
120	ensure => "directory",
121	owner => $sched_login,
122	require => File[$sched_home_dir],
123	}
124
125	file { "$sched_home_dir/repsys/tmp":
126	ensure => "directory",
127	owner => $sched_login,
128	group => "mga-packagers",
129	mode => 1775,
130	require => File["$sched_home_dir/repsys"],
131	}
132
133	file { "$sched_home_dir/repsys/srpms":
134	ensure => "directory",
135	owner => $sched_login,
136	group => "mga-packagers",
137	mode => 1775,
138	require => File["$sched_home_dir/repsys"],
139	}
140
141	# FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
142	#file { "$sched_home_dir/uploads":
143	# ensure => "directory",
144	# owner => $sched_login,
145	# require => File[$sched_home_dir],
146	#}
147
148	# too tedious to create everything by hand
149	# so I prefered to used some puppet ruby module
150	# the exact content and directory name should IMHO be consolidated somewhere
151	import "create_upload_dir.rb"
152	create_upload_dir { "$sched_home_dir/uploads":
153	owner => $sched_login,
154	group => $sched_login,
155	}
156	}
157
158	class youri_submit {
159	include sudo
160
161	file { "/usr/local/bin/mdv-youri-submit":
162	owner => root,
163	group => root,
164	mode => 755,
165	content => template("buildsystem/mdv-youri-submit")
166	}
167
168	file { "/usr/local/bin/mdv-youri-submit.wrapper":
169	owner => root,
170	group => root,
171	mode => 755,
172	content => template("buildsystem/mdv-youri-submit.wrapper")
173	}
174
175	sudo::sudoers_config { "mdv-youri-submit":
176	content => template("buildsystem/sudoers.youri")
177	}
178
179	file { "/etc/youri":
180	ensure => "directory",
181	}
182
183	file { "/etc/youri/submit-todo.conf":
184	ensure => present,
185	mode => 644,
186	require => File["/etc/youri"],
187	content => template("buildsystem/submit-todo.conf")
188	}
189
190	file { "/etc/youri/submit-upload.conf":
191	ensure => present,
192	mode => 644,
193	require => File["/etc/youri"],
194	content => template("buildsystem/submit-upload.conf")
195	}
196
197	file { "/etc/youri/acl.conf":
198	ensure => present,
199	mode => 644,
200	require => File["/etc/youri"],
201	content => template("buildsystem/youri_acl.conf")
202	}
203
204	file { '/usr/local/bin/submit_package':
205	ensure => present,
206	mode => 755,
207	content => template('buildsystem/submit_package')
208	}
209	}
210
211	# $groups: array of secondary groups (only local groups, no ldap)
212	define sshuser($homedir, $comment, $groups = []) {
213	group {"$title":
214	ensure => present,
215	}
216
217	user {"$title":
218	ensure => present,
219	comment => $comment,
220	managehome => true,
221	home => $homedir,
222	gid => $title,
223	groups => $groups,
224	shell => "/bin/bash",
225	notify => Exec["unlock$title"],
226	require => Group[$title],
227	}
228
229	# set password to * to unlock the account but forbid login through login
230	exec { "unlock$title":
231	command => "usermod -p '*' $title",
232	refreshonly => true,
233	}
234
235	file { $homedir:
236	ensure => "directory",
237	require => User[$title],
238	}
239
240	file { "$homedir/.ssh":
241	ensure => "directory",
242	mode => 600,
243	owner => $title,
244	group => $title,
245	require => File[$homedir],
246	}
247	}
248
249	class iurtuser {
250	sshuser { $build_login:
251	homedir => $build_home_dir,
252	comment => "System user used to run build bots",
253	}
254
255	file { "/etc/iurt":
256	ensure => "directory",
257	}
258	}
259
260	class iurt {
261	include sudo
262	include iurtuser
263	ssh::auth::client { $build_login: }
264	ssh::auth::server { $sched_login: user => $build_login }
265
266	# build node common settings
267	# we could have the following skip list to use less space:
268	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
269	$package_list = ['task-bs-cluster-chroot', 'iurt']
270	package { $package_list:
271	ensure => installed;
272	}
273
274	file { "/etc/iurt/build":
275	ensure => "directory",
276	require => File["/etc/iurt"],
277	}
278
279	file { "/etc/iurt/build/cauldron.conf":
280	ensure => present,
281	owner => $build_login,
282	group => $build_login,
283	mode => 644,
284	require => File["/etc/iurt/build"],
285	content => template("buildsystem/iurt.cauldron.conf")
286	}
287
288	file { "/etc/iurt/build/mandriva2010.1.conf":
289	ensure => present,
290	owner => $build_login,
291	group => $build_login,
292	mode => 644,
293	require => File["/etc/iurt/build"],
294	content => template("buildsystem/iurt.mandriva2010.1.conf")
295	}
296
297	sudo::sudoers_config { "iurt":
298	content => template("buildsystem/sudoers.iurt")
299	}
300	}
301
302	# temporary script to create home dir with ssh key
303	# taking login and url as arguments
304	class mgacreatehome {
305	file { "/usr/local/sbin/mgacreatehome":
306	ensure => present,
307	owner => root,
308	group => root,
309	mode => 700,
310	content => template("buildsystem/mgacreatehome")
311	}
312	}
313
314	class check_missing_deps {
315	file { "/usr/local/bin/missing-deps.sh":
316	ensure => present,
317	owner => root,
318	group => root,
319	mode => 755,
320	source => "puppet:///modules/buildsystem/missing-deps.sh",
321	}
322
323	# FIXME hardcoded path
324	cron { "check missing deps":
325	command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
326	minute => "*/15",
327	}
328	}
329	}