/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1875 - (show annotations) (download)
Wed Jul 20 11:45:35 2011 UTC (10 years, 2 months ago) by misc
File size: 14368 byte(s)
create the directory to hold rpmlint extracted configuration

1 class buildsystem {
2
3 class base {
4 $build_login = "iurt"
5 $build_home_dir = "/home/$build_login"
6 $sched_login = "schedbot"
7 $sched_home_dir = "/var/lib/$sched_login"
8 $packages_archivedir = "$sched_home_dir/old"
9 $sign_login = "signbot"
10 $sign_home_dir = "/var/lib/$sign_login"
11 $sign_keydir = "$sign_home_dir/keys"
12 # FIXME: maybe keyid should be defined at an other place
13 $sign_keyid = "80420F66"
14 $repository_root = "/distrib/bootstrap"
15 $mirror_root = "/distrib/mirror"
16 $maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
17 # FIXME: Test password. Real password should be in extdata.
18 $maintdb_key = 'm1g234'
19 $packagers_group = 'mga-packagers'
20 $createsrpm_path = '/usr/share/repsys/create-srpm'
21
22 include ssh::auth
23 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
24 home => $build_home_dir,
25 }
26 ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
27 home => $sched_home_dir,
28 }
29 }
30
31 class mainnode inherits base {
32 include iurtuser
33
34 sshuser { $sched_login:
35 homedir => $sched_home_dir,
36 comment => "System user used to schedule builds",
37 }
38
39 ssh::auth::client { $sched_login: }
40 ssh::auth::server { $sched_login: }
41 ssh::auth::server { $build_login: }
42
43 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
44 $package_list = ['iurt']
45 package { $package_list:
46 ensure => "installed"
47 }
48
49 apache::vhost_other_app { "repository.$domain":
50 vhost_file => "buildsystem/vhost_repository.conf",
51 }
52
53 $location = "/var/www/bs"
54 apache::vhost_base { "pkgsubmit.$domain":
55 aliases => { "/uploads" => "$sched_home_dir/uploads" },
56 location => $location,
57 content => template("buildsystem/vhost_pkgsubmit.conf"),
58 }
59
60 subversion::snapshot { $location:
61 source => "svn://svn.$domain/soft/buildsystem/web/",
62 }
63
64 file { "$repository_root/distrib/cauldron/i586/media/media_info/media.cfg":
65 ensure => present,
66 owner => $sched_login,
67 group => $sched_login,
68 mode => 644,
69 source => "puppet:///modules/buildsystem/i586/media.cfg",
70 }
71
72 file { "$repository_root/distrib/cauldron/x86_64/media/media_info/media.cfg":
73 ensure => present,
74 owner => $sched_login,
75 group => $sched_login,
76 mode => 644,
77 source => "puppet:///modules/buildsystem/x86_64/media.cfg",
78 }
79
80 include scheduler
81 include gatherer
82 include mgarepo
83 include youri_submit
84 include check_missing_deps
85 include signbot
86 }
87
88 class buildnode inherits base {
89 include iurt
90 }
91
92 class signbot {
93 sshuser { $sign_login:
94 homedir => $sign_home_dir,
95 comment => "System user used to sign packages",
96 groups => [$sched_login],
97 }
98
99 gnupg::keys{"packages":
100 email => "packages@$domain",
101 #FIXME there should be a variable somewhere to change the name of the distribution
102 key_name => 'Mageia Packages',
103 login => $sign_login,
104 batchdir => "$sign_home_dir/batches",
105 keydir => $sign_keydir,
106 }
107
108 sudo::sudoers_config { "signpackage":
109 content => template("buildsystem/sudoers.signpackage")
110 }
111
112 file { "$sign_home_dir/.rpmmacros":
113 ensure => present,
114 owner => root,
115 group => root,
116 mode => 644,
117 content => template("buildsystem/signbot-rpmmacros")
118 }
119
120 file { "/usr/local/bin/sign-check-package":
121 ensure => present,
122 owner => root,
123 group => root,
124 mode => 755,
125 content => template("buildsystem/sign-check-package")
126 }
127 }
128
129 class scheduler {
130 # ulri
131 include iurtupload
132 }
133
134 class gatherer {
135 # emi
136 include iurtupload
137 }
138
139 class iurtupload {
140 file { "/etc/iurt/upload.conf":
141 ensure => present,
142 owner => $build_login,
143 group => $build_login,
144 mode => 644,
145 require => File["/etc/iurt"],
146 content => template("buildsystem/upload.conf")
147 }
148 }
149
150 class maintdb inherits base {
151 include sudo
152 $maintdb_login = "maintdb"
153 $maintdb_homedir = "/var/lib/maintdb"
154 $maintdb_dbdir = "$maintdb_homedir/db"
155 $maintdb_binpath = "/usr/local/sbin/maintdb"
156 $maintdb_wrappath = "/usr/local/bin/wrapper.maintdb"
