aboutsummaryrefslogtreecommitdiffstats
path: root/deployment/mga_buildsystem
diff options
context:
space:
mode:
Diffstat (limited to 'deployment/mga_buildsystem')
-rw-r--r--deployment/mga_buildsystem/manifests/buildnode.pp4
-rw-r--r--deployment/mga_buildsystem/manifests/config.pp668
-rw-r--r--deployment/mga_buildsystem/manifests/init.pp2
-rw-r--r--deployment/mga_buildsystem/manifests/mainnode.pp14
4 files changed, 688 insertions, 0 deletions
diff --git a/deployment/mga_buildsystem/manifests/buildnode.pp b/deployment/mga_buildsystem/manifests/buildnode.pp
new file mode 100644
index 00000000..f6bf70ea
--- /dev/null
+++ b/deployment/mga_buildsystem/manifests/buildnode.pp
@@ -0,0 +1,4 @@
+class mga_buildsystem::buildnode {
+ include mga_buildsystem::config
+ include buildsystem::buildnode
+}
diff --git a/deployment/mga_buildsystem/manifests/config.pp b/deployment/mga_buildsystem/manifests/config.pp
new file mode 100644
index 00000000..c0c62cc4
--- /dev/null
+++ b/deployment/mga_buildsystem/manifests/config.pp
@@ -0,0 +1,668 @@
+class mga_buildsystem::config {
+ class { 'buildsystem::var::signbot':
+ keyid => '80420F66',
+ keyemail => "packages@${::domain}",
+ keyname => 'Mageia Packages',
+ }
+
+ class { 'buildsystem::var::groups':
+ packagers => 'mga-packagers',
+ packagers_committers => 'mga-packagers-committers',
+ }
+
+ class { 'buildsystem::var::webstatus' :
+ package_commit_url => "https://svnweb.${::domain}/packages?view=revision&revision=%d",
+ theme_name => 'mageia',
+ }
+
+ class { 'buildsystem::var::iurt':
+ timeout_multiplier => $::architecture ? {
+ /arm/ => 4,
+ 'aarch64' => 2,
+ default => 1,
+ }
+ }
+
+ class { 'buildsystem::var::scheduler' :
+ admin_mail => "sysadmin@group.${::domain}",
+ build_nodes => {
+ 'i586' => [ 'ecosse0', 'rabbit0', 'ecosse1', 'rabbit1', 'rabbit2' ],
+ 'i686' => [ 'ecosse0', 'rabbit0', 'ecosse1', 'rabbit1', 'rabbit2' ],
+ 'x86_64' => [ 'rabbit0', 'ecosse0', 'rabbit1', 'ecosse1', 'rabbit2' ],
+ 'armv7hl' => [ 'ncaa1-a', 'ncaa1-b', 'ncaa1-c', 'ociaa1-a', 'ociaa1-b'],
+ 'aarch64' => [ 'ncaa1-a', 'ncaa1-b', 'ncaa1-c', 'ociaa1-a', 'ociaa1-b'],
+ },
+ build_nodes_aliases => {
+ 'ecosse0' => "ecosse.${::domain}",
+ 'ecosse1' => "ecosse.${::domain}",
+ 'rabbit0' => "rabbit.${::domain}",
+ 'rabbit1' => "rabbit.${::domain}",
+ 'rabbit2' => "rabbit.${::domain}",
+ 'ociaa1-a' => "ociaa1.${::domain}",
+ 'ociaa1-b' => "ociaa1.${::domain}",
+ 'ociaa1-c' => "ociaa1.${::domain}",
+ },
+ build_src_node => 'duvel',
+ }
+ include buildsystem::var::repository
+ class { 'buildsystem::var::binrepo':
+ uploadmail_from => "binrepo_noreply@ml.${::domain}",
+ uploadmail_to => "packages-commits@ml.${::domain}",
+ }
+
+ $svn_hostname = "svn.${::domain}"
+ $svn_root_packages = "svn://${svn_hostname}/svn/packages"
