subversion/manifests/init.pp

# should be replaced by vcsrepo
# https://github.com/reductivelabs/puppet-vcsrepo
# but not integrated in puppet directly for the moment
class subversion {

    class tools {
        package { "subversion-tools":
            ensure => installed,
        }
    }

    class server {
        include subversion::tools
        package { "subversion-server":
            ensure => installed,
        }
        
        $svn_base_path = '/svn/'

        xinetd::service { "svnserve":
            content => template('subversion/xinetd')
        }

        file { "$svn_base_path":
            ensure => directory
            owner => root,
            group => root,
            mode => 755, 
        }

        package { ["perl-SVN-Notify-Config", "perl-SVN-Notify-Mirror"]:
            ensure => installed,
        }
       
        $local_dir = "/usr/local/share/subversion/"
        $local_dirs = ["$local_dir/pre-commit.d", "$local_dir/post-commit.d"] 
        file { [$local_dir,$local_dirs]:
             owner => root,
             group => root,
             mode => 755,
             ensure => directory,
        }

        # workaround the lack of umask command in puppet < 2.7
        file { "/usr/local/bin/create_svn_repo.sh":
             ensure => present,
             owner => root,
             group => root,
             mode => 755,
             content => template('subversion/create_svn_repo.sh') 
        } 

        file { "$local_dir/pre-commit.d/no_binary":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template('subversion/no_binary') 
        }

        file { "$local_dir/pre-commit.d/no_root_commit":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template('subversion/no_root_commit') 
        }

        file { "$local_dir/pre-commit.d/no_empty_message":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template('subversion/no_empty_message') 
        }

        file { "$local_dir/pre-revprop-change":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template('subversion/pre-revprop-change') 
        }

        # TODO : add check for
        #    - ym       perl -MYAML -e 'YAML::LoadFile("-");'
        #    - tt       ( do not seem to be possible, but this would be great )
        #    - php      php -l
        #    - python
        #    - named    named-checkzone/named-checkconf ( may requires some interaction with facter/erb )
        #    - po       msgfmt -c
        #    - openldap , like named

        define syntax_check($regexp_ext,$check_cmd) {
            file { "$local_dir/pre-commit.d/$name":
                ensure => present,
                owner => root,
                group => root,
                mode => 755,
                content => template('subversion/syntax_check.sh') 
            }
        }


        syntax_check{"check_perl":
            regexp_ext => "\.p[lm]$",
            check_cmd => "perl -c"
        }

        syntax_check{"check_puppet":
            regexp_ext => "\.pp$",
            check_cmd => "puppet --color=false --confdir=/tmp --vardir=/tmp --parseonly --ignoreimport"
        }

        syntax_check{"check_ruby":
            regexp_ext => "\.rb$",
            check_cmd => "ruby -c"
        }

        syntax_check{"check_puppet_templates":
            regexp_ext => "modules/.*/templates/.*$",
            check_cmd => "erb -P -x -T - | ruby -c"
        }

        syntax_check{"check_po":
            regexp_ext => "\.po$",
            check_cmd => "msgfmt -c -"
        }

        syntax_check{"check_php":
            regexp_ext => "\.php$",
            check_cmd => "php -l"
        }

    }

   
    define pre_commit_link() {
        $scriptname = regsubst($name,'^.*/', '')    
        file { "${name}":
            ensure => "/usr/local/share/subversion/pre-commit.d/$scriptname",
            owner => root,
            group => root,
            mode => 755,
        }
    } 

    # TODO 
    #   deploy a cronjob to make a backup file ( ie, dump in some directory )

    # documentation :
    #    group : group that have commit access on the svn
    #    public : boolean if the svn is readable by anybody or not
    #    commit_mail : array of people who will receive mail after each commit
    #    cia_post : send commits to cia.vc
    #    cia_module : name of the module to send to cia.vc
    #    cia_ignore_author : a regexp to ignore commits from some authors
    #    no_binary : do not accept files with common binary extentions on this repository
    #    restricted_to_user : restrict commits to select user
    #    syntax_check : array of pre-commit script with syntax check to add
    #    extract_dir : hash of directory to update upon commit ( with svn update ), 
    #            initial checkout is not handled, nor the permission
    #            TODO, handle the tags ( see svn::notify::mirror )

