theforeman · evgeni · Sep 22, 2025 · Oct 16, 2025 · Sep 22, 2025 · Sep 23, 2025
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -49,9 +49,12 @@ jobs:
         box:
           - centos/stream9
           - centos/stream10
+          - debian/trixie64
         exclude:
           - certificate_source: installer
             box: centos/stream10
+          - certificate_source: installer
+            box: debian/trixie64
         include:
           - certificate_source: default
             security: fapolicyd
@@ -112,6 +115,7 @@ jobs:
         run: |
           ./foremanctl deploy --certificate-source=${{ matrix.certificate_source }} ${{ matrix.database == 'external' && '--database-mode=external --database-host=database.example.com' || '' }}  --foreman-initial-admin-password=changeme --tuning development
       - name: Add optional feature - hammer
+        if: contains(matrix.box, 'centos')
         run: |
           ./foremanctl deploy --add-feature hammer
       - name: Add optional feature - foreman-proxy

diff --git a/Vagrantfile b/Vagrantfile
@@ -1,5 +1,5 @@
 Vagrant.configure("2") do |config|
-  config.vm.synced_folder ".", "/vagrant"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
 
   config.vm.provision("etc_hosts", type: 'ansible') do |ansible|
     ansible.playbook = "development/playbooks/etc_host.yml"

diff --git a/development/playbooks/setup-repositories/setup-repositories.yaml b/development/playbooks/setup-repositories/setup-repositories.yaml
@@ -29,3 +29,9 @@
         chroot: rhel-10-x86_64
       when:
         - ansible_distribution_major_version == '10'
+
+    - name: Refresh package cache
+      ansible.builtin.package:
+        update_cache: true
+      when:
+        - ansible_os_family == 'Debian'
diff --git a/development/playbooks/test/test.yaml b/development/playbooks/test/test.yaml
@@ -8,6 +8,7 @@
       ansible.builtin.package:
         name:
           - nmap
+          - curl
 
 - name: Execute tests
   gather_facts: false

diff --git a/src/playbooks/pull-images/pull-images.yaml b/src/playbooks/pull-images/pull-images.yaml
@@ -13,6 +13,7 @@
       ansible.builtin.package:
         name:
           - podman
+          - netavark
 
     - name: Pull an image
       containers.podman.podman_image:

diff --git a/src/roles/httpd/defaults/main.yml b/src/roles/httpd/defaults/main.yml
@@ -7,6 +7,6 @@ httpd_pub_dir: /var/www/html/pub
 # External authentication configuration
 httpd_external_authentication: "{{ external_authentication | default(None) }}"
 httpd_ipa_manage_sssd: true
-httpd_ipa_keytab: /etc/httpd/conf/http.keytab
+httpd_ipa_keytab: "{{ httpd_etc_path }}/conf/http.keytab"
 httpd_ipa_pam_service: "{{ external_authentication_pam_service | default('foreman') }}"
 httpd_ipa_gssapi_local_name: true
diff --git a/src/roles/httpd/handlers/main.yml b/src/roles/httpd/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Restart httpd
   ansible.builtin.systemd:
-    name: httpd
+    name: "{{ httpd_service }}"
     state: restarted
 
 - name: Restart sssd

diff --git a/src/roles/httpd/tasks/external_auth/cleanup.yml b/src/roles/httpd/tasks/external_auth/cleanup.yml
@@ -1,7 +1,7 @@
 ---
 - name: Remove external authentication configuration
   ansible.builtin.file:
-    path: "/etc/httpd/conf.d/05-{{ item }}.d/external_auth.conf"
+    path: "{{ httpd_conf_path}} /05-{{ item }}.d/external_auth.conf"
     state: absent
   notify:
     - Restart httpd
@@ -11,7 +11,7 @@
 
 - name: Remove Apache module configuration files for IPA authentication
   ansible.builtin.file:
-    path: /etc/httpd/conf.modules.d/55-{{ item }}.conf
+    path: "{{ httpd_modules_path }}/55-{{ item }}.conf"
     state: absent
   loop:
     - authnz_pam

diff --git a/src/roles/httpd/tasks/external_auth/ipa.yml b/src/roles/httpd/tasks/external_auth/ipa.yml
@@ -10,13 +10,13 @@
 
 - name: Create directory for Apache module configuration
   ansible.builtin.file:
-    path: /etc/httpd/conf.modules.d
+    path: "{{ httpd_modules_path }}"
     state: directory
     mode: "0755"
 
