1 |
# should be replaced by vcsrepo |
2 |
# https://github.com/reductivelabs/puppet-vcsrepo |
3 |
# but not integrated in puppet directly for the moment |
4 |
class subversion { |
5 |
|
6 |
class tools { |
7 |
package { "subversion-tools": |
8 |
ensure => installed, |
9 |
} |
10 |
} |
11 |
|
12 |
class server { |
13 |
include subversion::tools |
14 |
package { "subversion-server": |
15 |
ensure => installed, |
16 |
} |
17 |
|
18 |
package { ["perl-SVN-Notify-Config", "perl-SVN-Notify-Mirror"]: |
19 |
ensure => installed, |
20 |
} |
21 |
|
22 |
$local_dir = "/usr/local/share/subversion/" |
23 |
$local_dirs = ["$local_dir/pre-commit.d", "$local_dir/post-commit.d"] |
24 |
file { [$local_dir,$local_dirs]: |
25 |
owner => root, |
26 |
group => root, |
27 |
mode => 755, |
28 |
ensure => directory, |
29 |
} |
30 |
|
31 |
# workaround the lack of umask command in puppet < 2.7 |
32 |
file { "/usr/local/bin/create_svn_repo.sh": |
33 |
ensure => present, |
34 |
owner => root, |
35 |
group => root, |
36 |
mode => 755, |
37 |
content => template('subversion/create_svn_repo.sh') |
38 |
} |
39 |
|
40 |
file { "$local_dir/pre-commit.d/no_binary": |
41 |
ensure => present, |
42 |
owner => root, |
43 |
group => root, |
44 |
mode => 755, |
45 |
content => template('subversion/no_binary') |
46 |
} |
47 |
|
48 |
file { "$local_dir/pre-commit.d/no_root_commit": |
49 |
ensure => present, |
50 |
owner => root, |
51 |
group => root, |
52 |
mode => 755, |
53 |
content => template('subversion/no_root_commit') |
54 |
} |
55 |
|
56 |
file { "$local_dir/pre-commit.d/no_empty_message": |
57 |
ensure => present, |
58 |
owner => root, |
59 |
group => root, |
60 |
mode => 755, |
61 |
content => template('subversion/no_empty_message') |
62 |
} |
63 |
|
64 |
file { "$local_dir/pre-revprop-change": |
65 |
ensure => present, |
66 |
owner => root, |
67 |
group => root, |
68 |
mode => 755, |
69 |
content => template('subversion/pre-revprop-change') |
70 |
} |
71 |
|
72 |
# TODO : add check for |
73 |
# - ym perl -MYAML -e 'YAML::LoadFile("-");' |
74 |
# - tt ( do not seem to be possible, but this would be great ) |
75 |
# - php php -l |
76 |
# - python |
77 |
# - named named-checkzone/named-checkconf ( may requires some interaction with facter/erb ) |
78 |
# - po msgfmt -c |
79 |
# - openldap , like named |
80 |
|
81 |
define syntax_check($regexp_ext,$check_cmd) { |
82 |
file { "$local_dir/pre-commit.d/$name": |
83 |
ensure => present, |
84 |
owner => root, |
85 |
group => root, |
86 |
mode => 755, |
87 |
content => template('subversion/syntax_check.sh') |
88 |
} |
89 |
} |
90 |
|
91 |
|
92 |
syntax_check{"check_perl": |
93 |
regexp_ext => "\.p[lm]$", |
94 |
check_cmd => "perl -c" |
95 |
} |
96 |
|
97 |
syntax_check{"check_puppet": |
98 |
regexp_ext => "\.pp$", |
99 |
check_cmd => "puppet --color=false --confdir=/tmp --vardir=/tmp --parseonly --ignoreimport" |
100 |
} |
101 |
|
102 |
syntax_check{"check_ruby": |
103 |
regexp_ext => "\.rb$", |
104 |
check_cmd => "ruby -c" |
105 |
} |
106 |
|
107 |
syntax_check{"check_puppet_templates": |
108 |
regexp_ext => "modules/.*/templates/.*$", |
109 |
check_cmd => "erb -P -x -T - | ruby -c" |
110 |
} |
111 |
|
112 |
syntax_check{"check_po": |
113 |
regexp_ext => "\.po$", |
114 |
check_cmd => "msgfmt -c -" |
115 |
} |
116 |
|
