buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/home/$sched_login"
        $repository_root = "/distrib/bootstrap"

        include ssh::auth
        ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
        ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        $package_list = ['task-bs-cluster-main', 'iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include repsys
        include youri_submit
    }

    class buildnode inherits base {
        include iurt
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class repsys {
        package { 'repsys':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        file { "/etc/sudoers.d/mdv-youri-submit":
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }
    }

    define sshuser($homedir, $comment) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            gid => $title,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        file { "/etc/sudoers.d/iurt":
            ensure => present,
            owner => root,
            group => root,
            mode => 440,
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/home/$sched_login"
8	$repository_root = "/distrib/bootstrap"
9
10	include ssh::auth
11	ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
12	ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
13	}
14
15	class mainnode inherits base {
16	include iurtuser
17
18	sshuser { $sched_login:
19	homedir => $sched_home_dir,
20	comment => "System user used to schedule builds",
21	}
22
23	ssh::auth::client { $sched_login: }
24	ssh::auth::server { $sched_login: }
25	ssh::auth::server { $build_login: }
26
27	$package_list = ['task-bs-cluster-main', 'iurt']
28	package { $package_list:
29	ensure => "installed"
30	}
31
32	apache::vhost_other_app { "repository.$domain":
33	vhost_file => "buildsystem/vhost_repository.conf",
34	}
35
36	apache::vhost_other_app { "pkgsubmit.$domain":
37	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
38	}
39
40	include scheduler
41	include gatherer
42	include repsys
43	include youri_submit
44	}
45
46	class buildnode inherits base {
47	include iurt
48	}
49
50	class scheduler {
51	# ulri
52	include iurtupload
53	}
54
55	class gatherer {
56	# emi
57	include iurtupload
58	}
59
60	class iurtupload {
61	file { "/etc/iurt/upload.conf":
62	ensure => present,
63	owner => $build_login,
64	group => $build_login,
65	mode => 644,
66	require => File["/etc/iurt"],
67	content => template("buildsystem/upload.conf")
68	}
69	}
70
71	class repsys {
72	package { 'repsys':
73
74	}
75
76	package { 'rpm-build':
77	}
78
79	file { "repsys.conf":
80	path => "/etc/repsys.conf",
81	owner => root,
82	group => root,
83	mode => 644,
84	content => template("buildsystem/repsys.conf")
85	}
86
87	file { "$sched_home_dir/repsys":
88	ensure => "directory",
89	owner => $sched_login,
90	require => File[$sched_home_dir],
91	}
92
93	file { "$sched_home_dir/repsys/tmp":
94	ensure => "directory",
95	owner => $sched_login,
96	group => "mga-packagers",
97	mode => 1775,
98	require => File["$sched_home_dir/repsys"],
99	}
100
101	file { "$sched_home_dir/repsys/srpms":
102	ensure => "directory",
103	owner => $sched_login,
104	group => "mga-packagers",
105	mode => 1775,
106	require => File["$sched_home_dir/repsys"],
107	}
108	}
109
110	class youri_submit {
111	include sudo
112
113	file { "/usr/local/bin/mdv-youri-submit":
114	owner => root,
115	group => root,
116	mode => 755,
117	content => template("buildsystem/mdv-youri-submit")
118	}
119
120	file { "/usr/local/bin/mdv-youri-submit.wrapper":
121	owner => root,
122	group => root,
123	mode => 755,
124	content => template("buildsystem/mdv-youri-submit.wrapper")
125	}
126
127	file { "/etc/sudoers.d/mdv-youri-submit":
128	owner => root,
129	group => root,
130	mode => 440,
131	content => template("buildsystem/sudoers.youri")
132	}
133
134	file { "/etc/youri":
135	ensure => "directory",
136	}
137
138	file { "/etc/youri/submit-todo.conf":
139	ensure => present,
140	mode => 644,
141	require => File["/etc/youri"],
142	content => template("buildsystem/submit-todo.conf")
143	}
144
145	file { "/etc/youri/submit-upload.conf":
146	ensure => present,
147	mode => 644,
148	require => File["/etc/youri"],
149	content => template("buildsystem/submit-upload.conf")
150	}
151	}
152
153	define sshuser($homedir, $comment) {
154	group {"$title":
155	ensure => present,
156	}
157
158	user {"$title":
159	ensure => present,
160	comment => $comment,
161	managehome => true,
162	gid => $title,
163	shell => "/bin/bash",
164	notify => Exec["unlock$title"],
165	require => Group[$title],
166	}
167
168	# set password to * to unlock the account but forbid login through login
169	exec { "unlock$title":
170	command => "usermod -p '*' $title",
171	refreshonly => true,
172	}
173
174	file { $homedir:
175	ensure => "directory",
176	require => User[$title],
177	}
178
179	file { "$homedir/.ssh":
180	ensure => "directory",
181	mode => 600,
182	owner => $title,
183	group => $title,
184	require => File[$homedir],
185	}
186	}
187
188	class iurtuser {
189	sshuser { $build_login:
190	homedir => $build_home_dir,
191	comment => "System user used to run build bots",
192	}
193
194	file { "/etc/iurt":
195	ensure => "directory",
196	}
197	}
198
199	class iurt {
200	include sudo
201	include iurtuser
202	ssh::auth::client { $build_login: }
203	ssh::auth::server { $sched_login: user => $build_login }
204
205	# build node common settings
206	# we could have the following skip list to use less space:
207	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
208	$package_list = ['task-bs-cluster-chroot', 'iurt']
209	package { $package_list:
210	ensure => installed;
211	}
212
213	file { "/etc/iurt/build":
214	ensure => "directory",
215	require => File["/etc/iurt"],
216	}
217
218	file { "/etc/iurt/build/cauldron.conf":
219	ensure => present,
220	owner => $build_login,
221	group => $build_login,
222	mode => 644,
223	require => File["/etc/iurt/build"],
224	content => template("buildsystem/iurt.cauldron.conf")
225	}
226
227	file { "/etc/iurt/build/mandriva2010.1.conf":
228	ensure => present,
229	owner => $build_login,
230	group => $build_login,
231	mode => 644,
232	require => File["/etc/iurt/build"],
233	content => template("buildsystem/iurt.mandriva2010.1.conf")
234	}
235
236	file { "/etc/sudoers.d/iurt":
237	ensure => present,
238	owner => root,
239	group => root,
240	mode => 440,
241	content => template("buildsystem/sudoers.iurt")
242	}
243	}
244
245	# temporary script to create home dir with ssh key
246	# taking login and url as arguments
247	class mgacreatehome {
248	file { "/usr/local/sbin/mgacreatehome":
249	ensure => present,
250	owner => root,
251	group => root,
252	mode => 700,
253	content => template("buildsystem/mgacreatehome")
254	}
255	}
256	}