+ $svn_root_packages_ssh = "svn+ssh://${svn_hostname}/svn/packages"
+ class { 'buildsystem::var::mgarepo':
+ submit_host => "pkgsubmit.${::domain}",
+ svn_hostname => $svn_hostname,
+ svn_root_packages => $svn_root_packages,
+ svn_root_packages_ssh => $svn_root_packages_ssh,
+ oldurl => "${svn_root_packages_ssh}/misc",
+ conf => {
+ 'global' => {
+ 'ldap-server' => "ldap.${::domain}",
+ 'ldap-base' => "ou=People,${::dc_suffix}",
+ 'ldap-filterformat' => '(&(objectClass=inetOrgPerson)(uid=$username))',
+ 'ldap-resultformat' => '$cn <$mail>',
+ }
+ }
+ }
+
+ include stdlib
+
+ $std_arch = ['x86_64', 'i586']
+ $x86_arch = ['x86_64', 'i686']
+ $arm32_arch = ['armv5tl', 'armv7hl']
+ $std_repos = {
+ 'release' => {
+ 'media_type' => [ 'release' ],
+ 'requires' => [],
+ 'order' => 0,
+ },
+ 'updates' => {
+ 'media_type' => [ 'updates' ],
+ 'updates_for' => 'release',
+ 'requires' => [ 'release' ],
+ 'order' => 1,
+ },
+ 'updates_testing' => {
+ 'media_type' => [ 'testing' ],
+ 'noauto' => '1',
+ 'requires' => [ 'updates' ],
+ 'order' => 2,
+ },
+ 'backports' => {
+ 'media_type' => [ 'backports' ],
+ 'noauto' => '1',
+ 'requires' => [ 'updates' ],
+ 'order' => 3,
+ },
+ 'backports_testing' => {
+ 'media_type' => [ 'testing' ],
+ 'noauto' => '1',
+ 'requires' => [ 'backports' ],
+ 'order' => 4,
+ },
+ }
+ $std_medias = {
+ 'core' => {
+ 'repos' => $std_repos,
+ 'media_type' => [ 'official', 'free' ],
+ 'order' => 0,
+ },
+ 'nonfree' => {
+ 'repos' => $std_repos,
+ 'media_type' => [ 'official' ],
+ 'noauto' => '1',
+ 'requires' => [ 'core' ],
+ 'order' => 1,
+ },
+ 'tainted' => {
+ 'repos' => $std_repos,
+ 'media_type' => [ 'official' ],
+ 'noauto' => '1',
+ 'requires' => [ 'core' ],
+ 'order' => 2,
+ },
+ }
+ $std_base_media = [ 'core/release', 'core/updates' ]
+ $infra_medias = {
+ 'infra' => {
+ 'repos' => {
+ 'updates' => {
+ 'media_type' => [ 'updates' ],
+ 'requires' => [ 'release' ],
+ 'order' => 0,
+ },
+ },
+ 'media_type' => [ 'infra' ],
+ 'requires' => [ 'core' ],
+ 'order' => 0,
+ },
+ }
+ $std_macros = {
+ 'distsuffix' => '.mga',
+ 'distribution' => 'Mageia',
+ 'vendor' => 'Mageia.Org',
+ '_real_vendor' => 'mageia',
+ }
+ $repo_allow_from_ips = [
+ $::nodes_ipaddr[duvel][ipv6],
+ $::nodes_ipaddr[duvel][ipv4],
+ $::nodes_ipaddr[ecosse][ipv6],
+ $::nodes_ipaddr[ecosse][ipv4],
+ $::nodes_ipaddr[fiona][ipv6],
+ $::nodes_ipaddr[fiona][ipv4],
+ '10.42.0',
+ $::nodes_ipaddr[rabbit][ipv4],
+ $::nodes_ipaddr[rabbit][ipv6],
+ $::nodes_ipaddr[sucuk][ipv4],
+ $::nodes_ipaddr[sucuk][ipv6],
+ '85.134.55.73',
+ $::nodes_ipaddr[neru][ipv4],
+ $::nodes_ipaddr[neru][ipv6],
+ '2001:bc8:4400:2700::2729',
+ '147.75.83.250',
+ '2604:1380:2000:f100::1',
+ '2a05:d014:e9:2c00::/56',
+ '147.75.69.244/30',
+ '2604:1380:1001:4900::/127',
+ # Will be new neru
+ '51.15.220.93',
