X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fbuildd%2Fmanifests%2Finit.pp;h=ee60baa7fb7cfc2531b062fc8161565d535db5fa;hb=5715c43a537e3db4c51ee698056b70435b3127a8;hp=87ea915c98715225f56f60e84f42f9889ed3bdc8;hpb=4bfaf9f2c5dd881ea65c4f564a4c3720a4e8df82;p=dsa-puppet.git

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index 87ea915c..ee60baa7 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -1,39 +1,37 @@
 class buildd ($ensure=present) {
 
-	$package_ensure = $ensure ? {
-		present => installed,
-		absent  => $ensure
-	}
+	include schroot
 
-	package { 'schroot':
-		ensure => $package_ensure,
-		tag    => extra_repo,
-	}
 	package { 'sbuild':
-		ensure => $package_ensure,
+		ensure => installed,
 		tag    => extra_repo,
 	}
 	package { 'libsbuild-perl':
-		ensure => $package_ensure,
+		ensure => installed,
 		tag    => extra_repo,
 		before => Package['sbuild']
 	}
 
 	package { 'apt-transport-https':
-		ensure => $package_ensure,
-	}
-	package { [
-			'debootstrap',
-			'dupload'
-		]:
 		ensure => installed,
 	}
-
-	site::linux_module { 'dm_snapshot':
-		ensure => $ensure
-	}
-	ferm::module { 'nf_conntrack_ftp':
-		ensure => $ensure
+	if $ensure == present {
+		package { 'dupload':
+			ensure => installed,
+		}
+		file { '/etc/dupload.conf':
+			source  => 'puppet:///modules/buildd/dupload.conf',
+			require => Package['dupload'],
+		}
+		package { 'buildd':
+			ensure => installed,
+		}
+		file { '/etc/buildd/buildd.conf':
+			source  => 'puppet:///modules/buildd/buildd.conf',
+			require => Package['buildd'],
+		}
+		site::linux_module { 'dm_snapshot': }
+		include ferm::ftp_conntrack
 	}
 
 	site::aptrepo { 'buildd':
@@ -41,66 +39,159 @@ class buildd ($ensure=present) {
 	}
 
 	$suite = $::lsbdistcodename ? {
-		squeeze => $::lsbdistcodename,
-		wheezy  => $::lsbdistcodename,
+		squeeze  => $::lsbdistcodename,
+		wheezy   => $::lsbdistcodename,
+		jessie   => $::lsbdistcodename,
+		stretch  => $::lsbdistcodename,
 		undef   => 'squeeze',
 		default => 'wheezy'
 	}
 
+	$buildd_apt_url = $::debarchitecture ? {
+		/^sparc$/ => 'http://buildd.debian.org/apt/',
+		default   => 'https://buildd.debian.org/apt/',
+	}
+
 	site::aptrepo { 'buildd.debian.org':
-		ensure     => $ensure,
-		key        => 'puppet:///modules/buildd/buildd.debian.org.asc',
-		url        => 'https://buildd.debian.org/apt/',
+		key        => 'puppet:///modules/buildd/buildd.debian.org.gpg',
+		url        => $buildd_apt_url,
 		suite      => $suite,
 		components => 'main',
 		require    => Package['apt-transport-https'],
 	}
 
-	if $::hostname in [alkman,porpora,zandonai] {
-		site::aptrepo { 'buildd.debian.org-proposed':
-			url        => 'https://buildd.debian.org/apt/',
-			suite      => "${suite}-proposed",
-			components => 'main',
-			require    => Package['apt-transport-https'],
-		}
+	$buildd_prop_ensure = $::hostname ? {
+		/^(alkman|zandonai)$/ => 'present',
+		default => 'absent',
 	}
 
