/[adm]/puppet/modules/buildsystem/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/buildsystem/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1927 - (show annotations) (download)
Tue Aug 16 22:38:24 2011 UTC (12 years, 7 months ago) by boklm
File size: 15504 byte(s)
add script to upload binrepo files
1 class buildsystem {
2
3 class base {
4 $build_login = "iurt"
5 $build_home_dir = "/home/$build_login"
6 $sched_login = "schedbot"
7 $sched_home_dir = "/var/lib/$sched_login"
8 $packages_archivedir = "$sched_home_dir/old"
9 $sign_login = "signbot"
10 $sign_home_dir = "/var/lib/$sign_login"
11 $sign_keydir = "$sign_home_dir/keys"
12 # FIXME: maybe keyid should be defined at an other place
13 $sign_keyid = "80420F66"
14 $repository_root = "/distrib/bootstrap"
15 $mirror_root = "/distrib/mirror"
16 $maintdb_url = 'http://www.maintdb2.mageia.org.uk/maintainers_packages/create'
17 # FIXME: Test password. Real password should be in extdata.
18 $maintdb_key = 'm1g234'
19 $packagers_group = 'mga-packagers'
20 $createsrpm_path = '/usr/share/repsys/create-srpm'
21
22 include ssh::auth
23 ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
24 home => $build_home_dir,
25 }
26 ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
27 home => $sched_home_dir,
28 }
29 }
30
31 class mainnode inherits base {
32 include iurtuser
33
34 sshuser { $sched_login:
35 homedir => $sched_home_dir,
36 comment => "System user used to schedule builds",
37 }
38
39 ssh::auth::client { $sched_login: }
40 ssh::auth::server { $sched_login: }
41 ssh::auth::server { $build_login: }
42
43 # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
44 $package_list = ['iurt']
45 package { $package_list:
46 ensure => "installed"
47 }
48
49 apache::vhost_other_app { "repository.$domain":
50 vhost_file => "buildsystem/vhost_repository.conf",
51 }
52
53 $location = "/var/www/bs"
54 file { $location:
55 ensure => directory,
56 }
57
58 apache::vhost_base { "pkgsubmit.$domain":
59 aliases => { "/uploads" => "$sched_home_dir/uploads" },
60 location => $location,
61 content => template("buildsystem/vhost_pkgsubmit.conf"),
62 }
63
64 subversion::snapshot { $location:
65 source => "svn://svn.$domain/soft/buildsystem/web/",
66 }
67
68 file { "$repository_root/distrib/cauldron/i586/media/media_info/media.cfg":
69 ensure => present,
70 owner => $sched_login,
71 group => $sched_login,
72 mode => 644,
73 source => "puppet:///modules/buildsystem/i586/media.cfg",
74 }
75
76 file { "$repository_root/distrib/cauldron/x86_64/media/media_info/media.cfg":
77 ensure => present,
78 owner => $sched_login,
79 group => $sched_login,
80 mode => 644,
81 source => "puppet:///modules/buildsystem/x86_64/media.cfg",
82 }
83
84 include scheduler
85 include gatherer
86 include mgarepo
87 include youri_submit
88 include check_missing_deps
89 include signbot
90 }
91
92 class buildnode inherits base {
93 include iurt
94 }
95
96 class signbot {
97 sshuser { $sign_login:
98 homedir => $sign_home_dir,
99 comment => "System user used to sign packages",
100 groups => [$sched_login],
101 }
102
103 gnupg::keys{"packages":
104 email => "packages@$domain",
105 #FIXME there should be a variable somewhere to change the name of the distribution
106 key_name => 'Mageia Packages',
107 login => $sign_login,
108 batchdir => "$sign_home_dir/batches",
109 keydir => $sign_keydir,
110 }
111
112 sudo::sudoers_config { "signpackage":
113 content => template("buildsystem/sudoers.signpackage")
114 }
115
116 file { "$sign_home_dir/.rpmmacros":
117 ensure => present,
118 owner => root,
119 group => root,
