/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1582 - (show annotations) (download)
Wed May 4 22:29:26 2011 UTC (12 years, 4 months ago) by boklm
File size: 12286 byte(s) 
install media.cfg as media.cfg (not -raw)
1 class buildsystem {
2
3 class base {
4 $build_login = "iurt"
5 $build_home_dir = "/home/$build_login"
6 $sched_login = "schedbot"
7 $sched_home_dir = "/var/lib/$sched_login"
8 $packages_archivedir = "$sched_home_dir/old"
9 $sign_login = "signbot"
10 $sign_home_dir = "/var/lib/$sign_login"
11 $sign_keydir = "$sign_home_dir/keys"
12 # FIXME: maybe keyid should be defined at an other place
13 $sign_keyid = "80420F66"
14 $repository_root = "/distrib/bootstrap"
15 $mirror_root = "/distrib/mirror"
16 $maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
17 # FIXME: Test password. Real password should be in extdata.
18 $maintdb_key = 'm1g234'
19 $packagers_group = 'mga-packagers'
20 $createsrpm_path = '/usr/share/repsys/create-srpm'
21
22 include ssh::auth
23 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
24 home => $build_home_dir,
25 }
26 ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
27 home => $sched_home_dir,
28 }
29 }
30
31 class mainnode inherits base {
32 include iurtuser
33
34 sshuser { $sched_login:
35 homedir => $sched_home_dir,
36 comment => "System user used to schedule builds",
37 }
38
39 ssh::auth::client { $sched_login: }
40 ssh::auth::server { $sched_login: }
41 ssh::auth::server { $build_login: }
42
43 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
44 $package_list = ['iurt']
45 package { $package_list:
46 ensure => "installed"
47 }
48
49 apache::vhost_other_app { "repository.$domain":
50 vhost_file => "buildsystem/vhost_repository.conf",
51 }
52
53 $location = "/var/www/bs"
54 apache::vhost_base { "pkgsubmit.$domain":
55 aliases => { "/uploads" => "$sched_home_dir/uploads" },
56 location => $location,
57 content => template("buildsystem/vhost_pkgsubmit.conf"),
58 }
59
60 subversion::snapshot { $location:
61 source => "svn://svn.$domain/soft/buildsystem/web/",
62 }
63
64 file { "$repository_root/distrib/cauldron/i586/media/media_info/media.cfg":
65 ensure => present,
66 owner => $sched_login,
67 group => $sched_login,
68 mode => 644,
69 source => "puppet:///modules/buildsystem/i586/media.cfg",
70 }
71
72 file { "$repository_root/distrib/cauldron/x86_64/media/media_info/media.cfg":
73 ensure => present,
74 owner => $sched_login,
75 group => $sched_login,
76 mode => 644,
77 source => "puppet:///modules/buildsystem/x86_64/media.cfg",
78 }
79
80 include scheduler
81 include gatherer
82 include mgarepo
83 include youri_submit
84 include check_missing_deps
85 include signbot
86 }
87
88 class buildnode inherits base {
89 include iurt
90 }
91
92 class signbot {
93 sshuser { $sign_login:
94 homedir => $sign_home_dir,
95 comment => "System user used to sign packages",
96 groups => [$sched_login],
97 }
98
99 gnupg::keys{"packages":
100 email => "packages@$domain",
101 #FIXME there should be a variable somewhere to change the name of the distribution
102 key_name => 'Mageia Packages',
103 login => $sign_login,
104 batchdir => "$sign_home_dir/batches",
105 keydir => $sign_keydir,
106 }
107
108 sudo::sudoers_config { "signpackage":
109 content => template("buildsystem/sudoers.signpackage")
110 }
111
112 file { "$sign_home_dir/.rpmmacros":
113 ensure => present,
114 owner => root,
115 group => root,
116 mode => 644,
117 content => template("buildsystem/signbot-rpmmacros")
118 }
119
120 file { "/usr/local/bin/sign-check-package":
121 ensure => present,
122 owner => root,
123 group => root,
124 mode => 755,
125 content => template("buildsystem/sign-check-package")
126 }
