Allow to use the same domain multiple times with mod_md

When using mod_md to manage TLS certificates, a domain can only appear
once as a parameter of a MDomain configuration.

When a single node configue multiple Virtual Hosts to serve the same
website on different IP Addresses or on different ports, and we want to
use mod_md to manage the TLS certificate, the current code produce a
MDomain entry in each virtual host, leading to configuration error and
preventing apache from starting.

This commit rework how the MDomain setting is emitted, and ensure it is
only output once even if multiple Virtual Hosts configure the same
domain.

Author: smortex

manifests/vhost.pp

@@ -2239,7 +2239,6 @@
   $file_header_params = {
     'comment'               => $comment,
     'nvh_addr_port'         => $nvh_addr_port,
-    'mdomain'               => $mdomain,
     'servername'            => $servername,
     'define'                => $define,
     'protocols'             => $protocols,
@@ -2257,6 +2256,19 @@
     content => epp('apache/vhost/_file_header.epp', $file_header_params),
   }
 
+  if $mdomain {
+    # Multiple VHosts can configure the same domain on different ports.
+    # Apache will fail if multile MDomain directive are set, so ensure we define it only for the first virutal host of each domain.
+    ensure_resource('file', "${servername}-mod_md", {
+        ensure  => file,
+        path    => "${apache::confd_dir}/mdomain-${servername}.conf",
+        mode    => $apache::file_mode,
+        content => epp('apache/mdomain.epp', { mdomain => $mdomain, servername => $servername }),
+        require => File[$apache::confd_dir],
+        notify  => Class['apache::service'],
+    })
+  }
+
   if $docroot and $ensure == 'present' {
     if $virtual_docroot {
       include apache::mod::vhost_alias

spec/defines/vhost_spec.rb

@@ -966,7 +966,7 @@
           it { is_expected.to contain_class('apache::mod::md') }
 
           it {
-            expect(subject).to contain_concat__fragment('rspec.example.com-apache-header').with(
+            expect(subject).to contain_file('example.com-mod_md').with(
               content: %r{^MDomain example\.com example\.net auto$},
             )
           }
@@ -2166,7 +2166,7 @@
           end
 
           it {
-            expect(subject).to contain_concat__fragment('rspec.example.com-apache-header').with(
+            expect(subject).to contain_file('rspec.example.com-mod_md').with(
               content: %r{^MDomain rspec.example.com$},
             )
           }

templates/mdomain.epp

@@ -0,0 +1,11 @@
+<%- |
+  Variant[Boolean, String[1]] $mdomain,
+  String[1]                   $servername,
+| -%>
+<%- if $mdomain { -%>
+  <%- if $mdomain =~ String { -%>
+MDomain <%= $mdomain %>
+  <%-} else {-%>
+MDomain <%= $servername %>
+  <%- } -%>
+<% } -%>

templates/vhost/_file_header.epp

@@ -3,15 +3,6 @@
 # Managed by Puppet
 # ************************************
 <%= [$comment].flatten.map |$c| { "# ${c}" }.join("\n") -%>
-<%- if $mdomain { -%>
-
-  <%- if $mdomain =~ String { -%>
-
-MDomain <%= $mdomain %>
-  <%-} else {-%>
-MDomain <%= $servername %>
-  <%- } -%>
-<% } -%>
 
 <VirtualHost <%= [$nvh_addr_port].flatten().filter |$value| { $value }.join(' ') %>>
 <% $define.each | $k, $v| { -%>