120 mode => 644,
121 content => template("buildsystem/signbot-rpmmacros")
122 }
123
124 file { "/usr/local/bin/sign-check-package":
125 ensure => present,
126 owner => root,
127 group => root,
128 mode => 755,
129 content => template("buildsystem/sign-check-package")
130 }
131 }
132
133 class scheduler {
134 # ulri
135 include iurtupload
136 }
137
138 class gatherer {
139 # emi
140 include iurtupload
141 }
142
143 class iurtupload {
144 file { "/etc/iurt/upload.conf":
145 ensure => present,
146 owner => $build_login,
147 group => $build_login,
148 mode => 644,
149 require => File["/etc/iurt"],
150 content => template("buildsystem/upload.conf")
151 }
152 }
153
154 class maintdb inherits base {
155 include sudo
156 $maintdb_login = "maintdb"
157 $maintdb_homedir = "/var/lib/maintdb"
158 $maintdb_dbdir = "$maintdb_homedir/db"
159 $maintdb_binpath = "/usr/local/sbin/maintdb"
160 $maintdb_wrappath = "/usr/local/bin/wrapper.maintdb"
161 $maintdb_dump = "/var/www/bs/data/maintdb.txt"
162
163 user {"$maintdb_login":
164 ensure => present,
165 comment => "Maintainers database",
166 managehome => true,
167 shell => "/bin/bash",
168 home => "$maintdb_homedir",
169 }
170
171 file { "$maintdb_dbdir":
172 ensure => directory,
173 owner => "$maintdb_login",
174 group => "$maintdb_login",
175 mode => 700,
176 require => User["$maintdb_login"],
177 }
178
179 file { "$maintdb_binpath":
180 ensure => present,
181 owner => root,
182 group => root,
183 mode => 755,
184 content => template("buildsystem/maintdb")
185 }
186
187 file { "$maintdb_wrappath":
188 ensure => present,
189 owner => root,
190 group => root,
191 mode => 755,
192 content => template("buildsystem/wrapper.maintdb")
193 }
194
195 sudo::sudoers_config { "maintdb":
196 content => template("buildsystem/sudoers.maintdb")
197 }
198
199 file { "$maintdb_dump":
200 ensure => present,
201 owner => $maintdb_login,
202 mode => 644,
203 }
204
205 cron { "update maintdb export":
206 user => $maintdb_login,
207 command => "$maintdb_binpath root get > $maintdb_dump",
208 minute => "*/30",
209 }
210
211 }
212
213 class binrepo {
214 $binrepo_login = "binrepo"
215 $binrepo_homedir = "/var/lib/$binrepo_login"
216 $binrepodir = "$binrepo_homedir/data"
217 $uploadinfosdir = "$binrepo_homedir/infos"
218
219 user {"$binrepo_login":
220 ensure => present,
221 comment => "Binary files repository",
222 managehome => true,
223 shell => "/bin/bash",
224 home => "$binrepo_homedir",
225 }
226
227 file { $binrepodir:
228 ensure => directory,
229 owner => $binrepo_login,
230 group => $binrepo_login,
231 mode => 755,
232 }
233
234 file { $uploadinfosdir:
235 ensure => directory,
236 owner => $binrepo_login,
237 group => $binrepo_login,
238 mode => 755,
239 }
240
241 file { '/usr/local/bin/upload-bin':
242 ensure => present,
243 owner => root,
244 group => root,
245 mode => 755,
246 content => template('buildsystem/upload-bin'),
247 }
248 }
249
250 class mgarepo {
251 package { 'mgarepo':
252
253 }
254
255 package { 'rpm-build':
256 }
257
258 file { "repsys.conf":
259 path => "/etc/repsys.conf",
260 owner => root,
261 group => root,
262 mode => 644,
263 content => template("buildsystem/repsys.conf")
264 }
265
266 file { "$packages_archivedir":
267 ensure => "directory",
268 owner => $sched_login,
269 require => File[$sched_home_dir],
270 }
271
272 file { "$sched_home_dir/repsys":
273 ensure => "directory",
274 owner => $sched_login,
275 require => File[$sched_home_dir],
276 }
277
278 file { ["$sched_home_dir/repsys/tmp", "$sched_home_dir/repsys/srpms"]:
279 ensure => "directory",
280 owner => $sched_login,