    define repository ($group = "svn",
                       $public = true,
                       $commit_mail = '',
                       $i18n_mail = '',
                       $cia_post = true,
                       $cia_module = 'default',
                       $cia_ignore_author = '',
                       $no_binary = false,
                       $restricted_to_user = false,
                       $syntax_check = '',
                       $extract_dir = '') {
        # check permissions
        # http://svnbook.red-bean.com/nightly/fr/svn.serverconfig.multimethod.html
        # $name ==> directory of the repo
        include subversion::server
        # TODO set umask -> requires puppet 2.7.0
        # unfortunatly, umask is required
        # http://projects.puppetlabs.com/issues/4424
        exec { "/usr/local/bin/create_svn_repo.sh $name":
            user => root,
            group => $group,
            creates => "$name/hooks",
            require => Package['subversion-tools'],
        }
        
        file { "$name":
            group => $group,
            owner => root,
            mode => $public ? {
                        true => 644,
                        false => 640
                    },
            ensure => directory
        }

        file { ["$name/hooks/pre-commit","$name/hooks/post-commit"]:
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            content => template("subversion/hook_commit.sh"),
            require => Exec["/usr/local/bin/create_svn_repo.sh $name"],
        }

        file { ["$name/hooks/post-commit.d", "$name/hooks/pre-commit.d"]:
            ensure => directory,
            owner => root,
            group => root,
            mode => 755,
            require => File["$name/hooks/pre-commit"],
        }

        file { "$name/hooks/pre-revprop-change":
            ensure => "$subversion::server::local_dir/pre-revprop-change",
            owner => root,
            group => root,
            mode => 755,
        } 
        
        if $restricted_to_user {
            file { "$name/hooks/pre-commit.d/restricted_to_user":
                ensure => present,
                owner => root,
                group => root,
                mode => 755,
                content => template("subversion/restricted_to_user"),
            }
        } else {
            file { "$name/hooks/pre-commit.d/restricted_to_user":
                ensure => absent,
            }
        }

        if $commit_mail {
            file { "$name/hooks/post-commit.d/send_mail":
                ensure => present,
                owner => root,
                group => root,
                mode => 755,
                content => template("subversion/hook_sendmail.pl"),
                require => [Package['perl-SVN-Notify-Config']],
            }
        } else {
            file { "$name/hooks/post-commit.d/send_mail":
                ensure => absent,
            }
        }

        if $cia_post {
            file { "$name/hooks/post-commit.d/cia.vc":
                ensure => present,
                owner => root,
                group => root,
                mode => 755,
                content => template("subversion/ciabot_svn.sh"),
            }
                
        } else {
            file { "$name/hooks/post-commit.d/cia.vc":
                ensure => absent,
            }
        }

        if $no_binary {
            pre_commit_link { "$name/hooks/pre-commit.d/no_binary": }
        } else {
            file { "$name/hooks/pre-commit.d/no_binary":
               ensure => absent,
            }
        }

        if $extract_dir {
            file { "$name/hooks/post-commit.d/extract_dir":
                ensure => present,
                owner => root,
                group => root,
                mode => 755,
                content => template("subversion/hook_extract.pl"),
                require => [Package['perl-SVN-Notify-Mirror']],
            }
        } else {
            file { "$name/hooks/post-commit.d/extract_dir":
                ensure => absent,
            }
        }

        pre_commit_link { "$name/hooks/pre-commit.d/no_empty_message": } 

        pre_commit_link { "$name/hooks/pre-commit.d/no_root_commit": }

        if $syntax_check {
            $syntax_check_array = regsubst($syntax_check,'^',"$name/hooks/pre-commit.d/")
            pre_commit_link { $syntax_check_array: }
        }
    }


    class client {
        package { subversion:
            ensure => installed,
        }
        # svn spam log with 
        # Oct 26 13:30:01 valstar svn: No worthy mechs found
        # without it, source http://mail-index.netbsd.org/pkgsrc-users/2008/11/23/msg008706.html 
        #
        $sasl2_package = $architecture ? {
                x86_64 => "lib64sasl2-plug-anonymous",
                default => "libsasl2-plug-anonymous"
        }
        