127 }
128
129 class scheduler {
130 # ulri
131 include iurtupload
132 }
133
134 class gatherer {
135 # emi
136 include iurtupload
137 }
138
139 class iurtupload {
140 file { "/etc/iurt/upload.conf":
141 ensure => present,
142 owner => $build_login,
143 group => $build_login,
144 mode => 644,
145 require => File["/etc/iurt"],
146 content => template("buildsystem/upload.conf")
147 }
148 }
149
150 class mgarepo {
151 package { 'mgarepo':
152
153 }
154
155 package { 'rpm-build':
156 }
157
158 file { "repsys.conf":
159 path => "/etc/repsys.conf",
160 owner => root,
161 group => root,
162 mode => 644,
163 content => template("buildsystem/repsys.conf")
164 }
165
166 file { "$packages_archivedir":
167 ensure => "directory",
168 owner => $sched_login,
169 require => File[$sched_home_dir],
170 }
171
172 file { "$sched_home_dir/repsys":
173 ensure => "directory",
174 owner => $sched_login,
175 require => File[$sched_home_dir],
176 }
177
178 file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
179 ensure => "directory",
180 owner => $sched_login,
181 group => "mga-packagers",
182 mode => 1775,
183 require => File["$sched_home_dir/repsys"],
184 }
185
186 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
187 #file { "$sched_home_dir/uploads":
188 # ensure => "directory",
189 # owner => $sched_login,
190 # require => File[$sched_home_dir],
191 #}
192
193 # too tedious to create everything by hand
194 # so I prefered to used some puppet ruby module
195 # the exact content and directory name should IMHO be consolidated somewhere
196 import "create_upload_dir.rb"
197 create_upload_dir { "$sched_home_dir/uploads":
198 owner => $sched_login,
199 group => $sched_login,
200 }
201
202 tidy { "$sched_home_dir/uploads":
203 age => "2w",
204 recurse => true,
205 type => "ctime",
206 }
207
208 tidy { "$packages_archivedir":
209 age => "1w",
210 matches => "*.rpm",
211 recurse => true,
212 type => "ctime",
213 }
214 }
215
216 class youri_submit {
217 include sudo
218
219 file { "/usr/local/bin/mga-youri-submit":
220 owner => root,
221 group => root,
222 mode => 755,
223 content => template("buildsystem/mga-youri-submit")
224 }
225
226 file { "/usr/local/bin/mga-youri-submit.wrapper":
227 owner => root,
228 group => root,
229 mode => 755,
230 content => template("buildsystem/mga-youri-submit.wrapper")
231 }
232
233 sudo::sudoers_config { "mga-youri-submit":
234 content => template("buildsystem/sudoers.youri")
235 }
236
237 file { "/etc/youri":
238 ensure => "directory",
239 }
240
241 file { "/etc/youri/submit-todo.conf":
242 ensure => present,
243 mode => 644,
244 require => File["/etc/youri"],
245 content => template("buildsystem/submit-todo.conf")
246 }
247
248 file { "/etc/youri/submit-upload.conf":
249 ensure => present,
250 mode => 644,
251 require => File["/etc/youri"],
252 content => template("buildsystem/submit-upload.conf")
253 }
254
255 file { "/etc/youri/acl.conf":
256 ensure => present,
257 mode => 644,
258 require => File["/etc/youri"],
259 content => template("buildsystem/youri_acl.conf")
260 }
261
262 file { '/usr/local/bin/submit_package':
263 ensure => present,
264 mode => 755,
265 content => template('buildsystem/submit_package')
266 }
267
268 # FIXME use the correct perl directory
269 file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
270 ensure => "directory",
271 }
272
273 file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
274 ensure => present,
275 mode => 644,
276 require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
277 source => "puppet:///modules/buildsystem/Mageia.pm",
278 }
279
280 $package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
281 'perl-Youri-Package', 'perl-Youri-Repository',
