1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
class buildsystem {
class base {
$build_login = "iurt"
$build_home_dir = "/home/$build_login"
$sched_login = "schedbot"
$sched_home_dir = "/home/$sched_login"
include ssh::auth
ssh::auth::key { $build_login: } # declare a key for build bot: RSA, 2048 bits
ssh::auth::key { $sched_login: } # declare a key for sched bot: RSA, 2048 bits
}
class mainnode inherits base {
include iurtuser
sshuser { $sched_login:
homedir => $sched_home_dir,
comment => "System user used to schedule builds",
}
ssh::auth::client { $sched_login: }
ssh::auth::server { $build_login: }
$package_list = ['task-bs-cluster-main', 'iurt']
package { $package_list:
ensure => "installed"
}
apache::vhost_other_app { "repository.$domain":
vhost_file => "buildsystem/vhost_repository.conf",
}
}
class buildnode inherits base {
include iurt
}
class scheduler {
# ulri
}
class dispatcher {
# emi
}
class repsys {
package { 'repsys':
}
}
define sshuser($homedir, $comment) {
group {"$title":
ensure => present,
}
user {"$title":
ensure => present,
comment => $comment,
managehome => true,
gid => $title,
shell => "/bin/bash",
notify => Exec["unlock$title"],
}
# set password to * to unlock the account but forbid login through login
exec { "unlock$title":
command => "usermod -p '*' $title",
refreshonly => true,
}
file { $homedir:
ensure => "directory",
require => User[$title],
}
file { "$homedir/.ssh":
ensure => "directory",
mode => 600,
owner => $title,
group => $title,
require => File[$homedir],
}
}
class iurtuser {
sshuser { $build_login:
homedir => $build_home_dir,
comment => "System user used to run build bots",
}
}
class iurt {
include sudo
include iurtuser
ssh::auth::client { $build_login: }
ssh::auth::server { $sched_login: user => $build_login }
# build node common settings
# we could have the following skip list to use less space:
# '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
$package_list = ['task-bs-cluster-chroot', 'iurt']
package { $package_list:
ensure => installed;
}
file { "$build_home_dir/.iurt.cauldron.conf":
ensure => present,
owner => $build_login,
group => $build_login,
mode => 644,
content => template("buildsystem/iurt.cauldron.conf")
}
file { "/etc/sudoers.d/iurt":
ensure => present,
owner => root,
group => root,
mode => 440,
content => template("buildsystem/sudoers.iurt")
}
}
}
|