+ '2001:bc8:628:1f00::1',
+ # Oracle cloud VMs
+ '2603:c026:c101:f00::/64',
+ $::nodes_ipaddr[ncaa1][ipv4],
+ $::nodes_ipaddr[ncaa1][ipv6],
+ ]
+ $repo_allow_from_domains = [
+ ".${::domain}",
+ ]
+
+ # the list of checks, actions, posts for cauldron in youri-upload
+ $cauldron_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'markrelease',
+ 'sign',
+ 'install',
+ 'link',
+ 'unpack_release_notes',
+ 'unpack_gfxboot_theme',
+ 'unpack_meta_task',
+ 'unpack_installer_images',
+ 'unpack_installer_images_nonfree',
+ 'unpack_installer_stage2',
+ 'unpack_installer_advertising',
+ 'unpack_installer_rescue',
+ 'unpack_syslinux',
+ 'unpack_pci_usb_ids',
+ 'archive',
+ 'mail',
+ 'maintdb',
+ ],
+ 'posts' => [
+ 'genhdlist2_zstd',
+ 'createrepo_cauldron',
+ 'appstream_cauldron',
+ 'clean_rpmsrate',
+ 'mirror',
+ ],
+ }
+
+ # TODO: mga >= 6 should use std config + createrepo, not a different one
+ $mga6_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'sign',
+ 'install',
+ 'link',
+ 'archive',
+ 'mail',
+ ],
+ 'posts' => [
+ 'genhdlist2',
+ 'createrepo_mga6',
+ 'appstream_mga6',
+ 'mirror',
+ ],
+ }
+
+ $mga7_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'sign',
+ 'install',
+ 'link',
+ 'archive',
+ 'mail',
+ ],
+ 'posts' => [
+ 'genhdlist2',
+ 'createrepo_mga7',
+ 'appstream_mga7',
+ 'mirror',
+ ],
+ }
+
+ $mga8_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'sign',
+ 'install',
+ 'link',
+ 'archive',
+ 'mail',
+ ],
+ 'posts' => [
+ 'genhdlist2',
+ 'createrepo_mga8',
+ 'appstream_mga8',
+ 'mirror',
+ ],
+ }
+
+ $mga9_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'sign',
+ 'install',
+ 'link',
+ 'archive',
+ 'mail',
+ ],
+ 'posts' => [
+ 'genhdlist2',
+ 'createrepo_mga9',
+ 'appstream_mga9',
+ 'mirror',
+ ],
+ }
+
+ # the list of checks, actions, posts for infra distros in youri-upload
+ $infra_youri_upload_targets = {
+ 'checks' => [
+ 'version',
+ 'tag',
+ 'acl',
+ 'rpmlint',
+ 'recency',
+ ],
+ 'actions' => [
+ 'sign',
+ 'install',
+ 'link',
+ 'archive',
+ ],
+ 'posts' => [
+ 'genhdlist2',
+ ],
+ }
+
+ # the list of checks, actions, posts for cauldron in youri-todo
+ $cauldron_youri_todo_targets = {
+ 'checks' => [
+ 'source',
+ 'deps',
+ 'version',
+ 'tag',
+ 'acl',
+ 'host',
+ 'rpmlint',
+ 'recency',
+ 'queue_recency',
+ ],
+ 'actions' => [
+ 'send',
+ 'dependencies',
+ 'rpminfo',
+ 'ulri',
+ ],
+ }
+
+ # the list of checks, actions, posts for stable and infra distros in youri-todo
+ $std_youri_todo_targets = {
+ 'checks' => [
+ 'source',
+ 'version',
+ 'tag',
+ 'acl',
+ 'host',
+ 'rpmlint',
+ 'recency',
+ 'queue_recency',
+ ],
+ 'actions' => [
+ 'send',
+ 'dependencies',
+ 'rpminfo',
+ 'ulri',
+ ],
+ }
+
+ # rpmlint check options for stable and cauldron
+ $mga_rpmlint = {
+ 'config' => '/usr/share/rpmlint/config',