        package {"$sasl2_package":
            ensure => "installed"
        }
    }

    define snapshot($source, $refresh = '*/5', $user = 'root')  {

        include subversion::client

        exec { "/usr/bin/svn co $source $name":
            creates => $name,           
            user => $user,
            require => Package['subversion']
        }

        cron { "update $name":
           command => "cd $name && /usr/bin/svn update -q",
           user => $user,
           minute => $refresh,
           require => Exec["/usr/bin/svn co $source $name"],
        }   
    }
    
    class mirror { 
        include subversion::tools
        file { "/usr/local/bin/create_svn_mirror.sh":
             ensure => present,
             owner => root,
             group => root,
             mode => 755,
             content => template('subversion/create_svn_mirror.sh') 
        }
    }

    define mirror_repository($source,
                             $refresh = '*/5') {
        include subversion::mirror 

        exec { "/usr/local/bin/create_svn_mirror.sh $name $source":
            creates => $name,           
            require => Package['subversion-tools']
        }

        cron { "update $name":
           command => "/usr/bin/svnsync synchronize -q file://$name",
           minute => $refresh,
           require => Exec["/usr/local/bin/create_svn_mirror.sh $name $source"],
        }   
    } 
}
1	# should be replaced by vcsrepo
2	# https://github.com/reductivelabs/puppet-vcsrepo
3	# but not integrated in puppet directly for the moment
4	class subversion {
5
6	class tools {
7	package { "subversion-tools":
8	ensure => installed,
9	}
10	}
11
12	class server {
13	include subversion::tools
14	package { "subversion-server":
15	ensure => installed,
16	}
17
18	$svn_base_path = '/svn/'
19
20	xinetd::service { "svnserve":
21	content => template('subversion/xinetd')
22	}
23
24	file { "$svn_base_path":
25	ensure => directory
26	owner => root,
27	group => root,
28	mode => 755,
29	}
30
31	package { ["perl-SVN-Notify-Config", "perl-SVN-Notify-Mirror"]:
32	ensure => installed,
33	}
34
35	$local_dir = "/usr/local/share/subversion/"
36	$local_dirs = ["$local_dir/pre-commit.d", "$local_dir/post-commit.d"]
37	file { [$local_dir,$local_dirs]:
38	owner => root,
39	group => root,
40	mode => 755,
41	ensure => directory,
42	}
43
44	# workaround the lack of umask command in puppet < 2.7
45	file { "/usr/local/bin/create_svn_repo.sh":
46	ensure => present,
47	owner => root,
48	group => root,
49	mode => 755,
50	content => template('subversion/create_svn_repo.sh')
51	}
52
53	file { "$local_dir/pre-commit.d/no_binary":
54	ensure => present,
55	owner => root,
56	group => root,
57	mode => 755,
58	content => template('subversion/no_binary')
59	}
60
61	file { "$local_dir/pre-commit.d/no_root_commit":
62	ensure => present,
63	owner => root,
64	group => root,
65	mode => 755,
66	content => template('subversion/no_root_commit')
67	}
68
69	file { "$local_dir/pre-commit.d/no_empty_message":
70	ensure => present,
71	owner => root,
72	group => root,
73	mode => 755,
74	content => template('subversion/no_empty_message')
75	}
76
77	file { "$local_dir/pre-revprop-change":
78	ensure => present,
79	owner => root,
80	group => root,
81	mode => 755,
82	content => template('subversion/pre-revprop-change')
83	}
84
85	# TODO : add check for
86	# - ym perl -MYAML -e 'YAML::LoadFile("-");'
87	# - tt ( do not seem to be possible, but this would be great )
88	# - php php -l
89	# - python
90	# - named named-checkzone/named-checkconf ( may requires some interaction with facter/erb )