 - name: Load Apache modules for IPA authentication
   ansible.builtin.copy:
-    dest: /etc/httpd/conf.modules.d/55-{{ item }}.conf
+    dest: "{{ httpd_modules_path }}/55-{{ item }}.conf"
     content: |
       LoadModule {{ item }}_module modules/mod_{{ item }}.so
     mode: "0644"
@@ -66,13 +66,13 @@
 - name: Set keytab file permissions
   ansible.builtin.file:
     path: "{{ httpd_ipa_keytab }}"
-    owner: apache
-    group: apache
+    owner: "{{ httpd_user }}"
+    group: "{{ httpd_group }}"
     mode: "0600"
 
 - name: Create directory for Apache configuration fragments
   ansible.builtin.file:
-    path: /etc/httpd/conf.d/05-{{ item }}.d
+    path: "{{ httpd_conf_path }}/05-{{ item }}.d"
     state: directory
     mode: "0755"
   loop:
@@ -82,7 +82,7 @@
 - name: Deploy external authentication configuration
   ansible.builtin.template:
     src: external_auth.conf.j2
-    dest: /etc/httpd/conf.d/05-{{ item }}.d/external_auth.conf
+    dest: "{{ httpd_conf_path }}/05-{{ item }}.d/external_auth.conf"
     mode: "0644"
   notify:
     - Restart httpd

diff --git a/src/roles/httpd/tasks/main.yml b/src/roles/httpd/tasks/main.yml
@@ -1,9 +1,10 @@
 ---
+- name: Set OS dependent variables
+  ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
+
 - name: Install Apache httpd
   ansible.builtin.package:
-    name:
-      - httpd
-      - mod_ssl
+    name: "{{ httpd_packages }}"
     state: present
 
 - name: Set httpd_can_network_connect so Apache can connect to Puma and Gunicorn
@@ -13,9 +14,14 @@
     persistent: true
   when: ansible_facts['selinux']['status'] == "enabled"
 
+- name: Enable required modules
+  community.general.apache2_module:
+    name: "{{ item }}"
+  loop: "{{ httpd_modules }}"
+
 - name: Disable welcome page
   ansible.builtin.file:
-    path: /etc/httpd/conf.d/welcome.conf
+    path: "{{ httpd_conf_path }}/welcome.conf"
     state: absent
 
 - name: Create cert directories
@@ -31,8 +37,8 @@
   ansible.builtin.file:
     path: "{{ httpd_pub_dir }}"
     state: directory
-    group: apache
-    owner: apache
+    group: "{{ httpd_group }}"
+    owner: "{{ httpd_user }}"
     mode: "0755"
 
 - name: Deploy certificates
@@ -69,15 +75,15 @@
 - name: Configure foreman vhost
   ansible.builtin.template:
     src: foreman-vhost.conf.j2
-    dest: /etc/httpd/conf.d/foreman.conf
+    dest: "{{ httpd_conf_path }}/foreman.conf"
     mode: "0644"
   notify:
     - Restart httpd
 
 - name: Configure foreman-ssl vhost
   ansible.builtin.template:
     src: foreman-ssl-vhost.conf.j2
-    dest: /etc/httpd/conf.d/foreman-ssl.conf
+    dest: "{{ httpd_conf_path }}/foreman-ssl.conf"
     mode: "0644"
   notify:
     - Restart httpd
@@ -87,6 +93,6 @@
 
 - name: Start Apache httpd
   ansible.builtin.service:
-    name: httpd
+    name: "{{ httpd_service }}"
     state: started
     enabled: true
diff --git a/src/roles/httpd/tasks/sssd.yml b/src/roles/httpd/tasks/sssd.yml
@@ -39,7 +39,7 @@
     path: /etc/sssd/sssd.conf
     section: ifp
     option: allowed_uids
-    value: "root, apache"
+    value: "root, {{ httpd_user }}"
     mode: "0600"
   notify:
     - Restart sssd

diff --git a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2
@@ -2,12 +2,12 @@
   ServerName {{ ansible_facts['fqdn'] }}
 
   ## Load additional static includes
-  IncludeOptional "/etc/httpd/conf.d/05-foreman-ssl.d/*.conf"
+  IncludeOptional "{{ httpd_conf_path }}/05-foreman-ssl.d/*.conf"
 
   ## Logging
-  ErrorLog "/var/log/httpd/foreman-ssl_error_ssl.log"
+  ErrorLog "{{ httpd_log_path }}/foreman-ssl_error_ssl.log"
   ServerSignature Off
-  CustomLog "/var/log/httpd/foreman-ssl_access_ssl.log" combined
+  CustomLog "{{ httpd_log_path }}/foreman-ssl_access_ssl.log" combined
 
