Puppetizing crowd authentication into subversion

In my previous post I wrote about using pulp to host an RPM for a new puppet module. Now I need to write that module. First, a basic understanding of what I'm trying to accomplish. On my target server I want to use crowd to authenticate to a subversion repository. To accomplish this I need to do the following:

  • Install subversion
  • Install apache
  • Install Atlassian crowd apache connector (mod_authnz_crowd)

The first module will be straight forward, install a package for subversion. It will get more difficult after that because I plan on using the puppetlabs/apache module. I will either need to expand their module for mod_authnz_crowd support, or write around the httpd configuration files it manages.

I try to use the same directory template for all of my modules. It looks like this:

template/
|-- files
|-- lib
|-- manifests
|-- templates
`-- tests 

There is also a function in the puppet tool to create a new module using their standard, but I haven't had luck with it. I'm going to use my directory template to create a simple subversion module.

One of the things I find helpful is to document the goals of my modules before I write any code. In this case I have a general idea of what is required because I built a test system and configured everything on it. For subversion, I need to do the following (at least):

  • Install subversion
  • Create repository directory

Here is the code I wrote to do those things:

/etc/puppet/modules/subversion/manifests/init.pp

class subversion (
  $repository_dir       = '/var/www/svn',
  $package_name         = 'subversion',
  $svn_repo             = hiera('svn_repo'),

  ) {

    include subversion::install
    include subversion::repository


  }
class subversion::install {
  package {  "${subversion::package_name}":
    ensure => installed,
  }
}

The basic module works and accomplishes the goals listed above:

  • Install subversion
[root@burner ~]# rpm -qa | grep -i
subversion subversion-1.6.11-7.el6.x86_64
[root@burner ~]# 
  • Create repository directory
[root@burner ~]# ls -larh /var/www/svn/
total 8.0K
drwxr-xr-x. 3 root root 4.0K Mar 29 15:49 ..
drwxr-xr-x. 2 root root 4.0K Mar 29 15:49 .
[root@burner ~]#

But, it leaves a lot to be desired and some things to think about:

  • Aren't all the cool kids using hiera now?
  • There is a directory for repositories there, should I add repository creation to the module?
  • Should the subversion module be expanded to install apache?
    class {'apache::mod::mod_authnz_crowd': }
    
  • Or, should the apache module be expanded to install subversion?
    class {'subversion::mod_authnz_crowd': }
    
  • Or something completely different?