Add support for mod_md

[smortex]

This PR add support for mod_md, a module for managing domains across virtual hosts and certificate provisioning via the ACME protocol.

What is implemented

Each of these points have been added as a separate commit for clarity:

• Add support for mod_watchdog — it's a dependency of mod_md;
• Add support for mod_md — enable the module and configure it;
• Connect mod_md with apache::vhost to make it usable;
• Add basic integration test when the module is enabled.

It brings full support for mod_md into the Apache module.

What is not supported

Support for the <MDomain> sections is not part of this PR. <MDomain> allows to override general configuration when requesting certificates from multiple providers. This use case is rather advanced so I guess support for it can be skipped as of today. Future contributors might be able to add support for this by allowing to pass an Enum to $apache::vhost::mdomain with all custom parameters.

Basic use-case

Lines marked with <<< are the one added to the basic configuration thanks to this module:

class { 'apache':
}

class { 'apache::mod::md':                        # <<<
  md_certificate_agreement => 'accepted',         # <<<
  md_contact_email         => '[email protected]', # <<<
}                                                 # <<<

apache::vhost { 'example.com':
  docroot => '/var/www/example.com',
  port    => 443,
  ssl     => true,
  mdomain => true,                                # <<<
}

[puppet-community-rangefinder]

apache::mod::watchdog is a class

that may have no external impact to Forge modules.

This module is declared in 174 of 575 indexed public Puppetfiles.

---

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (main@c3fc5a7). Click here to learn what that means.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2090   +/-   ##
=======================================
  Coverage        ?   57.40%           
=======================================
  Files           ?       12           
  Lines           ?      216           
  Branches        ?        0           
=======================================
  Hits            ?      124           
  Misses          ?       92           
  Partials        ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c3fc5a7...b082294. Read the comment docs.

[sanfrancrisko]

Thank you very much @smortex for this excellent enhancement. We really appreciate the atomic commits, test coverage and detail you've put in to the description 👍

I'd be happy to merge this as is, but I do wonder if you would be up for adding a basic acceptance test to ensure that the MOD installs OK on a platform? I was having a conversation with another contributor on their PR about this too.

Fully aware that trying to support Apache MODs on all versions of all Linux distros is somewhat of a nightmare (and even if it works now, it may not do so in a future release!).

We recently added functionality to limit the test execution to platforms we only wanted to support - you can read about that here.

If you wanted to identify the platform(s) you're interested in and add a basic acceptance test similar to what I did in TigerKriika#1, then it would allow us to catch any potential future regressions caused by a tweak in package name. This is a very common problem with Apache MODs between new versions of OSs.

Thanks again for the excellent contribution - will look forward to getting it over the line very soon. Give me a shout if I can be of any help regarding a basic acceptance test.

[igalic]

🙋🏻‍♀️

[smortex]

Thanks for suggesting adding some acceptance test @sanfrancrisko, it helped spot an issue that affected Debian 👍

I fixed this issue by amending the commit, and added the acceptance test as a new commit.

[igalic]

i was just looking at my own config and how i handle that stuff there, and I use apache::vhost::custom to generate the following:

MDomain igalic.co auto

<VirtualHost *:80>
  ServerName igalic.co
  DocumentRoot '/var/empty'
</VirtualHost>

<VirtualHost *:443>
  ServerName igalic.co
  DocumentRoot /srv/igalic.co/site
  SSLEngine On
</VirtualHost>

That being said:

[sanfrancrisko]

This looks good @smortex - thanks again. I'll leave it open for another 48 hours or so to give @igalic a chance to approve / confirm all her queries were addressed. I believe that is the case, but just want to be 100% sure.

[david22swan]

@smortex
This looks good to me and already has two approves on it so I'm gonna go ahead and merge.
Thanks for the work you put in :)