Debian 13

[evgeni]

No description provided.

[ekohl]

A thought for upgrades and not necessary for this PR: RPM will place this file back. Should we ensure it's empty instead?

[evgeni]

Or just deploy on Debian, where the package manager is actually sane and respects the choices of the admin ;)

[ehelms]

Or just put it all in a container /me ducks

[evgeni]

I don't like pulling in community.general here, but this is something we'd have to consider anyway.
In the Puppet installer, we run with apache::default_mods: false, which wipes all enabled modules and then we enable the ones we need.
We didn't port that detail over to foremanctl, and rely on the OS to enable those modules for us. But it also most probably enables things we do not want.

[ekohl]

We may also want to enable the event MPM in a similar way.

[stejskalleos]

I don't like pulling in community.general here, but this is something we'd have to consider anyway.

May I ask why it is bad to use community.general?

[evgeni]

Mostly because it's a dependency we don't yet have

[ekohl]

It also mentions compatibility:

This does not work on RedHat-based distributions. It does work on Debian- and SuSE-based distributions. Whether it works on others depend on whether the C(a2enmod) and C(a2dismod) tools are available or not.

So configuring Apache with Ansible is certainly worse than what we had with our Puppet module.

[evgeni]

I've split out the EL10 base of this PR into #393 so we can review that independently of the (heavier) Debian changes

[jakduch]

Hi @evgeni, great work on the Debian 13 support! I built on top of your branch and found a few things that could be improved. I created PR #427 targeting your debian branch with the following commits:

Bug fixes:

• Fix duplicate conf.d/ in foreman-vhost.conf.j2 — httpd_conf_path already contains conf.d (RedHat) / conf-enabled (Debian), so the extra conf.d/ segment in the IncludeOptional path on line 5 results in an invalid path. The SSL vhost was already correct.
• Fix spurious space in cleanup.yml line 4: {{ httpd_conf_path}} /05- should be {{ httpd_conf_path }}/05-

Debian adaptations:

• Make httpd IPA external auth OS-aware — use libapache2-mod-* packages and community.general.apache2_module (a2enmod/a2dismod) on Debian instead of manual LoadModule conf files
• Add OS-specific vars for hammer role (ruby-hammer-cli-* on Debian vs rubygem-hammer_cli_* on RedHat) and load them via include_vars
• Add Foreman repository setup for Debian in the development playbook (using theforeman.operations.foreman_repositories)
• Enable hammer deployment on Debian in CI (remove the centos-only condition)

Feel free to cherry-pick any of these commits directly into your branch, or merge #427 if you prefer. Happy to adjust anything!

[evgeni]

Thanks, I've picked up the bugfixes, will have a look at the enhancements later.

[bochi]

works very well, tested on Ubuntu 26 and Debian 13!

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch debian

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[evgeni]

Services are enabled by default on Debian, so this line doesn't trigger an "enable" action, and thus the "Add httpd to foreman.target" is never applied (as systemctl enable is where the symlinks are created for the targets). 😿