/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1300 - (show annotations) (download)
Wed Mar 9 00:11:00 2011 UTC (13 years, 7 months ago) by boklm
File size: 10327 byte(s)
add "Options Indexes" for /uploads directory
1 class buildsystem {
2
3 class base {
4 $build_login = "iurt"
5 $build_home_dir = "/home/$build_login"
6 $sched_login = "schedbot"
7 $sched_home_dir = "/var/lib/$sched_login"
8 $packages_archivedir = "$sched_home_dir/old"
9 $sign_login = "signbot"
10 $sign_home_dir = "/var/lib/$sign_login"
11 $sign_keydir = "$sign_home_dir/keys"
12 # FIXME: maybe keyid should be defined at an other place
13 $sign_keyid = "80420F66"
14 $repository_root = "/distrib/bootstrap"
15 $packagers_group = 'mga-packagers'
16 $createsrpm_path = '/usr/share/repsys/create-srpm'
17
18 include ssh::auth
19 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
20 home => $build_home_dir,
21 }
22 ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
23 home => $sched_home_dir,
24 }
25 }
26
27 class mainnode inherits base {
28 include iurtuser
29
30 sshuser { $sched_login:
31 homedir => $sched_home_dir,
32 comment => "System user used to schedule builds",
33 }
34
35 ssh::auth::client { $sched_login: }
36 ssh::auth::server { $sched_login: }
37 ssh::auth::server { $build_login: }
38
39 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
40 $package_list = ['iurt']
41 package { $package_list:
42 ensure => "installed"
43 }
44
45 apache::vhost_other_app { "repository.$domain":
46 vhost_file => "buildsystem/vhost_repository.conf",
47 }
48
49 $location = "/var/www/bs"
50 apache::vhost_base { "pkgsubmit.$domain":
51 aliases => { "/uploads" => "$sched_home_dir/uploads" },
52 location => $location,
53 content => template("buildsystem/vhost_pkgsubmit.conf"),
54 }
55
56 subversion::snapshot { $location:
57 source => "svn://svn.$domain/soft/buildsystem/web/",
58 }
59
60 include scheduler
61 include gatherer
62 include mgarepo
63 include youri_submit
64 include check_missing_deps
65 include signbot
66 }
67
68 class buildnode inherits base {
69 include iurt
70 }
71
72 class signbot {
73 sshuser { $sign_login:
74 homedir => $sign_home_dir,
75 comment => "System user used to sign packages",
76 groups => [$sched_login],
77 }
78
79 gnupg::keys{"packages":
80 email => "packages@$domain",
81 #FIXME there should be a variable somewhere to change the name of the distribution
82 key_name => 'Mageia Packages',
83 login => $sign_login,
84 batchdir => "$sign_home_dir/batches",
85 keydir => $sign_keydir,
86 }
87
88 sudo::sudoers_config { "signpackage":
89 content => template("buildsystem/sudoers.signpackage")
90 }
91
92 file { "$sign_home_dir/.rpmmacros":
93 ensure => present,
94 owner => root,
95 group => root,
96 mode => 644,
97 content => template("buildsystem/signbot-rpmmacros")
98 }
99
100 file { "/usr/local/bin/sign-check-package":
101 ensure => present,
102 owner => root,
103 group => root,
104 mode => 755,
105 content => template("buildsystem/sign-check-package")
106 }
107 }
108
109 class scheduler {
110 # ulri
111 include iurtupload
112 }
113
114 class gatherer {
115 # emi
116 include iurtupload
117 }
118
119 class iurtupload {
120 file { "/etc/iurt/upload.conf":
121 ensure => present,
122 owner => $build_login,
123 group => $build_login,
124 mode => 644,
125 require => File["/etc/iurt"],
126 content => template("buildsystem/upload.conf")
127 }
128 }
129
130 class mgarepo {
131 package { 'mgarepo':
132
133 }
134
135 package { 'rpm-build':
136 }
137
138 file { "repsys.conf":
139 path => "/etc/repsys.conf",
140 owner => root,
141 group => root,
142 mode => 644,
143 content => template("buildsystem/repsys.conf")
144 }
145
146 file { "$packages_archivedir":
147 ensure => "directory",
148 owner => $sched_login,
149 require => File[$sched_home_dir],
150 }
151
152 file { "$sched_home_dir/repsys":
153 ensure => "directory",
154 owner => $sched_login,
155 require => File[$sched_home_dir],
156 }
157
158 file { "$sched_home_dir/repsys/tmp":
159 ensure => "directory",
160 owner => $sched_login,
161 group => "mga-packagers",
162 mode => 1775,
163 require => File["$sched_home_dir/repsys"],
164 }
165
166 file { "$sched_home_dir/repsys/srpms":
167 ensure => "directory",
168 owner => $sched_login,
169 group => "mga-packagers",
170 mode => 1775,
171 require => File["$sched_home_dir/repsys"],
172 }
173
174 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
175 #file { "$sched_home_dir/uploads":
176 # ensure => "directory",
177 # owner => $sched_login,
178 # require => File[$sched_home_dir],
179 #}
180
181 # too tedious to create everything by hand
182 # so I prefered to used some puppet ruby module