117 |
|
118 |
} |
119 |
|
120 |
|
121 |
define pre_commit_link() { |
122 |
$scriptname = regsubst($name,'^.*/', '') |
123 |
file { "${name}": |
124 |
ensure => "/usr/local/share/subversion/pre-commit.d/$scriptname", |
125 |
owner => root, |
126 |
group => root, |
127 |
mode => 755, |
128 |
} |
129 |
} |
130 |
|
131 |
# TODO |
132 |
# deploy a cronjob to make a backup file ( ie, dump in some directory ) |
133 |
|
134 |
# documentation : |
135 |
# group : group that have commit access on the svn |
136 |
# public : boolean if the svn is readable by anybody or not |
137 |
# commit_mail : array of people who will receive mail after each commit |
138 |
# cia_post : send commits to cia.vc |
139 |
# cia_module : name of the module to send to cia.vc |
140 |
# cia_ignore_author : a regexp to ignore commits from some authors |
141 |
# no_binary : do not accept files with common binary extentions on this repository |
142 |
# restricted_to_user : restrict commits to select user |
143 |
# syntax_check : array of pre-commit script with syntax check to add |
144 |
# extract_dir : hash of directory to update upon commit ( with svn update ), |
145 |
# initial checkout is not handled, nor the permission |
146 |
# TODO, handle the tags ( see svn::notify::mirror ) |
147 |
|
148 |
define repository ($group = "svn", |
149 |
$public = true, |
150 |
$commit_mail = '', |
151 |
$i18n_mail = '', |
152 |
$cia_post = true, |
153 |
$cia_module = 'default', |
154 |
$cia_ignore_author = '', |
155 |
$no_binary = false, |
156 |
$restricted_to_user = false, |
157 |
$syntax_check = '', |
158 |
$extract_dir = '') { |
159 |
# check permissions |
160 |
# http://svnbook.red-bean.com/nightly/fr/svn.serverconfig.multimethod.html |
161 |
# $name ==> directory of the repo |
162 |
include subversion::server |
163 |
# TODO set umask -> requires puppet 2.7.0 |
164 |
# unfortunatly, umask is required |
165 |
# http://projects.puppetlabs.com/issues/4424 |
166 |
exec { "/usr/local/bin/create_svn_repo.sh $name": |
167 |
user => root, |
168 |
group => $group, |
169 |
creates => "$name/hooks", |
170 |
require => Package['subversion-tools'], |
171 |
} |
172 |
|
173 |
file { "$name": |
174 |
group => $group, |
175 |
owner => root, |
176 |
mode => $public ? { |
177 |
true => 644, |
178 |
false => 640 |
179 |
}, |
180 |
ensure => directory |
181 |
} |
182 |
|
183 |
file { ["$name/hooks/pre-commit","$name/hooks/post-commit"]: |
184 |
ensure => present, |
185 |
owner => root, |
186 |
group => root, |
187 |
mode => 755, |
188 |
content => template("subversion/hook_commit.sh"), |
189 |
require => Exec["/usr/local/bin/create_svn_repo.sh $name"], |
190 |
} |
191 |
|
192 |
file { ["$name/hooks/post-commit.d", "$name/hooks/pre-commit.d"]: |
193 |
ensure => directory, |
194 |
owner => root, |
195 |
group => root, |
196 |
mode => 755, |
197 |
require => File["$name/hooks/pre-commit"], |
198 |
} |
199 |
|
200 |
file { "$name/hooks/pre-revprop-change": |
201 |
ensure => "$subversion::server::local_dir/pre-revprop-change", |
202 |
owner => root, |
203 |
group => root, |
204 |
mode => 755, |
205 |
} |
206 |
|
207 |
if $restricted_to_user { |
208 |
file { "$name/hooks/pre-commit.d/restricted_to_user": |
209 |
ensure => present, |
210 |
owner => root, |
211 |
group => root, |
212 |
mode => 755, |
213 |
