From: Peter Palfrader Date: Fri, 24 Jun 2016 16:36:29 +0000 (+0200) Subject: do not do anything with the buildd module until we have the buildd user from ldap X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f58b1cbe698b55e9639dc519fb42c73369a0b8d9;p=mirror%2Fdsa-puppet.git do not do anything with the buildd module until we have the buildd user from ldap --- diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp index 4703bc86b..0e2aef3a6 100644 --- a/modules/buildd/manifests/init.pp +++ b/modules/buildd/manifests/init.pp @@ -1,214 +1,214 @@ class buildd ($ensure=present) { + # Do nothing until we get the buildd user from ldap + if $::buildd_user_exists { + include schroot - include schroot - - package { 'sbuild': - ensure => installed, - tag => extra_repo, - } - package { 'libsbuild-perl': - ensure => installed, - tag => extra_repo, - before => Package['sbuild'] - } - - package { 'apt-transport-https': - ensure => installed, - } - if $ensure == present { - package { 'dupload': + package { 'sbuild': ensure => installed, + tag => extra_repo, } - file { '/etc/dupload.conf': - source => 'puppet:///modules/buildd/dupload.conf', - require => Package['dupload'], - } - package { 'buildd': + package { 'libsbuild-perl': ensure => installed, + tag => extra_repo, + before => Package['sbuild'] } - file { '/etc/buildd/buildd.conf': - source => 'puppet:///modules/buildd/buildd.conf', - require => Package['buildd'], + + package { 'apt-transport-https': + ensure => installed, } - if ($::lsbmajdistrelease >= 8) { - file { '/etc/sbuild/sbuild.conf': - source => 'puppet:///modules/buildd/sbuild.conf', - require => Package['sbuild'], + if $ensure == present { + package { 'dupload': + ensure => installed, } - } else { - file { '/etc/sbuild/sbuild.conf': - source => 'puppet:///modules/buildd/sbuild.conf.wheezy', - require => Package['sbuild'], + file { '/etc/dupload.conf': + source => 'puppet:///modules/buildd/dupload.conf', + require => Package['dupload'], + } + package { 'buildd': + ensure => installed, + } + file { '/etc/buildd/buildd.conf': + source => 'puppet:///modules/buildd/buildd.conf', + require => Package['buildd'], + } + if ($::lsbmajdistrelease >= 8) { + file { '/etc/sbuild/sbuild.conf': + source => 'puppet:///modules/buildd/sbuild.conf', + require => Package['sbuild'], + } + } else { + file { '/etc/sbuild/sbuild.conf': + source => 'puppet:///modules/buildd/sbuild.conf.wheezy', + require => Package['sbuild'], + } } + include ferm::ftp_conntrack } - include ferm::ftp_conntrack - } - site::aptrepo { 'buildd': - ensure => absent, - } + site::aptrepo { 'buildd': + ensure => absent, + } - $suite = $::lsbdistcodename ? { - wheezy => $::lsbdistcodename, - jessie => $::lsbdistcodename, - stretch => $::lsbdistcodename, - undef => 'wheezy', - default => 'jessie' - } + $suite = $::lsbdistcodename ? { + wheezy => $::lsbdistcodename, + jessie => $::lsbdistcodename, + stretch => $::lsbdistcodename, + undef => 'wheezy', + default => 'jessie' + } - $buildd_apt_url = $::debarchitecture ? { - /^sparc$/ => 'http://buildd.debian.org/apt/', - default => 'https://buildd.debian.org/apt/', - } + $buildd_apt_url = $::debarchitecture ? { + /^sparc$/ => 'http://buildd.debian.org/apt/', + default => 'https://buildd.debian.org/apt/', + } - site::aptrepo { 'buildd.debian.org': - key => 'puppet:///modules/buildd/buildd.debian.org.gpg', - url => $buildd_apt_url, - suite => $suite, - components => 'main', - require => Package['apt-transport-https'], - } + site::aptrepo { 'buildd.debian.org': + key => 'puppet:///modules/buildd/buildd.debian.org.gpg', + url => $buildd_apt_url, + suite => $suite, + components => 'main', + require => Package['apt-transport-https'], + } - $buildd_prop_ensure = $::hostname ? { - /^(alkman)$/ => 'present', - default => 'absent', - } + $buildd_prop_ensure = $::hostname ? { + /^(alkman)$/ => 'present', + default => 'absent', + } - if ($::lsbmajdistrelease >= 8) { - file { '/etc/apt/apt.conf.d/puppet-https-buildd': - content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/ca-debian/ca-certificates.crt\";\n", + if ($::lsbmajdistrelease >= 8) { + file { '/etc/apt/apt.conf.d/puppet-https-buildd': + content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/ca-debian/ca-certificates.crt\";\n", + } + } else { + file { '/etc/apt/apt.conf.d/puppet-https-buildd': + content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n", + } } - } else { - file { '/etc/apt/apt.conf.d/puppet-https-buildd': - content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n", + site::aptrepo { 'buildd.debian.org-proposed': + ensure => $buildd_prop_ensure, + url => 'https://buildd.debian.org/apt/', + suite => "${suite}-proposed", + components => 'main', + require => [ Package['apt-transport-https'], + File['/etc/apt/apt.conf.d/puppet-https-buildd'] ], } - } - site::aptrepo { 'buildd.debian.org-proposed': - ensure => $buildd_prop_ensure, - url => 'https://buildd.debian.org/apt/', - suite => "${suite}-proposed", - components => 'main', - require => [ Package['apt-transport-https'], - File['/etc/apt/apt.conf.d/puppet-https-buildd'] ], - } - # 'bad' extension - file { '/etc/apt/preferences.d/buildd.debian.org': - ensure => absent, - } - file { '/etc/apt/preferences.d/buildd': - ensure => absent, - } - file { '/etc/cron.d/dsa-buildd': - source => 'puppet:///modules/buildd/cron.d-dsa-buildd', - require => Package['debian.org'] - } - - if ($::kernel == 'Linux') { - package { 'python-psutil': - ensure => installed, + # 'bad' extension + file { '/etc/apt/preferences.d/buildd.debian.org': + ensure => absent, } - if ($::lsbmajdistrelease >= 8) { - file { '/usr/local/sbin/buildd-schroot-aptitude-kill': - source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill', - mode => '0555', + file { '/etc/apt/preferences.d/buildd': + ensure => absent, + } + file { '/etc/cron.d/dsa-buildd': + source => 'puppet:///modules/buildd/cron.d-dsa-buildd', + require => Package['debian.org'] + } + + if ($::kernel == 'Linux') { + package { 'python-psutil': + ensure => installed, + } + if ($::lsbmajdistrelease >= 8) { + file { '/usr/local/sbin/buildd-schroot-aptitude-kill': + source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill', + mode => '0555', + } + } else { + file { '/usr/local/sbin/buildd-schroot-aptitude-kill': + source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.wheezy', + mode => '0555', + } } } else { file { '/usr/local/sbin/buildd-schroot-aptitude-kill': - source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.wheezy', + source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.squeeze', mode => '0555', } } - } else { - file { '/usr/local/sbin/buildd-schroot-aptitude-kill': - source => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.squeeze', - mode => '0555', + file { '/etc/cron.d/puppet-buildd-aptitude': + content => "*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill\n", } - } - file { '/etc/cron.d/puppet-buildd-aptitude': - content => "*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill\n", - } - if $has_srv_buildd { - file { '/etc/cron.d/puppet-update-buildd-schroots': - content => "13 21 * * 0,3 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd\n", + if $has_srv_buildd { + file { '/etc/cron.d/puppet-update-buildd-schroots': + content => "13 21 * * 0,3 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd\n", + } } - } - file { '/home/buildd': - ensure => directory, - mode => '2755', - group => buildd, - owner => buildd, - } - file { '/home/buildd/build': - ensure => directory, - mode => '2750', - group => buildd, - owner => buildd, - } - file { '/home/buildd/logs': - ensure => directory, - mode => '2750', - group => buildd, - owner => buildd, - } - file { '/home/buildd/old-logs': - ensure => directory, - mode => '2750', - group => buildd, - owner => buildd, - } - file { '/home/buildd/upload-security': - ensure => directory, - mode => '2750', - group => buildd, - owner => buildd, - } - file { '/home/buildd/stats': - ensure => directory, - mode => '2755', - group => buildd, - owner => buildd, - } - file { '/home/buildd/stats/graphs': - ensure => directory, - mode => '2755', - group => buildd, - owner => buildd, - } - file { '/home/buildd/upload': - ensure => directory, - mode => '2755', - group => buildd, - owner => buildd, - } - file { '/home/buildd/.forward': - content => "|/usr/bin/buildd-mail\n", - group => buildd, - owner => buildd, - } - file { '/home/buildd/.gnupg': - ensure => directory, - mode => '700', - group => buildd, - owner => buildd, - } - file { '/home/buildd/.gnupg/gpg.conf': - content => "personal-digest-preferences SHA512\n", - group => buildd, - owner => buildd, - } + file { '/home/buildd': + ensure => directory, + mode => '2755', + group => buildd, + owner => buildd, + } + file { '/home/buildd/build': + ensure => directory, + mode => '2750', + group => buildd, + owner => buildd, + } + file { '/home/buildd/logs': + ensure => directory, + mode => '2750', + group => buildd, + owner => buildd, + } + file { '/home/buildd/old-logs': + ensure => directory, + mode => '2750', + group => buildd, + owner => buildd, + } + file { '/home/buildd/upload-security': + ensure => directory, + mode => '2750', + group => buildd, + owner => buildd, + } + file { '/home/buildd/stats': + ensure => directory, + mode => '2755', + group => buildd, + owner => buildd, + } + file { '/home/buildd/stats/graphs': + ensure => directory, + mode => '2755', + group => buildd, + owner => buildd, + } + file { '/home/buildd/upload': + ensure => directory, + mode => '2755', + group => buildd, + owner => buildd, + } + file { '/home/buildd/.forward': + content => "|/usr/bin/buildd-mail\n", + group => buildd, + owner => buildd, + } + file { '/home/buildd/.gnupg': + ensure => directory, + mode => '700', + group => buildd, + owner => buildd, + } + file { '/home/buildd/.gnupg/gpg.conf': + content => "personal-digest-preferences SHA512\n", + group => buildd, + owner => buildd, + } - if ! $::buildd_key { - exec { 'create-buildd-key': - command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'', - onlyif => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]' + if ! $::buildd_key { + exec { 'create-buildd-key': + command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'', + onlyif => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]' + } } - } - if $::buildd_user_exists { exec { 'add-buildd-user-to-sbuild': command => 'adduser buildd sbuild', onlyif => "getent group sbuild > /dev/null && ! getent group sbuild | grep '\\' > /dev/null"