Bump ansible-core controller minimum to Python 3.8 #72668
Comments
ansibot
added
affects_2.11
feature
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
o/ Would this also make 3.8 a requirement for plugins that run on the controller as well ? I'm thinking of things like action and callback plugins. |
Yes. |
jborean93
removed
the
needs_triage
|
bot_skip |
sivel
removed
needs_info
|
So, from the angle of Fedora packages, this matters not at all to Fedora packaging. All active Fedora versions will be at least on 3.8 by the time this lands. However, EPEL is another story. ;( Right now epel7 and epel8 are using python-3.6. which is rhel7/8. Moving to 3.8 will break/cause both those to drop off. Is there any thought to sticking with 3.6? What features are required to baseline at 3.8? |
|
Lots of feedback on this in Reddit https://www.reddit.com/r/ansible/comments/jxsc1x/rfc_python_38_for_ansible_controller_criteria_for/ |
|
@nirik RHEL8 has Python 3.8 and RHEL7 will probably only have Ansible Core 2.11 max. One of the deps will be libssh which is only packaged for RHEL8, for example. |
|
I am not familiar enough with python on windows and mac (if someone finds the info, I can add it to the table) but I went through the exercise of looking at the python versions that are shipped and available in a limited amount of relatively modern Linux distros:
Sources for the table:
In addition, data from pypistats.org shows that 2.7 is the most popular python version with 3.6 a distant second:
With that in mind, bumping the minimum version to 3.8 means that it would no longer be possible to install the latest version of ansible on RHEL7/Centos7 as well as any version of Debian -- Debian 11 "bullseye" will ship with 3.8 in 2021. Although we can argue that alternatives exist (i.e, using an up-to-date distro as controller node, installing other python interpreters, running from a container, etc.), the result is that it will make Ansible harder and more complicated to run for a large amount of our users. Would bumping the minimum to 3.6 be a good compromise for the time being ? It is still widely supported, available in all the distributions I've looked at and so would have less of an impact on the users. |
|
@webknjaz A supported Python-3.8 can be installed on RHEL8 but that's not really the same thing as being shipped with RHEL8. RHEL8's python stack is built for Python-3.6. The other python interpreters which you can install don't have full stack support. Certain C-library bindings and python modules are only built for and supported on Python-3.6. |
|
We are planning on dropping EL7, so that's not an issue. Ubuntu 18.04 does have py3.8. Also, we have no plans of using 3.6. We might be swayed to use 3.7 as a minimum. But as of now, we have done the same research you have, and have still concluded we will set 3.8 as the minimum. |
|
o/ @sivel
Thanks, you're right -- I've updated the table.
Do you know what that would look like in practice ? Would there be some sort of LTS release that would last until then ?
This issue doesn't mention the research or the requirements that makes us settle on 3.8. Is that information available somewhere we can refer people to ? |
At the moment Ansible 2.9 will be supported until 2023. |
|
@dmsimard we don't care about windows because it's never been supported on the controller. But JFYI they usually install Python from the official website or "app store". @abadger it sounds like 3.6 based bindings will be solved by calling the system python as a subprocess... |
|
Not a major deal, but note for rhel/centos7: The chart has python 3.6 as "available (epel)" and it was, until rhel 7.6 was released. python 3.6 was shipped in rhel 7.6, so it should be supported until 7 is eol I would think.
So, is there an expectation that collections should work with all ansible-base/engine/core version?
RHEL7 eol is June 30, 2024 it looks like. |
You're right, I forgot about that late python3 addition in the dot release.. fixed it.
Collections have the ability to set supported versions of ansible in their |
That may differ per collection depending on their maintainers but the mechanism in Core is in place for a while. My understanding is that collections may even have their own LTS and support matrix for a few Ansible versions back. |
Unfortunately this field is only read by ansible-base 2.10+, so if an Ansible 2.9 user is trying to use a collection that's not supported on 2.9, they will find out because something does not work, and potentially report a bug if they didn't read the documentation. |
|
Yes, it may create minor inconveniences but I don't think that it's a major roadblock because the users will still be able to run things that support their Ansible, even if they may have to figure out which collection versions have that. Also, if that'll actually prove to be annoying we could raise a question about backporting this (although, it'll need a lot of negotiations/approvals if it'll ever come to actually doing this). |
|
for openSuse the version of python-3 is 3.6.10 |
|
Seems likely to make life more difficult for anyone using ansible-pull instead of the controller method of using ansible. |
|
I think by the time people will actually want to use Ansible 2.12, those distros will bump their Python versions. Until that, they can keep using the supported Ansible version of 2.9 (which works with the content with collections just fine — actually, I think, Ansible 2.8 also works with collections). |
|
Major distros rarely if ever bump their supported versions of It would be easier to understand the reasons behind this, if they are publicly communicated - especially since you did the analysis already outlined here and yet decided to go ahead anyways. Why? Another point by the way: It is rare but not impossible to run Ansible through |
This is why ansible-core will target envs like RHEL 8+.