+ 'path' => '/usr/bin/rpmlint',
+ 'results' => [
+ 'buildprereq-use',
+ 'no-description-tag',
+ 'no-summary-tag',
+ 'non-standard-group',
+ 'non-xdg-migrated-menu',
+ 'percent-in-conflicts',
+ 'percent-in-dependency',
+ 'percent-in-obsoletes',
+ 'percent-in-provides',
+ 'summary-ended-with-dot',
+ 'unexpanded-macro',
+ 'unknown-lsb-keyword',
+ 'malformed-line-in-lsb-comment-block',
+ 'empty-%postun',
+ 'empty-%post',
+ 'invalid-desktopfile',
+ 'standard-dir-owned-by-package',
+ 'use-tmp-in-%postun',
+ 'bogus-variable-use-in-%posttrans',
+ 'dir-or-file-in-usr-local',
+ 'dir-or-file-in-tmp',
+ 'dir-or-file-in-mnt',
+ 'dir-or-file-in-opt',
+ 'dir-or-file-in-home',
+ 'dir-or-file-in-var-local',
+ 'tmpfiles-conf-in-etc',
+ 'non-ghost-in-run',
+ 'non-ghost-in-var-run',
+ 'non-ghost-in-var-lock',
+ 'systemd-unit-in-etc',
+ 'udev-rule-in-etc',
+ ],
+ }
+
+ # list of users allowed to submit packages when cauldron is frozen
+ $cauldron_authorized_users = str_join(group_members('mga-release_managers'), '|')
+ $cauldron_version_check = {
+ 'authorized_sections' => '^[a-z]+/updates_testing$',
+ #'authorized_sections' => 'none_section_authorized',
+ #'authorized_packages' => 'none_package_authorized',
+ 'authorized_packages' => 'drak|^(urpmi|perl-(MDK-Common|Gtk3|Glib(-Object-Introspection)?|URPM)|mgaonline|net_monitor|perl_checker|mandi|indexhtml|ldetect(-lst)?|msec|manatools|rpm-(mageia-setup|helper)|(mga-|mageia).*|iurt)$',
+ 'authorized_arches' => 'none',
+ 'authorized_users' => "^${cauldron_authorized_users}\$",
+ 'mode' => 'normal',
+ #'mode' => 'version_freeze',
+ #'mode' => 'freeze',
+ }
+
+ # for EOL distributions
+ $frozen_version_check = {
+ 'authorized_packages' => 'none_package_authorized',
+ 'authorized_sections' => 'none_section_authorized',
+ 'authorized_arches' => 'none',
+ 'mode' => 'freeze',
+ }
+
+ # for supported stable distributions
+ $std_version_check = {
+ 'authorized_packages' => 'none_package_authorized',
+ 'authorized_sections' => '^(core|nonfree|tainted)/(updates_testing|backports_testing)$',
+ 'authorized_arches' => 'none',
+ 'mode' => 'freeze',
+ }
+
+ $infra_authorized_users = str_join(group_members('mga-sysadmin'), '|')
+ $infra_version_check = {
+ 'authorized_users' => "^${infra_authorized_users}\$",
+ 'mode' => 'freeze',
+ }
+
+ class { 'buildsystem::var::distros':
+ default_distro => 'cauldron',
+ repo_allow_from_ips => $repo_allow_from_ips,
+ repo_allow_from_domains => $repo_allow_from_domains,
+ distros => {
+ 'cauldron' => {
+ 'arch' => concat($x86_arch, ['armv7hl', 'aarch64']),
+ 'mandatory_arch' => concat($x86_arch, ['aarch64']),
+ 'no_media_cfg_update' => true,
+ 'medias' => $std_medias,
+ 'base_media' => $std_base_media,
+ 'branch' => 'Devel',
+ 'version' => '10',
+ 'submit_allowed' => "${svn_root_packages}/cauldron",