281 group => "mga-packagers",
282 mode => 1775,
283 require => File["$sched_home_dir/repsys"],
284 }
285
286 # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
287 #file { "$sched_home_dir/uploads":
288 # ensure => "directory",
289 # owner => $sched_login,
290 # require => File[$sched_home_dir],
291 #}
292
293 # too tedious to create everything by hand
294 # so I prefered to used some puppet ruby module
295 # the exact content and directory name should IMHO be consolidated somewhere
296 import "create_upload_dir.rb"
297 create_upload_dir { "$sched_home_dir/uploads":
298 owner => $sched_login,
299 group => $sched_login,
300 }
301
302 tidy { "$sched_home_dir/uploads":
303 age => "2w",
304 recurse => true,
305 type => "ctime",
306 }
307
308 tidy { "$packages_archivedir":
309 age => "1w",
310 matches => "*.rpm",
311 recurse => true,
312 type => "ctime",
313 }
314 }
315
316 class youri_submit {
317 include sudo
318
319 file { "/usr/local/bin/mga-youri-submit":
320 owner => root,
321 group => root,
322 mode => 755,
323 content => template("buildsystem/mga-youri-submit")
324 }
325
326 file { "/usr/local/bin/mga-youri-submit.wrapper":
327 owner => root,
328 group => root,
329 mode => 755,
330 content => template("buildsystem/mga-youri-submit.wrapper")
331 }
332
333 sudo::sudoers_config { "mga-youri-submit":
334 content => template("buildsystem/sudoers.youri")
335 }
336
337 package { "rpmlint": }
338
339 file { "/etc/rpmlint/config":
340 ensure => present,
341 mode => 644,
342 require => Package['rpmlint'],
343 content => template("buildsystem/rpmlint.conf")
344 }
345
346 # directory that hold configuration auto extracted after upload
347 # of the rpmlint policy
348 file { "/etc/rpmlint/extracted.d/":
349 ensure => directory,
350 owner => $sched_login,
351 }
352
353 file { "/etc/youri":
354 ensure => "directory",
355 }
356
357 file { "/etc/youri/submit-todo.conf":
358 ensure => present,
359 mode => 644,
360 require => File["/etc/youri"],
361 content => template("buildsystem/submit-todo.conf")
362 }
363
364 file { "/etc/youri/submit-upload.conf":
365 ensure => present,
366 mode => 644,
367 require => File["/etc/youri"],
368 content => template("buildsystem/submit-upload.conf")
369 }
370
371 file { "/etc/youri/acl.conf":
372 ensure => present,
373 mode => 644,
374 require => File["/etc/youri"],
375 content => template("buildsystem/youri_acl.conf")
376 }
377
378 file { '/usr/local/bin/submit_package':
379 ensure => present,
380 mode => 755,
381 content => template('buildsystem/submit_package.pl')
382 }
383
384 # FIXME use the correct perl directory
385 file { "/usr/lib/perl5/site_perl/5.10.1/Youri/Repository":
386 ensure => "directory",
387 }
388
389 file { '/usr/lib/perl5/site_perl/5.10.1/Youri/Repository/Mageia.pm':
390 ensure => present,
391 mode => 644,
392 require => File["/usr/lib/perl5/site_perl/5.10.1/Youri/Repository"],
393 source => "puppet:///modules/buildsystem/Mageia.pm",
394 }
395
396 $package_list = ['perl-SVN', 'mdv-distrib-tools', 'perl-Youri-Media',
397 'perl-Youri-Package', 'perl-Youri-Repository',
398 'perl-Youri-Utils', 'perl-Youri-Config', 'mga-youri-submit']
399
400 package { $package_list:
401 ensure => installed;
402 }
403 }
404
405 # $groups: array of secondary groups (only local groups, no ldap)
406 define sshuser($homedir, $comment, $groups = []) {
407 group {"$title":
408 ensure => present,
409 }
410
411 user {"$title":
412 ensure => present,
413 comment => $comment,
414 managehome => true,
415 home => $homedir,
416 gid => $title,
417 groups => $groups,
418 shell => "/bin/bash",