157 $maintdb_dump = "/var/www/bs/data/maintdb.txt"
158
159 user {"$maintdb_login":
160 ensure => present,
161 comment => "Maintainers database",
162 managehome => true,
163 shell => "/bin/bash",
164 home => "$maintdb_homedir",
165 }
166
167 file { "$maintdb_dbdir":
168 ensure => directory,
169 owner => "$maintdb_login",
170 group => "$maintdb_login",
171 mode => 700,
172 require => User["$maintdb_login"],
173 }
174
175 file { "$maintdb_binpath":
176 ensure => present,
177 owner => root,
178 group => root,
179 mode => 755,
180 content => template("buildsystem/maintdb")
181 }
182
183 file { "$maintdb_wrappath":
184 ensure => present,
185 owner => root,
186 group => root,
187 mode => 755,
188 content => template("buildsystem/wrapper.maintdb")
189 }
190
191 sudo::sudoers_config { "maintdb":
192 content => template("buildsystem/sudoers.maintdb")
193 }
194
195 file { "$maintdb_dump":
196 ensure => present,
197 owner => $maintdb_login,
198 mode => 644,
199 }
200
201 cron { "update maintdb export":
202 user => $maintdb_login,
203 command => "$maintdb_binpath root get > $maintdb_dump",
204 minute => "*/30",
205 }
206
207 }
208
209 class mgarepo {
210 package { 'mgarepo':
211
212 }
213
214 package { 'rpm-build':
215 }
216
217 file { "repsys.conf":
218 path => "/etc/repsys.conf",
219 owner => root,
220 group => root,
221 mode => 644,
222 content => template("buildsystem/repsys.conf")
223 }
224
225 file { "$packages_archivedir":
226 ensure => "directory",
227 owner => $sched_login,
228 require => File[$sched_home_dir],
229 }
230
231 file { "$sched_home_dir/repsys":
232 ensure => "directory",
233 owner => $sched_login,
234 require => File[$sched_home_dir],
235 }
236
237 file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
238 ensure => "directory",
239 owner => $sched_login,
240 group => "mga-packagers",
241 mode => 1775,
242 require => File["$sched_home_dir/repsys"],
243 }
244
245 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
246 #file { "$sched_home_dir/uploads":
247 # ensure => "directory",
248 # owner => $sched_login,
249 # require => File[$sched_home_dir],
250 #}
251
252 # too tedious to create everything by hand
253 # so I prefered to used some puppet ruby module
254 # the exact content and directory name should IMHO be consolidated somewhere
255 import "create_upload_dir.rb"
256 create_upload_dir { "$sched_home_dir/uploads":
257 owner => $sched_login,
258 group => $sched_login,
259 }
260
261 tidy { "$sched_home_dir/uploads":
262 age => "2w",
263 recurse => true,
264 type => "ctime",
265 }
266
267 tidy { "$packages_archivedir":
268 age => "1w",
269 matches => "*.rpm",
270 recurse => true,
271 type => "ctime",
272 }
273 }
274
275 class youri_submit {
276 include sudo
277
278 file { "/usr/local/bin/mga-youri-submit":
279 owner => root,
280 group => root,
281 mode => 755,
282 content => template("buildsystem/mga-youri-submit")
283 }
284
285 file { "/usr/local/bin/mga-youri-submit.wrapper":
286 owner => root,
287 group => root,
288 mode => 755,
289 content => template("buildsystem/mga-youri-submit.wrapper")
290 }
291
292 sudo::sudoers_config { "mga-youri-submit":
293 content => template("buildsystem/sudoers.youri")
294 }
295
296 # directory that hold configuration auto extracted after upload
297 # of the rpmlint policy
298 file { "/etc/rpmlint/extracted.d/":
299 ensure => directory,
300 owner => $sched_login,
301 }
302
303 file { "/etc/youri":
304 ensure => "directory",
305 }
306
307 file { "/etc/youri/submit-todo.conf":
308 ensure => present,
309 mode => 644,
310 require => File["/etc/youri"],
311 content => template("buildsystem/submit-todo.conf")
312 }
313
314 file { "/etc/youri/submit-upload.conf":
315 ensure => present,
316 mode => 644,
317 require => File["/etc/youri"],
318 content => template("buildsystem/submit-upload.conf")
319 }
320
321 file { "/etc/youri/acl.conf":
322 ensure => present,
323 mode => 644,
324 require => File["/etc/youri"],
325 content => template("buildsystem/youri_acl.conf")
326 }
327
328 file { '/usr/local/bin/submit_package':
329 ensure => present,
330 mode => 755,
331 content => template('buildsystem/submit_package')
332 }
333
334 # FIXME use the correct perl directory
335 file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
336 ensure => "directory",
337 }
338
339 file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
340 ensure => present,
