Ansible 2.10 Porting Guide

This section discusses the behavioral changes between Ansible 2.9 and Ansible 2.10.

It is intended to assist in updating your playbooks, plugins and other parts of your Ansible infrastructure so they will work with this version of Ansible.

We suggest you read this page along with Ansible Changelog for 2.10 to understand what updates you may need to make.

This document is part of a collection on porting. The complete list of porting guides can be found at porting guides.

Topics

• Ansible 2.10 Porting Guide
  • Playbook
  • Command Line
  • Deprecated
  • Modules
    • Modules removed
    • Deprecation notices
    • Noteworthy module changes
  • Plugins
    • Lookup plugin names case-sensitivity
    • Noteworthy plugin changes
  • Porting custom scripts
  • Networking

Playbook

No notable changes

Command Line

No notable changes

Deprecated

• Windows Server 2008 and 2008 R2 will no longer be supported or tested in the next Ansible release, see Are Server 2008, 2008 R2 and Windows 7 supported?.
• The win_stat module has removed the deprecated get_md55 option and md5 return value.
• The win_psexec module has removed the deprecated extra_opts option.

Modules

Modules removed

The following modules no longer exist:

• letsencrypt use acme_certificate instead.

Deprecation notices

The following modules will be removed in Ansible 2.14. Please update your playbooks accordingly.

• ldap_attr use ldap_attrs instead.
• vyos_static_route use vyos_static_routes instead.

The following functionality will be removed in Ansible 2.14. Please update update your playbooks accordingly.

• The openssl_csr module’s option version no longer supports values other than 1 (the current only standardized CSR version).
• docker_container: the trust_image_content option will be removed. It has always been ignored by the module.
• iam_managed_policy: the fail_on_delete option will be removed. It has always been ignored by the module.
• s3_lifecycle: the requester_pays option will be removed. It has always been ignored by the module.
• s3_sync: the retries option will be removed. It has always been ignored by the module.
• The return values err and out of docker_stack have been deprecated. Use stdout and stderr from now on instead.
• cloudformation: the template_format option will be removed. It has been ignored by the module since Ansible 2.3.
• data_pipeline: the version option will be removed. It has always been ignored by the module.
• ec2_eip: the wait_timeout option will be removed. It has had no effect since Ansible 2.3.
• ec2_key: the wait option will be removed. It has had no effect since Ansible 2.5.
• ec2_key: the wait_timeout option will be removed. It has had no effect since Ansible 2.5.
• ec2_lc: the associate_public_ip_address option will be removed. It has always been ignored by the module.
• ec2_tag: Support for list as a state has been deprecated. The ec2_tag_info can be used to fetch the tags on an EC2 resource.
• iam_policy: the policy_document option will be removed. To maintain the existing behavior use the policy_json option and read the file with the lookup plugin.
• redfish_config: the bios_attribute_name and bios_attribute_value options will be removed. To maintain the existing behavior use the bios_attributes option instead.
• clc_aa_policy: the wait parameter will be removed. It has always been ignored by the module.
• redfish_config, redfish_command: the behavior to select the first System, Manager, or Chassis resource to modify when multiple are present will be removed. Use the new resource_id option to specify target resource to modify.
• win_domain_controller: the log_path option will be removed. This was undocumented and only related to debugging information for module development.
• win_package: the username and password options will be removed. The same functionality can be done by using become: yes and become_flags: logon_type=new_credentials logon_flags=netcredentials_only on the task.
• win_package: the ensure alias for the state option will be removed. Please use state instead of ensure.
• win_package: the productid alias for the product_id option will be removed. Please use product_id instead of productid.

The following functionality will change in Ansible 2.14. Please update update your playbooks accordingly.

• The docker_container module has a new option, container_default_behavior, whose default value will change from compatibility to no_defaults. Set to an explicit value to avoid deprecation warnings.
• The docker_container module’s network_mode option will be set by default to the name of the first network in networks if at least one network is given and networks_cli_compatible is true (will be default from Ansible 2.12 on). Set to an explicit value to avoid deprecation warnings if you specify networks and set networks_cli_compatible to true. The current default (not specifying it) is equivalent to the value default.
• ec2: the group and group_id options will become mutually exclusive. Currently group_id is ignored if you pass both.
• iam_policy: the default value for the skip_duplicates option will change from true to false. To maintain the existing behavior explicitly set it to true.
• iam_role: the purge_policies option (also know as purge_policy) default value will change from true to false
• elb_network_lb: the default behaviour for the state option will change from absent to present. To maintain the existing behavior explicitly set state to absent.
• vmware_tag_info: the module will not return tag_facts since it does not return multiple tags with the same name and different category id. To maintain the existing behavior use tag_info which is a list of tag metadata.