419 notify => Exec["unlock$title"],
420 require => Group[$title],
421 }
422
423 # set password to * to unlock the account but forbid login through login
424 exec { "unlock$title":
425 command => "usermod -p '*' $title",
426 refreshonly => true,
427 }
428
429 file { $homedir:
430 ensure => "directory",
431 require => User[$title],
432 }
433
434 file { "$homedir/.ssh":
435 ensure => "directory",
436 mode => 600,
437 owner => $title,
438 group => $title,
439 require => File[$homedir],
440 }
441 }
442
443 class iurtuser {
444 sshuser { $build_login:
445 homedir => $build_home_dir,
446 comment => "System user used to run build bots",
447 }
448
449 file { "/etc/iurt":
450 ensure => "directory",
451 }
452 }
453
454 class iurt {
455 include sudo
456 include iurtuser
457 ssh::auth::client { $build_login: }
458 ssh::auth::server { $sched_login: user => $build_login }
459
460 # build node common settings
461 # we could have the following skip list to use less space:
462 # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
463 $package_list = ['task-bs-cluster-chroot', 'iurt']
464 package { $package_list:
465 ensure => installed;
466 }
467
468 file { "/etc/iurt/build":
469 ensure => "directory",
470 require => File["/etc/iurt"],
471 }
472
473 file { "/etc/iurt/build/cauldron.conf":
474 ensure => present,
475 owner => $build_login,
476 group => $build_login,
477 mode => 644,
478 require => File["/etc/iurt/build"],
479 content => template("buildsystem/iurt.cauldron.conf")
480 }
481
482 file { "/etc/iurt/build/1.conf":
483 ensure => present,
484 owner => $build_login,
485 group => $build_login,
486 mode => 644,
487 require => File["/etc/iurt/build"],
488 content => template("buildsystem/iurt.1.conf")
489 }
490
491 file { "/etc/iurt/build/mandriva2010.1.conf":
492 ensure => present,
493 owner => $build_login,
494 group => $build_login,
495 mode => 644,
496 require => File["/etc/iurt/build"],
497 content => template("buildsystem/iurt.mandriva2010.1.conf")
498 }
499
500 sudo::sudoers_config { "iurt":
501 content => template("buildsystem/sudoers.iurt")
502 }
503 }
504
505 # temporary script to create home dir with ssh key
506 # taking login and url as arguments
507 class mgacreatehome {
508 file { "/usr/local/sbin/mgacreatehome":
509 ensure => present,
510 owner => root,
511 group => root,
512 mode => 700,
513 content => template("buildsystem/mgacreatehome")
514 }
515 }
516
517 class check_missing_deps {
518 file { "/usr/local/bin/missing-deps.sh":
519 ensure => present,
520 owner => root,
521 group => root,
522 mode => 755,
523 source => "puppet:///modules/buildsystem/missing-deps.sh",
524 }
525
526 # FIXME hardcoded path
527 cron { "check missing deps":
528 command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
529 minute => "*/15",
530 }
531 }
532
533 class release {
534 subversion::snapshot { "/root/release":
535 source => "svn://svn.$domain/soft/release/trunk/",
536 }
537
538 package { "hardlink":
539 ensure => "installed",
540 }
541 }
542
543 # A script to copy on valstar the 2010.1 rpms built on jonund
544 class sync20101 inherits base {
545 file { "/usr/local/bin/sync2010.1":
546 ensure => present,
547 owner => root,
548 group => root,
549 mode => 755,
550 content => template("buildsystem/sync2010.1"),
551 }
552 }
553
554 # a script to build 2010.1 packages. used on jonund
555 class iurt20101 inherits base {
556 file { "/usr/local/bin/iurt2010.1":
557 ensure => present,
558 owner => root,
559 group => root,
560 mode => 755,
561 content => template("buildsystem/iurt2010.1"),
562 }
563 }
564 }

  ViewVC Help
Powered by ViewVC 1.1.30