91	# - po msgfmt -c
92	# - openldap , like named
93
94	define syntax_check($regexp_ext,$check_cmd) {
95	file { "$local_dir/pre-commit.d/$name":
96	ensure => present,
97	owner => root,
98	group => root,
99	mode => 755,
100	content => template('subversion/syntax_check.sh')
101	}
102	}
103
104
105	syntax_check{"check_perl":
106	regexp_ext => "\.p[lm]$",
107	check_cmd => "perl -c"
108	}
109
110	syntax_check{"check_puppet":
111	regexp_ext => "\.pp$",
112	check_cmd => "puppet --color=false --confdir=/tmp --vardir=/tmp --parseonly --ignoreimport"
113	}
114
115	syntax_check{"check_ruby":
116	regexp_ext => "\.rb$",
117	check_cmd => "ruby -c"
118	}
119
120	syntax_check{"check_puppet_templates":
121	regexp_ext => "modules/./templates/.$",
122	check_cmd => "erb -P -x -T - \| ruby -c"
123	}
124
125	syntax_check{"check_po":
126	regexp_ext => "\.po$",
127	check_cmd => "msgfmt -c -"
128	}
129
130	syntax_check{"check_php":
131	regexp_ext => "\.php$",
132	check_cmd => "php -l"
133	}
134
135	}
136
137
138	define pre_commit_link() {
139	$scriptname = regsubst($name,'^.*/', '')
140	file { "${name}":
141	ensure => "/usr/local/share/subversion/pre-commit.d/$scriptname",
142	owner => root,
143	group => root,
144	mode => 755,
145	}
146	}
147
148	# TODO
149	# deploy a cronjob to make a backup file ( ie, dump in some directory )
150
151	# documentation :
152	# group : group that have commit access on the svn
153	# public : boolean if the svn is readable by anybody or not
154	# commit_mail : array of people who will receive mail after each commit
155	# cia_post : send commits to cia.vc
156	# cia_module : name of the module to send to cia.vc
157	# cia_ignore_author : a regexp to ignore commits from some authors
158	# no_binary : do not accept files with common binary extentions on this repository
159	# restricted_to_user : restrict commits to select user
160	# syntax_check : array of pre-commit script with syntax check to add
161	# extract_dir : hash of directory to update upon commit ( with svn update ),
162	# initial checkout is not handled, nor the permission
163	# TODO, handle the tags ( see svn::notify::mirror )
164
165	define repository ($group = "svn",
166	$public = true,
167	$commit_mail = '',
168	$i18n_mail = '',
169	$cia_post = true,
170	$cia_module = 'default',
171	$cia_ignore_author = '',
172	$no_binary = false,
173	$restricted_to_user = false,
174	$syntax_check = '',
175	$extract_dir = '') {
176	# check permissions
177	# http://svnbook.red-bean.com/nightly/fr/svn.serverconfig.multimethod.html
178	# $name ==> directory of the repo
179	include subversion::server
180	# TODO set umask -> requires puppet 2.7.0
181	# unfortunatly, umask is required
182	# http://projects.puppetlabs.com/issues/4424
183	exec { "/usr/local/bin/create_svn_repo.sh $name":
184	user => root,
185	group => $group,
186	creates => "$name/hooks",
187	require => Package['subversion-tools'],
188	}
189
190	file { "$name":
191	group => $group,
192	owner => root,
193	mode => $public ? {
194	true => 644,
195	false => 640
196	},
197	ensure => directory
198	}
199
200	file { ["$name/hooks/pre-commit","$name/hooks/post-commit"]:
201	ensure => present,
202	owner => root,
203	group => root,
204	mode => 755,
205	content => template("subversion/hook_commit.sh"),
206	require => Exec["/usr/local/bin/create_svn_repo.sh $name"],
207	}
208
209	file { ["$name/hooks/post-commit.d", "$name/hooks/pre-commit.d"]:
210	ensure => directory,
211	owner => root,
212	group => root,
213	mode => 755,
214	require => File["$name/hooks/pre-commit"],
215	}
216
217	file { "$name/hooks/pre-revprop-change":