   ## Request header rules
   ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader

diff --git a/src/roles/httpd/templates/foreman-vhost.conf.j2 b/src/roles/httpd/templates/foreman-vhost.conf.j2
@@ -2,12 +2,12 @@
   ServerName {{ ansible_facts['fqdn'] }}
 
   ## Load additional static includes
-  IncludeOptional "/etc/httpd/conf.d/05-foreman.d/*.conf"
+  IncludeOptional "{{ httpd_conf_path }}/conf.d/05-foreman.d/*.conf"
 
   ## Logging
-  ErrorLog "/var/log/httpd/foreman_error.log"
+  ErrorLog "{{ httpd_log_path }}/foreman_error.log"
   ServerSignature Off
-  CustomLog "/var/log/httpd/foreman_access.log" combined
+  CustomLog "{{ httpd_log_path }}/foreman_access.log" combined
 
   ## Request header rules
   ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader

diff --git a/src/roles/httpd/vars/Debian.yaml b/src/roles/httpd/vars/Debian.yaml
@@ -0,0 +1,15 @@
+---
+httpd_packages:
+  - apache2
+httpd_etc_path: /etc/apache2
+httpd_conf_path: "{{ httpd_etc_path }}/conf-enabled"
+httpd_modules_path: "{{ httpd_etc_path }}/mods-enabled"
+httpd_service: apache2
+httpd_log_path: /var/log/apache2
+httpd_user: www-data
+httpd_group: www-data
+httpd_modules:
+  - ssl
+  - headers
+  - proxy
+  - proxy_http
diff --git a/src/roles/httpd/vars/RedHat.yaml b/src/roles/httpd/vars/RedHat.yaml
@@ -0,0 +1,12 @@
+---
+httpd_packages:
+  - httpd
+  - mod_ssl
+httpd_etc_path: /etc/httpd
+httpd_conf_path: "{{ httpd_etc_path }}/conf.d"
+httpd_modules_path: "{{ httpd_etc_path }}/conf.modules.d"
+httpd_service: httpd
+httpd_log_path: /var/log/httpd
+httpd_user: apache
+httpd_group: apache
+httpd_modules: []
diff --git a/src/roles/pre_install/tasks/main.yaml b/src/roles/pre_install/tasks/main.yaml
@@ -7,12 +7,13 @@
   ansible.builtin.package:
     name:
       - podman
+      - netavark
 
 - name: Install other dependencies
   ansible.builtin.package:
     name:
       - bash-completion
       - python3-cryptography
-      - python3-libsemanage
+      - "{{ 'python3-semanage' if ansible_facts['os_family'] == 'Debian' else 'python3-libsemanage' }}"
       - python3-psycopg2
       - python3-requests
diff --git a/tests/foreman_compute_resources_test.py b/tests/foreman_compute_resources_test.py
@@ -5,6 +5,8 @@
 
 @pytest.mark.parametrize("compute_resource", ['AzureRm', 'EC2', 'GCE', 'Libvirt', 'Openstack', 'Vmware'])
 def test_foreman_compute_resources(server, compute_resource):
+    if server.system_info.distribution == 'debian':
+        pytest.xfail('Hammer is not properly set up on Debian yet')
     hammer = server.run("hammer compute-resource create --help | grep provider")
     assert hammer.succeeded
     assert compute_resource in hammer.stdout
diff --git a/tests/hammer_test.py b/tests/hammer_test.py
@@ -1,7 +1,14 @@
+import pytest
+
+
 def test_hammer_ping(server):
+    if server.system_info.distribution == 'debian':
+        pytest.xfail('Hammer is not properly set up on Debian yet')
     hammer = server.run("hammer ping")
     assert hammer.succeeded
 
 def test_hammer_organizations_list(server):
+    if server.system_info.distribution == 'debian':
+        pytest.xfail('Hammer is not properly set up on Debian yet')
     hammer = server.run("hammer organization list")
     assert hammer.succeeded
diff --git a/tests/httpd_test.py b/tests/httpd_test.py
@@ -5,7 +5,11 @@
 CURL_CMD = "curl --silent --output /dev/null"
 
 def test_httpd_service(server):
-    httpd = server.service("httpd")
+    if server.system_info.distribution == 'debian':
+        service_name = 'apache2'
+    else:
+        service_name = 'httpd'
+    httpd = server.service(service_name)
     assert httpd.is_running
     assert httpd.is_enabled
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ @@
           ansible.builtin.package:
             name:
               - nmap
+              - curl
     - name: Execute tests
       gather_facts: false
@@ Expand Down @@