183 # the exact content and directory name should IMHO be consolidated somewhere
184 import "create_upload_dir.rb"
185 create_upload_dir { "$sched_home_dir/uploads":
186 owner => $sched_login,
187 group => $sched_login,
188 }
189
190 tidy { "$packages_archivedir":
191 age => "1w",
192 matches => "*.rpm",
193 recurse => true,
194 type => "ctime",
195 }
196 }
197
198 class youri_submit {
199 include sudo
200
201 file { "/usr/local/bin/mdv-youri-submit":
202 owner => root,
203 group => root,
204 mode => 755,
205 content => template("buildsystem/mdv-youri-submit")
206 }
207
208 file { "/usr/local/bin/mdv-youri-submit.wrapper":
209 owner => root,
210 group => root,
211 mode => 755,
212 content => template("buildsystem/mdv-youri-submit.wrapper")
213 }
214
215 sudo::sudoers_config { "mdv-youri-submit":
216 content => template("buildsystem/sudoers.youri")
217 }
218
219 file { "/etc/youri":
220 ensure => "directory",
221 }
222
223 file { "/etc/youri/submit-todo.conf":
224 ensure => present,
225 mode => 644,
226 require => File["/etc/youri"],
227 content => template("buildsystem/submit-todo.conf")
228 }
229
230 file { "/etc/youri/submit-upload.conf":
231 ensure => present,
232 mode => 644,
233 require => File["/etc/youri"],
234 content => template("buildsystem/submit-upload.conf")
235 }
236
237 file { "/etc/youri/acl.conf":
238 ensure => present,
239 mode => 644,
240 require => File["/etc/youri"],
241 content => template("buildsystem/youri_acl.conf")
242 }
243
244 file { '/usr/local/bin/submit_package':
245 ensure => present,
246 mode => 755,
247 content => template('buildsystem/submit_package')
248 }
249 }
250
251 # $groups: array of secondary groups (only local groups, no ldap)
252 define sshuser($homedir, $comment, $groups = []) {
253 group {"$title":
254 ensure => present,
255 }
256
257 user {"$title":
258 ensure => present,
259 comment => $comment,
260 managehome => true,
261 home => $homedir,
262 gid => $title,
263 groups => $groups,
264 shell => "/bin/bash",
265 notify => Exec["unlock$title"],
266 require => Group[$title],
267 }
268
269 # set password to * to unlock the account but forbid login through login
270 exec { "unlock$title":
271 command => "usermod -p '*' $title",
272 refreshonly => true,
273 }
274
275 file { $homedir:
276 ensure => "directory",
277 require => User[$title],
278 }
279
280 file { "$homedir/.ssh":
281 ensure => "directory",
282 mode => 600,
283 owner => $title,
284 group => $title,
285 require => File[$homedir],
286 }
287 }
288
289 class iurtuser {
290 sshuser { $build_login:
291 homedir => $build_home_dir,
292 comment => "System user used to run build bots",
293 }
294
295 file { "/etc/iurt":
296 ensure => "directory",
297 }
298 }
299
300 class iurt {
301 include sudo
302 include iurtuser
303 ssh::auth::client { $build_login: }
304 ssh::auth::server { $sched_login: user => $build_login }
305
306 # build node common settings
307 # we could have the following skip list to use less space:
308 # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
309 $package_list = ['task-bs-cluster-chroot', 'iurt']
310 package { $package_list:
311 ensure => installed;
312 }
313
314 file { "/etc/iurt/build":
315 ensure => "directory",
316 require => File["/etc/iurt"],
317 }
318
319 file { "/etc/iurt/build/cauldron.conf":
320 ensure => present,
321 owner => $build_login,
322 group => $build_login,
323 mode => 644,
324 require => File["/etc/iurt/build"],
325 content => template("buildsystem/iurt.cauldron.conf")
326 }
327
328 file { "/etc/iurt/build/mandriva2010.1.conf":
329 ensure => present,
330 owner => $build_login,
331 group => $build_login,
332 mode => 644,
333 require => File["/etc/iurt/build"],
334 content => template("buildsystem/iurt.mandriva2010.1.conf")
335 }
336
337 sudo::sudoers_config { "iurt":
338 content => template("buildsystem/sudoers.iurt")
339 }
340 }
341
342 # temporary script to create home dir with ssh key
343 # taking login and url as arguments
344 class mgacreatehome {
345 file { "/usr/local/sbin/mgacreatehome":
346 ensure => present,
347 owner => root,
348 group => root,
349 mode => 700,
350 content => template("buildsystem/mgacreatehome")
351 }
352 }
353
354 class check_missing_deps {
355 file { "/usr/local/bin/missing-deps.sh":
356 ensure => present,
357 owner => root,
358 group => root,
359 mode => 755,
360 source => "puppet:///modules/buildsystem/missing-deps.sh",
361 }
362
363 # FIXME hardcoded path
364 cron { "check missing deps":
365 command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
366 minute => "*/15",
367 }
368 }
369 }

  ViewVC Help
Powered by ViewVC 1.1.30