282 'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']
283
284 package { $package_list:
285 ensure => installed;
286 }
287 }
288
289 # $groups: array of secondary groups (only local groups, no ldap)
290 define sshuser($homedir, $comment, $groups = []) {
291 group {"$title":
292 ensure => present,
293 }
294
295 user {"$title":
296 ensure => present,
297 comment => $comment,
298 managehome => true,
299 home => $homedir,
300 gid => $title,
301 groups => $groups,
302 shell => "/bin/bash",
303 notify => Exec["unlock$title"],
304 require => Group[$title],
305 }
306
307 # set password to * to unlock the account but forbid login through login
308 exec { "unlock$title":
309 command => "usermod -p '*' $title",
310 refreshonly => true,
311 }
312
313 file { $homedir:
314 ensure => "directory",
315 require => User[$title],
316 }
317
318 file { "$homedir/.ssh":
319 ensure => "directory",
320 mode => 600,
321 owner => $title,
322 group => $title,
323 require => File[$homedir],
324 }
325 }
326
327 class iurtuser {
328 sshuser { $build_login:
329 homedir => $build_home_dir,
330 comment => "System user used to run build bots",
331 }
332
333 file { "/etc/iurt":
334 ensure => "directory",
335 }
336 }
337
338 class iurt {
339 include sudo
340 include iurtuser
341 ssh::auth::client { $build_login: }
342 ssh::auth::server { $sched_login: user => $build_login }
343
344 # build node common settings
345 # we could have the following skip list to use less space:
346 # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
347 $package_list = ['task-bs-cluster-chroot', 'iurt']
348 package { $package_list:
349 ensure => installed;
350 }
351
352 file { "/etc/iurt/build":
353 ensure => "directory",
354 require => File["/etc/iurt"],
355 }
356
357 file { "/etc/iurt/build/cauldron.conf":
358 ensure => present,
359 owner => $build_login,
360 group => $build_login,
361 mode => 644,
362 require => File["/etc/iurt/build"],
363 content => template("buildsystem/iurt.cauldron.conf")
364 }
365
366 file { "/etc/iurt/build/mandriva2010.1.conf":
367 ensure => present,
368 owner => $build_login,
369 group => $build_login,
370 mode => 644,
371 require => File["/etc/iurt/build"],
372 content => template("buildsystem/iurt.mandriva2010.1.conf")
373 }
374
375 sudo::sudoers_config { "iurt":
376 content => template("buildsystem/sudoers.iurt")
377 }
378 }
379
380 # temporary script to create home dir with ssh key
381 # taking login and url as arguments
382 class mgacreatehome {
383 file { "/usr/local/sbin/mgacreatehome":
384 ensure => present,
385 owner => root,
386 group => root,
387 mode => 700,
388 content => template("buildsystem/mgacreatehome")
389 }
390 }
391
392 class check_missing_deps {
393 file { "/usr/local/bin/missing-deps.sh":
394 ensure => present,
395 owner => root,
396 group => root,
397 mode => 755,
398 source => "puppet:///modules/buildsystem/missing-deps.sh",
399 }
400
401 # FIXME hardcoded path
402 cron { "check missing deps":
403 command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
404 minute => "*/15",
405 }
406 }
407
408 # A script to copy on valstar the 2010.1 rpms built on jonund
409 class sync20101 inherits base {
410 file { "/usr/local/bin/sync2010.1":
411 ensure => present,
412 owner => root,
413 group => root,
414 mode => 755,
415 content => template("buildsystem/sync2010.1"),
416 }
417 }
418
419 # a script to build 2010.1 packages. used on jonund
420 class iurt20101 inherits base {
421 file { "/usr/local/bin/iurt2010.1":
422 ensure => present,
423 owner => root,
424 group => root,
425 mode => 755,
426 content => template("buildsystem/iurt2010.1"),
427 }
428 }
429 }
  ViewVC Help
Powered by ViewVC 1.1.28