+ 'macros' => $std_macros,
+ 'youri' => {
+ 'upload' => {
+ 'targets' => $cauldron_youri_upload_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ },
+ },
+ 'todo' => {
+ 'targets' => $cauldron_youri_todo_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ 'version' => $cauldron_version_check,
+ },
+ },
+ },
+ },
+
+
+ '8' => {
+ 'arch' => concat($std_arch, ['armv7hl', 'aarch64']),
+ 'mandatory_arch' => concat($std_arch, ['aarch64']),
+ 'no_media_cfg_update' => true,
+ 'medias' => $std_medias,
+ 'base_media' => $std_base_media,
+ 'branch' => 'Official',
+ 'version' => '8',
+ 'submit_allowed' => "${svn_root_packages}/updates/8",
+ 'backports_allowed' => "${svn_root_packages}/backports/8",
+ 'macros' => $std_macros,
+ 'youri' => {
+ 'upload' => {
+ 'targets' => $mga8_youri_upload_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ },
+ },
+ 'todo' => {
+ 'targets' => $std_youri_todo_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ 'version' => $std_version_check,
+ },
+ },
+ },
+ },
+
+ '9' => {
+ 'arch' => concat($std_arch, ['armv7hl', 'aarch64']),
+ 'mandatory_arch' => concat($std_arch, ['aarch64']),
+ 'no_media_cfg_update' => true,
+ 'medias' => $std_medias,
+ 'base_media' => $std_base_media,
+ 'branch' => 'Official',
+ 'version' => '9',
+ 'submit_allowed' => "${svn_root_packages}/updates/9",
+ 'backports_allowed' => "${svn_root_packages}/backports/9",
+ 'macros' => $std_macros,
+ 'youri' => {
+ 'upload' => {
+ 'targets' => $mga9_youri_upload_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ },
+ },
+ 'todo' => {
+ 'targets' => $std_youri_todo_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ 'version' => $std_version_check,
+ },
+ },
+ },
+ },
+
+ 'infra_8' => {
+ 'arch' => concat($std_arch, ['armv7hl', 'aarch64']),
+ 'medias' => $infra_medias,
+ 'base_media' => [ '8/core/release', '8/core/updates', 'infra/updates' ],
+ 'branch' => 'Official',
+ 'version' => '8',
+ 'submit_allowed' => "${svn_root_packages}/updates/infra_8",
+ 'macros' => $std_macros,
+ 'based_on' => {
+ '8' => {
+ 'core' => [ 'release', 'updates' ],
+ },
+ },
+ 'youri' => {
+ 'upload' => {
+ 'targets' => $infra_youri_upload_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ },
+ },
+ 'todo' => {
+ 'targets' => $std_youri_todo_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ 'version' => $infra_version_check,
+ },
+ },
+ },
+ 'no_mirror' => true,
+ },
+
+ 'infra_9' => {
+ 'arch' => concat($std_arch, ['armv7hl', 'aarch64']),
+ 'medias' => $infra_medias,
+ 'base_media' => [ '9/core/release', '9/core/updates', 'infra/updates' ],
+ 'branch' => 'Official',
+ 'version' => '9',
+ 'submit_allowed' => "${svn_root_packages}/updates/infra_9",
+ 'macros' => $std_macros,
+ 'based_on' => {
+ '9' => {
+ 'core' => [ 'release', 'updates' ],