The following modules will be removed in Ansible 2.14. Please update your playbooks accordingly.

• vmware_dns_config use vmware_host_dns instead.

Noteworthy module changes

• The datacenter option has been removed from vmware_guest_find
• The options ip_address and subnet_mask have been removed from vmware_vmkernel; use the suboptions ip_address and subnet_mask of the network option instead.
• Ansible modules created with add_file_common_args=True added a number of undocumented arguments which were mostly there to ease implementing certain action plugins. The undocumented arguments src, follow, force, content, backup, remote_src, regexp, delimiter, and directory_mode are now no longer added. Modules relying on these options to be added need to specify them by themselves.
• The AWSRetry decorator no longer catches NotFound exceptions by default. NotFound exceptions need to be explicitly added using catch_extra_error_codes. Some AWS modules may see an increase in transient failures due to AWS’s eventual consistency model.
• vmware_datastore_maintenancemode now returns datastore_status instead of Ansible internal key results.
• vmware_host_kernel_manager now returns host_kernel_status instead of Ansible internal key results.
• vmware_host_ntp now returns host_ntp_status instead of Ansible internal key results.
• vmware_host_service_manager now returns host_service_status instead of Ansible internal key results.
• vmware_tag now returns tag_status instead of Ansible internal key results.
• The deprecated recurse option in pacman module has been removed, you should use extra_args=--recursive instead.
• vmware_guest_custom_attributes module does not require VM name which was a required parameter for releases prior to Ansible 2.10.
• zabbix_action no longer requires esc_period and event_source arguments when state=absent.
• zabbix_proxy deprecates interface sub-options type and main when proxy type is set to passive via status=passive. Make sure these suboptions are removed from your playbook as they were never supported by Zabbix in the first place.
• gitlab_user no longer requires name, email and password arguments when state=absent.
• win_pester no longer runs all *.ps1 file in the directory specified due to it executing potentially unknown scripts. It will follow the default behaviour of only running tests for files that are like *.tests.ps1 which is built into Pester itself

• win_find has been refactored to better match the behaviour of the find module. Here is what has changed:

  • When the directory specified by paths does not exist or is a file, it will no longer fail and will just warn the user
  • Junction points are no longer reported as islnk, use isjunction to properly report these files. This behaviour matches the win_stat
  • Directories no longer return a size, this matches the stat and find behaviour and has been removed due to the difficulties in correctly reporting the size of a directory

• docker_container no longer passes information on non-anonymous volumes or binds as Volumes to the Docker daemon. This increases compatibility with the docker CLI program. Note that if you specify volumes: strict in comparisons, this could cause existing containers created with docker_container from Ansible 2.9 or earlier to restart.
• docker_container’s support for port ranges was adjusted to be more compatible to the docker command line utility: a one-port container range combined with a multiple-port host range will no longer result in only the first host port be used, but the whole range being passed to Docker so that a free port in that range will be used.
• purefb_fs no longer supports the deprecated nfs option. This has been superceeded by nfsv3.
• nxos_igmp_interface no longer supports the deprecated oif_prefix and oif_source options. These have been superceeded by oif_ps.
• aws_s3 can now delete versioned buckets even when they are not empty - set mode to delete to delete a versioned bucket and everything in it.
• The parameter message in grafana_dashboard module is renamed to commit_message since message is used by Ansible Core engine internally.
• The parameter message in datadog_monitor module is renamed to notification_message since message is used by Ansible Core engine internally.
• The parameter message in bigpanda module is renamed to deployment_message since message is used by Ansible Core engine internally.

Plugins

Lookup plugin names case-sensitivity

• Prior to Ansible 2.10 lookup plugin names passed in as an argument to the lookup() function were treated as case-insensitive as opposed to lookups invoked via with_<lookup_name>. 2.10 brings consistency to lookup() and with_ to be both case-sensitive.

Noteworthy plugin changes

• The hashi_vault lookup plugin now returns the latest version when using the KV v2 secrets engine. Previously, it returned all versions of the secret which required additional steps to extract and filter the desired version.
• Some undocumented arguments from FILE_COMMON_ARGUMENTS have been removed; plugins using these, in particular action plugins, need to be adjusted. The undocumented arguments which were removed are src, follow, force, content, backup, remote_src, regexp, delimiter, and directory_mode.

Porting custom scripts

No notable changes

Networking

No notable changes