content => template("subversion/restricted_to_user"), |
214 |
} |
215 |
} |
216 |
|
217 |
if $commit_mail { |
218 |
file { "$name/hooks/post-commit.d/send_mail": |
219 |
ensure => present, |
220 |
owner => root, |
221 |
group => root, |
222 |
mode => 755, |
223 |
content => template("subversion/hook_sendmail.pl"), |
224 |
require => [Package['perl-SVN-Notify-Config']], |
225 |
} |
226 |
} |
227 |
|
228 |
if $cia_post { |
229 |
file { "$name/hooks/post-commit.d/cia.vc": |
230 |
ensure => present, |
231 |
owner => root, |
232 |
group => root, |
233 |
mode => 755, |
234 |
content => template("subversion/ciabot_svn.sh"), |
235 |
} |
236 |
|
237 |
} |
238 |
|
239 |
if $no_binary { |
240 |
pre_commit_link { "$name/hooks/pre-commit.d/no_binary": } |
241 |
} |
242 |
|
243 |
if $extract_dir { |
244 |
file { "$name/hooks/post-commit.d/extract_dir": |
245 |
ensure => present, |
246 |
owner => root, |
247 |
group => root, |
248 |
mode => 755, |
249 |
content => template("subversion/hook_extract.pl"), |
250 |
require => [Package['perl-SVN-Notify-Mirror']], |
251 |
} |
252 |
} |
253 |
|
254 |
pre_commit_link { "$name/hooks/pre-commit.d/no_empty_message": } |
255 |
|
256 |
pre_commit_link { "$name/hooks/pre-commit.d/no_root_commit": } |
257 |
|
258 |
if $syntax_check { |
259 |
$syntax_check_array = regsubst($syntax_check,'^',"$name/hooks/pre-commit.d/") |
260 |
pre_commit_link { $syntax_check_array: } |
261 |
} |
262 |
} |
263 |
|
264 |
|
265 |
class client { |
266 |
package { subversion: |
267 |
ensure => installed, |
268 |
} |
269 |
# svn spam log with |
270 |
# Oct 26 13:30:01 valstar svn: No worthy mechs found |
271 |
# without it, source http://mail-index.netbsd.org/pkgsrc-users/2008/11/23/msg008706.html |
272 |
# |
273 |
$sasl2_package = $architecture ? { |
274 |
x86_64 => "lib64sasl2-plug-anonymous", |
275 |
default => "libsasl2-plug-anonymous" |
276 |
} |
277 |
|
278 |
package {"$sasl2_package": |
279 |
ensure => "installed" |
280 |
} |
281 |
} |
282 |
|
283 |
define snapshot($source, $refresh = '*/5', $user = 'root') { |
284 |
|
285 |
include subversion::client |
286 |
|
287 |
exec { "/usr/bin/svn co $source $name": |
288 |
creates => $name, |
289 |
user => $user, |
290 |
require => Package['subversion'] |
291 |
} |
292 |
|
293 |
cron { "update $name": |
294 |
command => "cd $name && /usr/bin/svn update -q", |
295 |
user => $user, |
296 |
minute => $refresh, |
297 |
require => Exec["/usr/bin/svn co $source $name"], |
298 |
} |
299 |
} |
300 |
|
301 |
class mirror { |
302 |
include subversion::tools |
303 |
file { "/usr/local/bin/create_svn_mirror.sh": |
304 |
ensure => present, |
305 |
owner => root, |
306 |
group => root, |
307 |
mode => 755, |
308 |
content => template('subversion/create_svn_mirror.sh') |
309 |
} |
310 |
} |
311 |
|
312 |
define mirror_repository($source, |
313 |
$refresh = '*/5') { |
314 |
include subversion::mirror |
315 |
|
316 |
exec { "/usr/local/bin/create_svn_mirror.sh $name $source": |
317 |
creates => $name, |
318 |
require => Package['subversion-tools'] |
319 |
} |
320 |
|
321 |
cron { "update $name": |
322 |
command => "/usr/bin/svnsync synchronize -q file://$name", |
323 |
minute => $refresh, |
324 |
require => Exec["/usr/local/bin/create_svn_mirror.sh $name $source"], |
325 |
} |
326 |
} |
327 |
} |