341 mode => 644,
342 require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
343 source => "puppet:///modules/buildsystem/Mageia.pm",
344 }
345
346 $package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
347 'perl-Youri-Package', 'perl-Youri-Repository',
348 'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']
349
350 package { $package_list:
351 ensure => installed;
352 }
353 }
354
355 # $groups: array of secondary groups (only local groups, no ldap)
356 define sshuser($homedir, $comment, $groups = []) {
357 group {"$title":
358 ensure => present,
359 }
360
361 user {"$title":
362 ensure => present,
363 comment => $comment,
364 managehome => true,
365 home => $homedir,
366 gid => $title,
367 groups => $groups,
368 shell => "/bin/bash",
369 notify => Exec["unlock$title"],
370 require => Group[$title],
371 }
372
373 # set password to * to unlock the account but forbid login through login
374 exec { "unlock$title":
375 command => "usermod -p '*' $title",
376 refreshonly => true,
377 }
378
379 file { $homedir:
380 ensure => "directory",
381 require => User[$title],
382 }
383
384 file { "$homedir/.ssh":
385 ensure => "directory",
386 mode => 600,
387 owner => $title,
388 group => $title,
389 require => File[$homedir],
390 }
391 }
392
393 class iurtuser {
394 sshuser { $build_login:
395 homedir => $build_home_dir,
396 comment => "System user used to run build bots",
397 }
398
399 file { "/etc/iurt":
400 ensure => "directory",
401 }
402 }
403
404 class iurt {
405 include sudo
406 include iurtuser
407 ssh::auth::client { $build_login: }
408 ssh::auth::server { $sched_login: user => $build_login }
409
410 # build node common settings
411 # we could have the following skip list to use less space:
412 # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
413 $package_list = ['task-bs-cluster-chroot', 'iurt']
414 package { $package_list:
415 ensure => installed;
416 }
417
418 file { "/etc/iurt/build":
419 ensure => "directory",
420 require => File["/etc/iurt"],
421 }
422
423 file { "/etc/iurt/build/cauldron.conf":
424 ensure => present,
425 owner => $build_login,
426 group => $build_login,
427 mode => 644,
428 require => File["/etc/iurt/build"],
429 content => template("buildsystem/iurt.cauldron.conf")
430 }
431
432 file { "/etc/iurt/build/1.conf":
433 ensure => present,
434 owner => $build_login,
435 group => $build_login,
436 mode => 644,
437 require => File["/etc/iurt/build"],
438 content => template("buildsystem/iurt.1.conf")
439 }
440
441 file { "/etc/iurt/build/mandriva2010.1.conf":
442 ensure => present,
443 owner => $build_login,
444 group => $build_login,
445 mode => 644,
446 require => File["/etc/iurt/build"],
447 content => template("buildsystem/iurt.mandriva2010.1.conf")
448 }
449
450 sudo::sudoers_config { "iurt":
451 content => template("buildsystem/sudoers.iurt")
452 }
453 }
454
455 # temporary script to create home dir with ssh key
456 # taking login and url as arguments
457 class mgacreatehome {
458 file { "/usr/local/sbin/mgacreatehome":
459 ensure => present,
460 owner => root,
461 group => root,
462 mode => 700,
463 content => template("buildsystem/mgacreatehome")
464 }
465 }
466
467 class check_missing_deps {
468 file { "/usr/local/bin/missing-deps.sh":
469 ensure => present,
470 owner => root,
471 group => root,
472 mode => 755,
473 source => "puppet:///modules/buildsystem/missing-deps.sh",
474 }
475
476 # FIXME hardcoded path
477 cron { "check missing deps":
478 command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
479 minute => "*/15",
480 }
481 }
482
483 class release {
484 subversion::snapshot { "/root/release":
485 source => "svn://svn.$domain/soft/release/trunk/",
486 }
487
488 package { "hardlink":
489 ensure => "installed",
490 }
491 }
492
493 # A script to copy on valstar the 2010.1 rpms built on jonund
494 class sync20101 inherits base {
495 file { "/usr/local/bin/sync2010.1":
496 ensure => present,
497 owner => root,
498 group => root,
499 mode => 755,
500 content => template("buildsystem/sync2010.1"),
501 }
502 }
503
504 # a script to build 2010.1 packages. used on jonund
505 class iurt20101 inherits base {
506 file { "/usr/local/bin/iurt2010.1":
507 ensure => present,
508 owner => root,
509 group => root,
510 mode => 755,
511 content => template("buildsystem/iurt2010.1"),
512 }
513 }
514 }

  ViewVC Help
Powered by ViewVC 1.1.28