-	if $::hostname in [krenek] {
-		site::aptrepo { 'buildd.debian.org-experimental':
-			url        => 'https://buildd.debian.org/apt/',
-			suite      => "${suite}-experimental",
-			components => 'main',
-			require    => Package['apt-transport-https'],
+	if ($::lsbmajdistrelease >= 8) {
+		file { '/etc/apt/apt.conf.d/puppet-https-buildd':
+			content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/ca-debian/ca-certificates.crt\";\n",
+		}
+	} else {
+		file { '/etc/apt/apt.conf.d/puppet-https-buildd':
+			content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n",
 		}
 	}
+	site::aptrepo { 'buildd.debian.org-proposed':
+		ensure     => $buildd_prop_ensure,
+		url        => 'https://buildd.debian.org/apt/',
+		suite      => "${suite}-proposed",
+		components => 'main',
+		require    => [ Package['apt-transport-https'],
+		                File['/etc/apt/apt.conf.d/puppet-https-buildd'] ],
+	}
 
 	# 'bad' extension
 	file { '/etc/apt/preferences.d/buildd.debian.org':
 		ensure => absent,
 	}
 	file { '/etc/apt/preferences.d/buildd':
-		ensure  => $ensure,
-		content => template('buildd/etc/apt/preferences.d/buildd'),
-		before  => Site::Aptrepo['buildd.debian.org']
-	}
-	file { '/etc/schroot/mount-defaults':
-		ensure  => $ensure,
-		content => template('buildd/etc/schroot/mount-defaults.erb'),
-		require => Package['sbuild'],
+		ensure => absent,
 	}
 	file { '/etc/cron.d/dsa-buildd':
-		ensure  => $ensure,
 		source  => 'puppet:///modules/buildd/cron.d-dsa-buildd',
 		require => Package['debian.org']
 	}
-	file { '/etc/dupload.conf':
-		ensure  => $ensure,
-		source  => 'puppet:///modules/buildd/dupload.conf',
-		require => Package['dupload'],
+
+	if ($::lsbmajdistrelease >= 7 and $::kernel == 'Linux') {
+		package { 'python-psutil':
+			ensure => installed,
+		}
+		if ($::lsbmajdistrelease >= 8) {
+			file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
+				source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill',
+				mode    => '0555',
+			}
+		} else {
+			file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
+				source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.wheezy',
+				mode    => '0555',
+			}
+		}
+	} else {
+		file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
+			source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.squeeze',
+			mode    => '0555',
+		}
+	}
+	file { '/etc/cron.d/puppet-buildd-aptitude':
+		content => "*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill\n",
 	}
-	file { '/etc/default/schroot':
-		ensure  => $ensure,
-		source  => 'puppet:///modules/buildd/default-schroot',
-		require => Package['schroot']
+
+	if $has_srv_buildd {
+		file { '/etc/cron.d/puppet-update-buildd-schroots':
+			content  => "13 21 * * 0 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd\n",
+		}
+	}
+
+	file { '/home/buildd':
+		ensure  => directory,
+		mode    => '2755',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/build':
+		ensure  => directory,
+		mode    => '2750',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/logs':
+		ensure  => directory,
+		mode    => '2750',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/old-logs':
+		ensure  => directory,
+		mode    => '2750',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/upload-security':
+		ensure  => directory,
+		mode    => '2750',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/stats':
+		ensure  => directory,
+		mode    => '2755',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/stats/graphs':
+		ensure  => directory,
+		mode    => '2755',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/upload':
+		ensure  => directory,
+		mode    => '2755',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/.forward':
+		content  => "|/usr/bin/buildd-mail\n",
+		group   => buildd,
+		owner   => buildd,
+	}
+
+	if ! $::buildd_key {
+		exec { 'create-buildd-key':
+			command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+			onlyif  => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]'
+		}
+	}
+
+
+	if $::buildd_user_exists {
+		exec { 'add-buildd-user-to-sbuild':
+			command => 'adduser buildd sbuild',
+			onlyif  => "getent group sbuild > /dev/null && ! getent group sbuild | grep '\\<buildd\\>' > /dev/null"
+		}
 	}
 }