+ },
+ },
+ 'youri' => {
+ 'upload' => {
+ 'targets' => $infra_youri_upload_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ },
+ },
+ 'todo' => {
+ 'targets' => $std_youri_todo_targets,
+ 'checks' => {
+ 'rpmlint' => $mga_rpmlint,
+ 'version' => $infra_version_check,
+ },
+ },
+ },
+ 'no_mirror' => true,
+ },
+ }
+ }
+ $checks_tag_options = {
+ 'tags' => {
+ 'release' => inline_template("^[^~]*<%= std_macros['distsuffix'] %>\\d+"),
+ 'distribution' => inline_template("^<%= std_macros['distribution'] %>"),
+ 'vendor' => inline_template("^<%= std_macros['vendor'] %>$"),
+ },
+ }
+ class { 'buildsystem::var::youri':
+ packages_archivedir => "${buildsystem::var::scheduler::homedir}/old",
+ youri_conf => {
+ 'upload' => {
+ 'checks' => {
+ 'tag' => {
+ 'options' => $checks_tag_options,
+ },
+ 'rpmlint' => {
+ 'options' => {
+ 'results' => [
+ 'buildprereq-use',
+ 'no-description-tag',
+ 'no-summary-tag',
+ 'non-standard-group',
+ 'non-xdg-migrated-menu',
+ 'percent-in-conflicts',
+ 'percent-in-dependency',
+ 'percent-in-obsoletes',
+ 'percent-in-provides',
+ 'summary-ended-with-dot',
+ 'unexpanded-macro',
+ 'unknown-lsb-keyword',
+ 'malformed-line-in-lsb-comment-block',
+ 'empty-%postun',
+ 'empty-%post',
+ 'invalid-desktopfile',
+ 'standard-dir-owned-by-package',
+ 'use-tmp-in-%postun',
+ 'bogus-variable-use-in-%posttrans',
+ 'dir-or-file-in-usr-local',
+ 'dir-or-file-in-tmp',
+ 'dir-or-file-in-mnt',
+ 'dir-or-file-in-opt',
+ 'dir-or-file-in-home',
+ 'dir-or-file-in-var-local',
+ ],
+ },
+ },
+ },
+ 'actions' => {
+ 'mail' => {
+ 'options' => {
+ 'to' => "changelog@ml.${::domain}",
+ 'reply_to' => "dev@ml.${::domain}",
+ 'from' => "buildsystem-daemon@${::domain}",
+ 'prefix' => 'RPM',
+ },
+ },
+ },
+ },
+ 'todo' => {
+ 'checks' => {
+ 'tag' => {
+ 'options' => $checks_tag_options,
+ },
+ },
+ },
+ }
+ }
+}
diff --git a/deployment/mga_buildsystem/manifests/init.pp b/deployment/mga_buildsystem/manifests/init.pp
new file mode 100644
index 00000000..a111c3da
--- /dev/null
+++ b/deployment/mga_buildsystem/manifests/init.pp
@@ -0,0 +1,2 @@
+class mga_buildsystem {
+}
diff --git a/deployment/mga_buildsystem/manifests/mainnode.pp b/deployment/mga_buildsystem/manifests/mainnode.pp
new file mode 100644
index 00000000..b614cdbd
--- /dev/null
+++ b/deployment/mga_buildsystem/manifests/mainnode.pp
@@ -0,0 +1,14 @@
+class mga_buildsystem::mainnode {
+ include mga_buildsystem::config
+ include buildsystem::mainnode
+ include buildsystem::release
+ include buildsystem::maintdb
+ include buildsystem::binrepo
+ include buildsystem::repoctl
+ include buildsystem::webstatus
+
+ $rpmlint_packages = [ 'rpmlint-mageia-policy']
+ package { $rpmlint_packages:
+ ensure => installed
+ }
+}
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-12 19:06:02 +0000