218	ensure => "$subversion::server::local_dir/pre-revprop-change",
219	owner => root,
220	group => root,
221	mode => 755,
222	}
223
224	if $restricted_to_user {
225	file { "$name/hooks/pre-commit.d/restricted_to_user":
226	ensure => present,
227	owner => root,
228	group => root,
229	mode => 755,
230	content => template("subversion/restricted_to_user"),
231	}
232	} else {
233	file { "$name/hooks/pre-commit.d/restricted_to_user":
234	ensure => absent,
235	}
236	}
237
238	if $commit_mail {
239	file { "$name/hooks/post-commit.d/send_mail":
240	ensure => present,
241	owner => root,
242	group => root,
243	mode => 755,
244	content => template("subversion/hook_sendmail.pl"),
245	require => [Package['perl-SVN-Notify-Config']],
246	}
247	} else {
248	file { "$name/hooks/post-commit.d/send_mail":
249	ensure => absent,
250	}
251	}
252
253	if $cia_post {
254	file { "$name/hooks/post-commit.d/cia.vc":
255	ensure => present,
256	owner => root,
257	group => root,
258	mode => 755,
259	content => template("subversion/ciabot_svn.sh"),
260	}
261
262	} else {
263	file { "$name/hooks/post-commit.d/cia.vc":
264	ensure => absent,
265	}
266	}
267
268	if $no_binary {
269	pre_commit_link { "$name/hooks/pre-commit.d/no_binary": }
270	} else {
271	file { "$name/hooks/pre-commit.d/no_binary":
272	ensure => absent,
273	}
274	}
275
276	if $extract_dir {
277	file { "$name/hooks/post-commit.d/extract_dir":
278	ensure => present,
279	owner => root,
280	group => root,
281	mode => 755,
282	content => template("subversion/hook_extract.pl"),
283	require => [Package['perl-SVN-Notify-Mirror']],
284	}
285	} else {
286	file { "$name/hooks/post-commit.d/extract_dir":
287	ensure => absent,
288	}
289	}
290
291	pre_commit_link { "$name/hooks/pre-commit.d/no_empty_message": }
292
293	pre_commit_link { "$name/hooks/pre-commit.d/no_root_commit": }
294
295	if $syntax_check {
296	$syntax_check_array = regsubst($syntax_check,'^',"$name/hooks/pre-commit.d/")
297	pre_commit_link { $syntax_check_array: }
298	}
299	}
300
301
302	class client {
303	package { subversion:
304	ensure => installed,
305	}
306	# svn spam log with
307	# Oct 26 13:30:01 valstar svn: No worthy mechs found
308	# without it, source http://mail-index.netbsd.org/pkgsrc-users/2008/11/23/msg008706.html
309	#
310	$sasl2_package = $architecture ? {
311	x86_64 => "lib64sasl2-plug-anonymous",
312	default => "libsasl2-plug-anonymous"
313	}
314
315	package {"$sasl2_package":
316	ensure => "installed"
317	}
318	}
319
320	define snapshot($source, $refresh = '*/5', $user = 'root') {
321
322	include subversion::client
323
324	exec { "/usr/bin/svn co $source $name":
325	creates => $name,
326	user => $user,
327	require => Package['subversion']
328	}
329
330	cron { "update $name":
331	command => "cd $name && /usr/bin/svn update -q",
332	user => $user,
333	minute => $refresh,
334	require => Exec["/usr/bin/svn co $source $name"],
335	}
336	}
337
338	class mirror {
339	include subversion::tools
340	file { "/usr/local/bin/create_svn_mirror.sh":
341	ensure => present,
342	owner => root,
343	group => root,
344	mode => 755,
345	content => template('subversion/create_svn_mirror.sh')
346	}
347	}
348
349	define mirror_repository($source,
350	$refresh = '*/5') {
351	include subversion::mirror
352
353	exec { "/usr/local/bin/create_svn_mirror.sh $name $source":
354	creates => $name,
355	require => Package['subversion-tools']
356	}
357
358	cron { "update $name":
359	command => "/usr/bin/svnsync synchronize -q file://$name",
360	minute => $refresh,
361	require => Exec["/usr/local/bin/create_svn_mirror.sh $name $source"],
362	}
363	}
364	}