People don't seem to realize that you don't really need to use the latest ansible-core anymore. At least, it's not as vital now that the content is in the collections and the bottleneck will be what collections support, not the engine. And there's mechanisms to support collections in older versions of Ansible that support all of the cases you've described.
This sounds wrong: in Ansible release versions, a combination of the first two numeric version parts is considered a major release (2.8, 2.9, 2.10, 2.11 are all major releases).
They will still be supported, you'll just use Ansible 2.9 — it's not going EOL immediately.
I doubt you'll get any visible performance gain: PyPy relies on JIT that is mostly useful for long-running processes. You'd still hit bottlenecks with the networking I/O and the remote code execution that spawns a new process for each task. |
Is there a list of officially supported Linux distributions (for controllers and target hosts) out there? I could not really find one.
As there is no separate collection for
Ah well, seems like SemVer is only planned, not yet in effect (https://twitter.com/ansible/status/1329786737695092740). Also apparently only for
I'm not using 2.9 already, so downgrading is not really an attractive option. As 2.11 is already threatened to not get released on pypi for >=3.5 but only >=3.8 and that's going to happen in less than 6 months (hopefully), I don't see how CPython usage will shift significantly by then. I'm just wondering why this (imho reasonable) policy has been suddenly changed without any public discussion or input:
I also would understand the argument "
Have you actually benchmarked this? For a playbook that did 0 network calls (just assertions on host variables and inventory contents like "hosts named |
For Ansible < 3 and ansible-base/ansible-core, 2.x is a major release. Right now, only Ansible >= 3 will use semantic versioning. The 3.0.0 release will follow the Ansible 2.10.x line, which is ansible-base 2.10 + collections. Ansible 3.y.z will also be ansible-base 2.10.x + collections, and Ansible 4.y.z will be ansible-base 2.11.x + collections. (More about this at https://hackmd.io/y7BBcweNR3aRVLuMbKkDxw for more details). It might be helpful for this discussion to avoid using the name "Ansible" for ansible-base / ansible-core. That only makes it more confusing. |
Mostly envs that run in CI can also be considered supported.
I think this is something to be raised separately, maybe with the community team, to see if it's possible to extract this content.
No. This is not something that anybody even brought up AFAIK.
This is a corner case that may get a bit faster, yes. But I don't think that it's a primary use-case.
I believe we've absorbed all the improvements we could from mitogen. There are things that are not possible to migrate into ansible-core because they would break corner-cases other people rely on. If you didn't hit those cases it doesn't mean that others won't. So no, it's not a design flaw at all — it's rather a mitogen's downside that it breaks some things (even though it doesn't affect everyone).
We've never tested against PyPy, nor declared compatibility. So calling it a breaking change is wrong. Only tested envs are truly supported. You cannot say something is a regression when we never said that it'd work in the first place.
True, I'll edit the topic to mention ansible-core. |
webknjaz
changed the title
This would be a core team decision to make. It makes sense to me that you'd want to maintain it separately (but use dependencies to require both are installed... Not strictly version locked, though). If you also want to stop maintaining those plugins, you'd probably want to talk to the content team about them taking over |
|
Since the name |
|
Late for the party, but want to add an important comment:
While this is true, it lacks non-pip-installable modules, such as python3-firewalld, which makes the firewalld module impossible to use. Same applies to python3-dnf, but I guess Ansible is working around it. |
|
@dtantsur ansible-core 2.12 can happily run modules even on Python 2.6, it just needs 3.8+ on the target side. (Also some modules, such as dnf and apt, now have some code to try other Python interpreters automatically to find one which supports the required libraries.) |
|
Didn't realize this issue was still open. This has already been implemented, and ansible-core 2.12 has already been released. |
SUMMARY
Testing and supporting older Pythons for the Ansible controller has an ever-increasing cost, especially as new Python releases are now coming yearly. With the sunset of Python 2.7, and in light of our current feature roadmap, we've set Python 3.8 as the minimum supported controller Python version for Ansible 2.11 and the release to follow it. To be clear: this does not affect the supported minimum Python version on remote targets (which will remain at Python 2.6 for the foreseeable future).
The Python 3.8 requirement for Ansible 2.11 will be "soft", in that breaking code changes that require Python 3.8 will not be made, but testing of older controller Python versions will stop during the 2.11 development cycle, and official Ansible packages will only be released for Python >= 3.8 (possibly including PyPI
python_requiresmetadata, still TBD). The Ansible 2.12 controller will introduce code changes that will actively break compatibility with older Python versions.The change will occur in a few phases:
develbranch) warning on Python < 3.8 (complete: Emit warning when running on the controller with a Python older than 3.8 #72467)python_requiresmetadata update (TBD, if done, this would require passing--ignore-requires-pythontopipto install on unsupported Python versions)develcode changes that use Python 3.8 featuresAdditionally, there are related projects during 2.11 to maintain compatibility with controller-run modules like
yum,dnfand selinux-aware modules that rely on OS-provided libraries likelibselinux-python. The result will be that these modules will transparently run under the system Python version.ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
The text was updated successfully, but these errors were encountered: