Ansible 7 Porting Guide

Ansible 7 is based on Ansible-core 2.14.

We suggest you read this page along with the Ansible 7 Changelog to understand what updates you may need to make.

Playbook

  • Variables are now evaluated lazily; only when they are actually used. For example, in ansible-core 2.14 an expression {{ defined_variable or undefined_variable }} does not fail on undefined_variable if the first part of or is evaluated to True as it is not needed to evaluate the second part. One particular case of a change in behavior to note is the task below which uses the undefined test. Prior to version 2.14 this would result in a fatal error trying to access the undefined value in the dictionary. In 2.14 the assertion passes as the dictionary is evaluated as undefined through one of its undefined values:

- assert:
    that:
      - some_defined_dict_with_undefined_values is undefined
  vars:
    dict_value: 1
    some_defined_dict_with_undefined_values:
      key1: value1
      key2: '{{ dict_value }}'
      key3: '{{ undefined_dict_value }}'

Command Line

  • Python 3.9 on the controller node is a hard requirement for this release.

  • At startup the filesystem encoding and locale are checked to verify they are UTF-8. If not, the process exits with an error reporting the errant encoding. If you were previously using the C or POSIX locale, you may be able to use C.UTF-8. If you were previously using a locale such as en_US.ISO-8859-1, you may be able to use en_US.UTF-8. For simplicity it may be easiest to export the appropriate locale using the LC_ALL environment variable. An alternative to modifying your system locale is to run Python in UTF-8 mode; See the Python documentation for more information.

Deprecated

No notable changes

Modules

No notable changes

Modules removed

The following modules no longer exist:

  • No notable changes

Deprecation notices

No notable changes

Noteworthy module changes

No notable changes

Plugins

No notable changes

Porting custom scripts

No notable changes

Networking

No notable changes

Porting Guide for v7.4.0

Breaking Changes

Ansible-core

  • ansible-test - Integration tests which depend on specific file permissions when running in an ansible-test managed host environment may require changes. Tests that require permissions other than 755 or 644 may need to be updated to set the necessary permissions as part of the test run.

Major Changes

community.hrobot

community.vmware

fortinet.fortios

  • Add annotations of member operation for every module.

  • Update fortios.py for higher performance;

  • supports temporary session key and pre/post login banner;

  • update the examples on how to use member operation in Q&A.

purestorage.fusion

  • Patching of resource properties was brought to parity with underlying Python SDK, meaning the collection can create/update/delete all resource properties the SDK can

  • fusion_volume - fixed and reorganized, arguments changed

Deprecated Features

amazon.aws

  • support for passing both profile and security tokens through a mix of environment variables and parameters has been deprecated and support will be removed in release 6.0.0. After release 6.0.0 it will only be possible to pass either a profile or security tokens, regardless of mechanism used to pass them. To explicitly block a parameter coming from an environment variable pass an empty string as the parameter value. Support for passing profile and security tokens together was originally deprecated in release 1.2.0, however only partially implemented in release 5.0.0 (https://github.com/ansible-collections/amazon.aws/pull/1355).

community.aws

community.hashi_vault

purestorage.fusion

  • fusion_hw - hardware module is being removed as changing hardware type has never been supported by Pure Storage Fusion

  • fusion_info - nigs subset is deprecated in favor of network_interface_groups and will be removed in the version 1.7.0 (https://github.com/Pure-Storage-Ansible/Fusion-Collection/pull/46).

  • fusion_info - placements subset is deprecated in favor of placement_groups and will be removed in the version 1.7.0 (https://github.com/Pure-Storage-Ansible/Fusion-Collection/pull/62).

  • fusion_pg - placement_engine option is deprecated because Fusion API does not longer support this parameter It will be removed in the version 2.0.0 (https://github.com/Pure-Storage-Ansible/Fusion-Collection/pull/53).

  • fusion_se - parameters “addresses”, “gateway” and “network_interface_groups” are deprecated in favor of “iscsi” and will be removed in version 2.0.0

  • fusion_tn - tenant networks are being replaced by storage endpoints `fusion_se` and Network Interface Groups `fusion_nig`

Porting Guide for v7.3.0

Breaking Changes

hetzner.hcloud

  • inventory plugin - Python v3.5+ is now required.

Major Changes

kubernetes.core

Deprecated Features

community.general

Porting Guide for v7.2.0

Added Collections

  • dellemc.powerflex (version 1.5.0)

  • dellemc.unity (version 1.5.0)

Known Issues

Ansible-core

  • ansible-test - Additional configuration may be required for certain container host and container combinations. Further details are available in the testing documentation.

  • ansible-test - Custom containers with VOLUME instructions may be unable to start, when previously the containers started correctly. Remove the VOLUME instructions to resolve the issue. Containers with this condition will cause ansible-test to emit a warning.

  • ansible-test - Systems with Podman networking issues may be unable to run containers, when previously the issue went unreported. Correct the networking issues to continue using ansible-test with Podman.

  • ansible-test - Using Docker on systems with SELinux may require setting SELinux to permissive mode. Podman should work with SELinux in enforcing mode.

cisco.meraki

  • meraki_network - Updated documentation for local_status_page_enabled and remote_status_page_enabled as these no longer work.

Breaking Changes

community.general

  • ModuleHelper module utils - when the module sets output variables named msg, exception, output, vars, or changed, the actual output will prefix those names with _ (underscore symbol) only when they clash with output variables generated by ModuleHelper itself, which only occurs when handling exceptions. Please note that this breaking change does not require a new major release since before this release, it was not possible to add such variables to the output due to a bug (https://github.com/ansible-collections/community.general/pull/5765).

Major Changes

Ansible-core

  • ansible-test - Docker Desktop on WSL2 is now supported (additional configuration required).

  • ansible-test - Docker and Podman are now supported on hosts with cgroup v2 unified. Previously only cgroup v1 and cgroup v2 hybrid were supported.

  • ansible-test - Podman now works on container hosts without systemd. Previously only some containers worked, while others required rootfull or rootless Podman, but would not work with both. Some containers did not work at all.

  • ansible-test - Podman on WSL2 is now supported.

  • ansible-test - When additional cgroup setup is required on the container host, this will be automatically detected. Instructions on how to configure the host will be provided in the error message shown.

ansible.windows

  • Set the minimum Ansible version supported by this collection to Ansible 2.12

chocolatey.chocolatey

  • win_chocolatey - Allow users to select the TLS versions used for bootstrapping Chocolatey installation.

Deprecated Features

chocolatey.chocolatey

  • win_chocolatey - Deprecate side-by-side installs.

cisco.ios

  • ios_bgp_address_family - deprecate neighbors.address/tag/ipv6_adddress with neighbor_address which enables common attributes for facts rendering

  • ios_bgp_address_family - deprecate neighbors.password with password_options which allows encryption and password

  • ios_bgp_address_family - deprecate slow_peer with slow_peer_options which supports a dict attribute

community.dns

community.general

community.hashi_vault

Porting Guide for v7.1.0

Added Collections

  • grafana.grafana (version 1.1.0)

Known Issues

community.routeros

  • api_modify - when limits for entries in queue tree are defined as human readable - for example 25M -, the configuration will be correctly set in ROS, but the module will indicate the item is changed on every run even when there was no change done. This is caused by the ROS API which returns the number in bytes - for example 25000000 (which is inconsistent with the CLI behavior). In order to mitigate that, the limits have to be defined in bytes (those will still appear as human readable in the ROS CLI) (https://github.com/ansible-collections/community.routeros/pull/131).

  • api_modify, api_info - routing ospf area, routing ospf area range, routing ospf instance, routing ospf interface-template paths are not fully implemeted for ROS6 due to the significat changes between ROS6 and ROS7 (https://github.com/ansible-collections/community.routeros/pull/131).

Major Changes

cisco.meraki

  • meraki_mr_l7_firewall - New module

  • meraki_webhook_payload_template - New module

community.zabbix

  • all modules are opting away from zabbix-api and using httpapi ansible.netcommon plugin. We will support zabbix-api for backwards compatibility until next major release. See our README.md for more information about how to migrate

  • zabbix_agent and zabbix_proxy roles are opting away from zabbix-api and use httpapi ansible.netcommon plugin. We will support zabbix-api for backwards compatibility until next major release. See our README.md for more information about how to migrate

containers.podman

  • New become plugin - podman_unshare

  • Podman generate systemd module

fortinet.fortios

  • Support FortiOS v7.0.6, v7.0.7, v7.0.8, v7.2.1, v7.2.2.

Deprecated Features

community.general

  • The sap modules sapcar_extract, sap_task_list_execute, and hana_query, will be removed from this collection in community.general 7.0.0 and replaced with redirects to community.sap_libs. If you want to continue using these modules, make sure to also install community.sap_libs (it is part of the Ansible package) (https://github.com/ansible-collections/community.general/pull/5614).

Porting Guide for v7.0.0

Added Collections

  • ibm.spectrum_virtualize (version 1.10.0)

  • inspur.ispim (version 1.2.0)

  • lowlydba.sqlserver (version 1.0.4)

  • purestorage.fusion (version 1.1.1)

  • vultr.cloud (version 1.3.1)

Known Issues

community.routeros

  • The community.routeros.command module claims to support check mode. Since it cannot judge whether the commands executed modify state or not, this behavior is incorrect. Since this potentially breaks existing playbooks, we will not change this behavior until community.routeros 3.0.0.

dellemc.openmanage

  • idrac_user - Issue(192043) The module may error out with the message unable to perform the import or export operation because there are pending attribute changes or a configuration job is in progress. Wait for the job to complete and run the task again.

  • ome_application_alerts_smtp - Issue(212310) - The module does not provide a proper error message if the destination_address is more than 255 characters.

  • ome_application_alerts_syslog - Issue(215374) - The module does not provide a proper error message if the destination_address is more than 255 characters.

  • ome_device_local_access_configuration - Issue(215035) - The module reports Successfully updated the local access setting if an unsupported value is provided for the parameter timeout_limit. However, this value is not actually applied on OpenManage Enterprise Modular.

  • ome_device_local_access_configuration - Issue(217865) - The module does not display a proper error message if an unsupported value is provided for the user_defined and lcd_language parameters.

  • ome_device_network_services - Issue(212681) - The module does not provide a proper error message if unsupported values are provided for the parameters- port_number, community_name, max_sessions, max_auth_retries, and idle_timeout.

  • ome_device_power_settings - Issue(212679) - The module displays the following message if the value provided for the parameter power_cap is not within the supported range of 0 to 32767, Unable to complete the request because PowerCap does not exist or is not applicable for the resource URI.

  • ome_device_quick_deploy - Issue(216352) - The module does not display a proper error message if an unsupported value is provided for the ipv6_prefix_length and vlan_id parameters.

  • ome_smart_fabric_uplink - Issue(186024) - The module does not allow the creation of multiple uplinks of the same name even though it is supported by OpenManage Enterprise Modular. If an uplink is created using the same name as an existing uplink, the existing uplink is modified.

netapp.ontap

  • na_ontap_snapshot - added documentation to use UTC format for expiry_time.

Breaking Changes

  • Ansible 7 requires Python 3.9 on the controller, same as ansible-core 2.14.

Ansible-core

  • Allow for lazy evaluation of Jinja2 expressions (https://github.com/ansible/ansible/issues/56017)

  • The default ansible-galaxy role skeletons no longer contain .travis.yml files. You can configure ansible-galaxy to use a custom role skeleton that contains a .travis.yml file to continue using Galaxy’s integration with Travis CI.

  • ansible - At startup the filesystem encoding and locale are checked to verify they are UTF-8. If not, the process exits with an error reporting the errant encoding.

  • ansible - Increase minimum Python requirement to Python 3.9 for CLI utilities and controller code

  • ansible-test - At startup the filesystem encoding is checked to verify it is UTF-8. If not, the process exits with an error reporting the errant encoding.

  • ansible-test - At startup the locale is configured as en_US.UTF-8, with a fallback to C.UTF-8. If neither encoding is available the process exits with an error. If the fallback is used, a warning is displayed. In previous versions the en_US.UTF-8 locale was always requested. However, no startup checking was performed to verify the locale was successfully configured.

  • ansible-test validate-modules - Removed the missing-python-doc error code in validate modules, missing-documentation is used instead for missing PowerShell module documentation.

  • strategy plugins - Make ignore_unreachable to increase ignored and ok and counter, not skipped and unreachable. (https://github.com/ansible/ansible/issues/77690)

amazon.aws

check_point.mgmt

  • cp_mgmt_access_role - the ‘machines’ parameter now accepts a single str and a new parameter ‘machines_list’ of type dict has been added. the ‘users’ parameter now accepts a single str and a new parameter ‘users_list’ of type dict has been added.

  • cp_mgmt_access_rule - the ‘vpn’ parameter now accepts a single str and a new parameter ‘vpn_list’ of type dict has been added. the ‘position_by_rule’ parameter has been changed to ‘relative_position’ with support of positioning above/below a section (and not just a rule). the ‘relative_position’ parameter has also ‘top’ and ‘bottom’ suboptions which allows positioning a rule at the top and bottom of a section respectively. a new parameter ‘search_entire_rulebase’ has been added to allow the relative positioning to be unlimited (was previously limited to 50 rules)

  • cp_mgmt_administrator - the ‘permissions_profile’ parameter now accepts a single str and a new parameter ‘permissions_profile_list’ of type dict has been added.

  • cp_mgmt_publish - the ‘uid’ parameter has been removed.

community.aws

  • Tags beginning with aws: will not be removed when purging tags, these tags are reserved by Amazon and may not be updated or deleted (https://github.com/ansible-collections/amazon.aws/issues/817).

  • acm_certificate - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • autoscaling_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group.

  • autoscaling_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group_info.

  • aws_secret - tags are no longer removed when the tags parameter is not set. To remove all tags set tags={} (https://github.com/ansible-collections/community.aws/issues/1146).

  • cloudfront_distribution - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • cloudtrail - The module has been migrated to the amazon.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudtrail.

  • cloudwatch_metric_alarm - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatch_metric_alarm.

  • cloudwatchevent_rule - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchevent_rule.

  • cloudwatchlogs_log_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group.

  • cloudwatchlogs_log_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_info.

  • cloudwatchlogs_log_group_metric_filter - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_metric_filter.

  • community.aws collection - Support for ansible-core < 2.11 has been dropped (https://github.com/ansible-collections/community.aws/pull/1541).

  • community.aws collection - The community.aws collection has now dropped support for and any requirements upon the original boto AWS SDK, and now uses the boto3/botocore AWS SDK (https://github.com/ansible-collections/community.aws/pull/898).

  • community.aws collection - The community.aws collection has dropped support for botocore<1.21.0 and boto3<1.18.0. Most modules will continue to work with older versions of the AWS SDK, however compatibility with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (https://github.com/ansible-collections/community.aws/pull/1362).

  • community.aws collection - the profile parameter is now mutually exclusive with the aws_access_key, aws_secret_key and security_token parameters (https://github.com/ansible-collections/amazon.aws/pull/834).

  • ec2_eip - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip.

  • ec2_eip_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip_info.

  • ec2_vpc_route_table - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_route_table.

  • ec2_vpc_route_table_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_route_table_info.

  • ec2_vpc_vpn - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • elb_application_lb - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb.

  • elb_application_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb_info.

  • elb_instance - the ec2_elbs fact has been removed, updated_elbs has been added the return values and includes the same information (https://github.com/ansible-collections/community.aws/pull/1173).

  • elb_network_lb - the default value of state has changed from absent to present (https://github.com/ansible-collections/community.aws/pull/1167).

  • execute_lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.execute_lambda.

  • iam_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy.

  • iam_policy_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy_info.

  • iam_server_certificate - Passing file names to the cert, chain_cert and key parameters has been removed. We recommend using a lookup plugin to read the files instead, see the documentation for an example (https://github.com/ansible-collections/community.aws/pull/1265).

  • iam_server_certificate - the default value for the dup_ok parameter has been changed to true. To preserve the original behaviour explicitly set the dup_ok parameter to false (https://github.com/ansible-collections/community.aws/pull/1265).

  • iam_user - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user.

  • iam_user_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user_info.

  • kms_key - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key.

  • kms_key - managing the KMS IAM Policy via policy_mode and policy_grant_types was previously deprecated and has been removed in favor of the policy option (https://github.com/ansible-collections/community.aws/pull/1344).

  • kms_key - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • kms_key_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key_info.

  • lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda.

  • lambda_alias - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_alias.

  • lambda_event - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_event.

  • lambda_execute - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_execute.

  • lambda_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_info.

  • lambda_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_policy.

  • rds_cluster - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster.

  • rds_cluster_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_info.

  • rds_cluster_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_snapshot.

  • rds_instance - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance.

  • rds_instance_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_info.

  • rds_instance_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_snapshot.

  • rds_option_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group.

  • rds_option_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group_info.

  • rds_param_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_param_group.

  • rds_param_group - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • rds_snapshot_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_snapshot_info.

  • rds_subnet_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_subnet_group.

  • route53 - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53.

  • route53_health_check - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_health_check.

  • route53_health_check - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • route53_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_info.

  • route53_zone - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_zone.

  • route53_zone - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

  • script_inventory_ec2 - The ec2.py inventory script has been moved to a new repository. The script can now be downloaded from https://github.com/ansible-community/contrib-scripts/blob/main/inventory/ec2.py and has been removed from this collection. We recommend migrating from the script to the amazon.aws.ec2 inventory plugin. (https://github.com/ansible-collections/community.aws/pull/898)

  • sqs_queue - the previously deprecated default value of purge_tags=False has been updated to purge_tags=True (https://github.com/ansible-collections/community.aws/pull/1343).

community.docker

community.general

community.hashi_vault

community.vmware

  • Removed support for ansible-core version < 2.13.0.

  • vmware_dvs_portgroup - Add a new sub-option inherited to the in_traffic_shaping parameter. This means you can keep the setting as-is by not defining the parameter, but also that you have to define the setting as not inherited if you want to override it at the PG level (https://github.com/ansible-collections/community.vmware/pull/1483).

  • vmware_dvs_portgroup - Add a new sub-option inherited to the out_traffic_shaping parameter. This means you can keep the setting as-is by not defining the parameter, but also that you have to define the setting as not inherited if you want to override it at the PG level (https://github.com/ansible-collections/community.vmware/pull/1483).

  • vmware_dvs_portgroup - Change the type of net_flow to string to allow setting it implicitly to inherited or to keep the value as-is. This means you can keep the setting as-is by not defining the parameter, but also that while true or no still work, True or Off (uppercase) won’t (https://github.com/ansible-collections/community.vmware/pull/1483).

  • vmware_dvs_portgroup - Remove support for vSphere API less than 6.7.

  • vmware_dvs_portgroup - Remove the default for network_policy and add a new sub-option inherited. This means you can keep the setting as-is by not defining the parameter, but also that you have to define the setting as not inherited if you want to override it at the PG level (https://github.com/ansible-collections/community.vmware/pull/1483).

  • vmware_dvs_portgroup_info - Remove support for vSphere API less than 6.7.

  • vmware_dvswitch - Remove support for vSphere API less than 6.7.

  • vmware_dvswitch_uplink_pg - Remove support for vSphere API less than 6.7.

  • vmware_guest_boot_manager - Remove default for secure_boot_enabled parameter (https://github.com/ansible-collections/community.vmware/issues/1461).

  • vmware_vm_config_option - Dict item names in result are changed from strings joined with spaces to strings joined with underlines, e.g. Guest fullname is changed to guest_fullname (https://github.com/ansible-collections/community.vmware/issues/1268).

  • vmware_vspan_session - Remove support for vSphere API less than 6.7.

dellemc.enterprise_sonic

  • bgp_af - Add the route_advertise_list dictionary to the argspec to replace the deleted, obsolete advertise_prefix attribute used for SONiC 3.x images on the 1.x branch of this collection. This change corresponds to a SONiC 4.0 OC YANG REST compliance change for the BGP AF REST API. It enables specification of a route map in conjunction with each route advertisement prefix (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/63).

  • bgp_af - remove the obsolete ‘advertise_prefix’ attribute from argspec and config code. This and subsequent co-req replacement with the new route advertise list argument structure require corresponding changes in playbooks previoulsly used for configuring route advertise prefixes for SONiC 3.x images. (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/60)

  • bgp_neighbors - Replace the previously defined standalone “bfd” attribute with a bfd dictionary containing multiple attributes. This change corresponds to the revised SONiC 4.x implementation of OC YANG compatible REST APIs. Playbooks previously using the bfd attributes for SONiC 3.x images must be modified for useon SONiC 4.0 images to use the new definition for the bfd attribute argspec structure (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/72).

  • bgp_neighbors - Replace, for BGP peer groups, the previously defined standalone “bfd” attribute with a bfd dictionary containing multiple attributes. This change corresponds to the revised SONiC 4.x implementation of OC YANG compatible REST APIs. Playbooks previously using the bfd attributes for SONiC 3.x images must be modified for useon SONiC 4.0 images to use the new definition for the bfd attribute argspec structure (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/81).

Major Changes

Ansible-core

  • Move handler processing into new PlayIterator phase to use the configured strategy (https://github.com/ansible/ansible/issues/65067)

  • ansible - At startup the filesystem encoding and locale are checked to verify they are UTF-8. If not, the process exits with an error reporting the errant encoding.

  • ansible - Increase minimum Python requirement to Python 3.9 for CLI utilities and controller code

  • ansible-test - At startup the filesystem encoding is checked to verify it is UTF-8. If not, the process exits with an error reporting the errant encoding.

  • ansible-test - At startup the locale is configured as en_US.UTF-8, with a fallback to C.UTF-8. If neither encoding is available the process exits with an error. If the fallback is used, a warning is displayed. In previous versions the en_US.UTF-8 locale was always requested. However, no startup checking was performed to verify the locale was successfully configured.

amazon.aws

  • amazon.aws collection - The amazon.aws collection has dropped support for botocore<1.20.0 and boto3<1.17.0. Most modules will continue to work with older versions of the AWS SDK, however compatibility with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (https://github.com/ansible-collections/amazon.aws/pull/574).

  • autoscaling_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group.

  • autoscaling_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_group_info.

  • cloudtrail - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudtrail.

  • cloudwatch_metric_alarm - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatch_metric_alarm.

  • cloudwatchevent_rule - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchevent_rule.

  • cloudwatchlogs_log_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group.

  • cloudwatchlogs_log_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_info.

  • cloudwatchlogs_log_group_metric_filter - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.cloudwatchlogs_log_group_metric_filter.

  • ec2_eip - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip.

  • ec2_eip_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_eip_info.

  • elb_application_lb - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb.

  • elb_application_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_application_lb_info.

  • execute_lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.execute_lambda.

  • iam_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy.

  • iam_policy_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_policy_info.

  • iam_user - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user.

  • iam_user_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_user_info.

  • kms_key - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key.

  • kms_key_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.kms_key_info.

  • lambda - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda.

  • lambda_alias - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_alias.

  • lambda_event - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_event.

  • lambda_execute - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_execute.

  • lambda_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_info.

  • lambda_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.lambda_policy.

  • rds_cluster - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster.

  • rds_cluster_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_info.

  • rds_cluster_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_cluster_snapshot.

  • rds_instance - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance.

  • rds_instance_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_info.

  • rds_instance_snapshot - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_instance_snapshot.

  • rds_option_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group.

  • rds_option_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_option_group_info.

  • rds_param_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_param_group.

  • rds_snapshot_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_snapshot_info.

  • rds_subnet_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.rds_subnet_group.

  • route53 - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53.

  • route53_health_check - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_health_check.

  • route53_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_info.

  • route53_zone - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.route53_zone.

arista.eos

  • Remove following EOS dprecated modules

  • Use of connection: local and the provider option are no longer valid on any modules in this collection.

  • eos_interface

  • eos_l2_interface

  • eos_l3_interface

  • eos_linkagg

  • eos_static_route

  • eos_vlan

check_point.mgmt

  • plugins/httpapi/checkpoint - Support for Smart-1 Cloud with new variable ‘ansible_cloud_mgmt_id’

chocolatey.chocolatey

  • win_chocolatey - Added bootstrap_script option to allow users to target a script URL for installing Chocolatey on clients.

  • win_chocolatey_facts - Added outdated packages list to data returned.

cisco.asa

  • Please use either of the following connection types - network_cli, httpapi or netconf.

  • This includes the following modules:

  • This release drops support for connection: local and provider dictionary.

  • This release removes all deprecated plugins that have reached their end-of-life.

  • Use of connection: local and the provider option are no longer valid on any modules in this collection.

  • asa_acl

  • asa_og

cisco.ios

  • Only valid connection types for this collection is network_cli.

  • This release drops support for connection: local and provider dictionary.

cisco.iosxr

  • Only valid connection types for this collection are network_cli and netconf.

  • This release drops support for connection: local and provider dictionary.

cisco.nxos

  • Please use either of the following connection types - network_cli, httpapi or netconf.

  • This release drops support for connection: local and provider dictionary.

community.aws

  • community.aws collection - The amazon.aws collection has dropped support for botocore<1.20.0 and boto3<1.17.0. Most modules will continue to work with older versions of the AWS SDK, however compatibility with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (https://github.com/ansible-collections/community.aws/pull/956).

community.docker

community.general

  • The internal structure of the collection was changed for modules and action plugins. These no longer live in a directory hierarchy ordered by topic, but instead are now all in a single (flat) directory. This has no impact on users assuming they did not use internal FQCNs. These will still work, but result in deprecation warnings. They were never officially supported and thus the redirects are kept as a courtsey, and this is not labelled as a breaking change. Note that for example the Ansible VScode plugin started recommending these internal names. If you followed its recommendation, you will now have to change back to the short names to avoid deprecation warnings, and potential errors in the future as these redirects will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/5461).

  • newrelic_deployment - removed New Relic v1 API, added support for v2 API (https://github.com/ansible-collections/community.general/pull/5341).

community.mysql

  • mysql_db - the pipefail argument’s default value will be changed to true in community.mysql 4.0.0. If your target machines do not use bash as a default interpreter, set pipefail to false explicitly. However, we strongly recommend setting up bash as a default and pipefail=true as it will protect you from getting broken dumps you don’t know about (https://github.com/ansible-collections/community.mysql/issues/407).

community.network

  • The community.network collection no longer supports Ansible 2.9 and ansible-base 2.10. While we take no active measures to prevent usage, we will remove compatibility code and other compatility measures that will effectively prevent using most content from this collection with Ansible 2.9, and some content of this collection with ansible-base 2.10. Both Ansible 2.9 and ansible-base 2.10 will very soon be End of Life and if you are still using them, you should consider upgrading to ansible-core 2.11 or later as soon as possible (https://github.com/ansible-collections/community.network/pull/426).

  • The internal structure of the collection was changed for modules and action plugins. These no longer live in a directory hierarchy ordered by topic, but instead are now all in a single (flat) directory. This has no impact on users assuming they did not use internal FQCNs. These will still work, but result in deprecation warnings. They were never officially supported and thus the redirects are kept as a courtsey, and this is not labelled as a breaking change. Note that for example the Ansible VScode plugin started recommending these internal names. If you followed its recommendation, you will now have to change back to the short names to avoid deprecation warnings, and potential errors in the future as these redirects will be removed in community.network 8.0.0 (https://github.com/ansible-collections/community.network/pull/482).

community.postgresql

dellemc.enterprise_sonic

dellemc.openmanage

  • Added collection metadata for creating execution environments.

  • Refactored the Markdown (MD) files and content for better readability.

  • The share parameters are deprecated from the following modules - idrac_network, idrac_timezone_ntp, dellemc_configure_idrac_eventing, dellemc_configure_idrac_services, dellemc_idrac_lc_attributes, dellemc_system_lockdown_mode.

  • idrac_bios - The module is enhanced to support clear pending BIOS attributes, reset BIOS to default settings, and configure BIOS attribute using Redfish.

  • idrac_boot - Support for configuring the boot settings on iDRAC.

  • idrac_redfish_storage_controller - This module is enhanced to support LockVirtualDisk operation.

  • idrac_virtual_media - This module allows to configure Remote File Share settings.

  • ome_device_group - The module is enhanced to support the removal of devices from a static device group.

  • ome_devices - Support for performing device-specific operations on OpenManage Enterprise.

fortinet.fortimanager

  • Fix compatibility issue for ansible 2.9.x and ansible-base 2.10.x.

  • Many fixes for Ansible sanity test warnings & errors.

  • Support FortiManager Schema 7.2.0 , 98 new modules

  • support Ansible changelogs.

fortinet.fortios

  • Support Diff feature in check_mode.

  • Support Fortios 7.2.0.

infoblox.nios_modules

  • Feature for extra layer security , with cert and key parameters in playbooks for authenticating using certificate and key *.pem file absolute path #154

  • Fix to remove issue causing due to template attr in deleting network using Ansible module nios network #147

  • Update text field of TXT Record #128

  • Update operation using old_name and new_name for the object with dummy name in old_name (which does not exist in system) will not create a new object in the system. An error will be thrown stating the object does not exist in the system #129

junipernetworks.junos

  • Use of connection: local and the provider option are no longer valid on any modules in this collection.

vyos.vyos

  • Use of connection: local and the provider option are no longer valid on any modules in this collection.

Removed Collections

  • servicenow.servicenow (previously included version: 1.0.6)

Removed Features

Ansible-core

amazon.aws

ansible.netcommon

  • napalm - Removed unused connection plugin.

  • net_banner - Use <network_os>_banner instead.

  • net_interface - Use <network_os>_interfaces instead.

  • net_l2_interface - Use <network_os>_l2_interfaces instead.

  • net_l3_interface - Use <network_os>_l3_interfaces instead.

  • net_linkagg - Use <network_os>_lag_interfaces instead.

  • net_lldp - Use <network_os>_lldp_global instead.

  • net_lldp_interface - Use <network_os>_lldp_interfaces instead.

  • net_logging - Use <network_os>_logging_global instead.

  • net_static_route - Use <network_os>_static_routes instead.

  • net_system - Use <network_os>_system instead.

  • net_user - Use <network_os>_user instead.

  • net_vlan - Use <network_os>_vlans instead.

  • net_vrf - Use <network_os>_vrf instead.

cisco.ios

  • ios_interface - use ios_interfaces instead.

  • ios_l2_interface - use ios_l2_interfaces instead.

  • ios_l3_interface - use ios_l3_interfaces instead.

  • ios_static_route - use ios_static_routes instead.

  • ios_vlan - use ios_vlans instead.

cisco.iosxr

  • iosxr_interface - use iosxr_interfaces instead.

cisco.nxos

  • This release removes the following deprecated plugins that have reached their end-of-life.

  • nxos_acl

  • nxos_acl_interface

  • nxos_interface

  • nxos_interface_ospf

  • nxos_l2_interface

  • nxos_l3_interface

  • nxos_linkagg

  • nxos_lldp

  • nxos_ospf

  • nxos_ospf_vrf

  • nxos_smu

  • nxos_static_route

  • nxos_vlan

community.aws

community.azure

community.docker

community.general

community.network

community.vmware

junipernetworks.junos

  • Remove following deprecated Junos Modules.

  • junos_interface

  • junos_l2_interface

  • junos_l3_interface

  • junos_linkagg

  • junos_lldp

  • junos_lldp_interface

  • junos_static_route

  • junos_vlan

vyos.vyos

  • vyos_interface - use vyos_interfaces instead.

  • vyos_l3_interface - use vyos_l3_interfaces instead.

  • vyos_linkagg - use vyos_lag_interfaces instead.

  • vyos_lldp - use vyos_lldp_global instead.

  • vyos_lldp_interface - use vyos_lldp_interfaces instead.

  • vyos_static_route - use vyos_static_routes instead.

Deprecated Features

Ansible-core

  • Deprecate ability of lookup plugins to return arbitrary data. Lookup plugins must return lists, failing to do so will be an error in 2.18. (https://github.com/ansible/ansible/issues/77788)

  • Encryption - Deprecate use of the Python crypt module due to it’s impending removal from Python 3.13

  • PlayContext.verbosity is deprecated and will be removed in 2.18. Use ansible.utils.display.Display().verbosity as the single source of truth.

  • DEFAULT_FACT_PATH, DEFAULT_GATHER_SUBSET and DEFAULT_GATHER_TIMEOUT are deprecated and will be removed in 2.18. Use module_defaults keyword instead.

  • PlayIterator - deprecate cache_block_tasks and get_original_task which are noop and unused.

  • Templar - deprecate shared_loader_obj option which is unused. ansible.plugins.loader is used directly instead.

  • listify_lookup_plugin_terms, deprecate ‘loader/dataloader’ parameter as it not used.

  • vars plugins - determining whether or not to run ansible.legacy vars plugins with the class attribute REQUIRES_WHITELIST is deprecated, set REQUIRES_ENABLED instead.

amazon.aws

cisco.ios

  • Deprecated ios_linkagg_module in favor of ios_lag_interfaces.

cisco.mso

  • The mso_schema_template_contract_filter contract_filter_type attribute is deprecated. The value is now deduced from filter_type.

community.aws

  • aws_acm - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • aws_codebuild - The tags parameter currently uses a non-standard format and has been deprecated. In release 6.0.0 this parameter will accept a simple key/value pair dictionary instead of the current list of dictionaries. It is recommended to migrate to using the resource_tags parameter which already accepts the simple dictionary format (https://github.com/ansible-collections/community.aws/pull/1221).

  • aws_glue_connection - the connection_parameters return key has been deprecated and will be removed in a release after 2024-06-01, it is being replaced by the raw_connection_parameters key (https://github.com/ansible-collections/community.aws/pull/518).

  • aws_kms - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • cloudfront_distribution - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • community.aws collection - due to the AWS SDKs announcing the end of support for Python less than 3.7 (https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/) support for Python less than 3.7 by this collection has been deprecated and will be removed in a release after 2023-05-31 (https://github.com/ansible-collections/community.aws/pull/1361).

  • ec2_vpc_vpn - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • iam_policy - the policies return value has been renamed policy_names and will be removed in a release after 2024-08-01, both values are currently returned (https://github.com/ansible-collections/community.aws/pull/1375).

  • lambda_info - The function return key returns a dictionary of dictionaries and has been deprecated. In a release after 2025-01-01, this key will be removed in favor of functions, which returns a list of dictionaries (https://github.com/ansible-collections/community.aws/pull/1239).

  • rds_param_group - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • route53_health_check - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • route53_info - The CamelCase return values for DelegationSets, CheckerIpRanges, and HealthCheck have been deprecated, in the future release you must use snake_case return values delegation_sets, checker_ip_ranges, and health_check instead respectively” (https://github.com/ansible-collections/community.aws/pull/1322).

  • route53_info - The CamelCase return values for HostedZones, ResourceRecordSets, and HealthChecks have been deprecated, in the future release you must use snake_case return values hosted_zones, resource_record_sets, and health_checks instead respectively”.

  • route53_zone - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

  • sqs_queue - the current default value of False for purge_tags has been deprecated and will be updated in release 5.0.0 to True.

community.crypto

  • Support for Ansible 2.9 and ansible-base 2.10 is deprecated, and will be removed in the next major release (community.crypto 3.0.0). Some modules might still work with these versions afterwards, but we will no longer keep compatibility code that was needed to support them (https://github.com/ansible-collections/community.crypto/pull/460).

community.docker

  • Support for Docker API version 1.20 to 1.24 has been deprecated and will be removed in community.docker 3.0.0. The first Docker version supporting API version 1.25 was Docker 1.13, released in January 2017. This affects the modules docker_container, docker_container_exec, docker_container_info, docker_compose, docker_login, docker_image, docker_image_info, docker_image_load, docker_host_info, docker_network, docker_network_info, docker_node_info, docker_swarm_info, docker_swarm_service, docker_swarm_service_info, docker_volume_info, and docker_volume, whose minimally supported API version is between 1.20 and 1.24 (https://github.com/ansible-collections/community.docker/pull/396).

  • Support for Python 2.6 is deprecated and will be removed in the next major release (community.docker 3.0.0). Some modules might still work with Python 2.6, but we will no longer try to ensure compatibility (https://github.com/ansible-collections/community.docker/pull/388).

  • docker_container - the ignore_image option is deprecated and will be removed in community.docker 4.0.0. Use image: ignore in comparisons instead (https://github.com/ansible-collections/community.docker/pull/487).

  • docker_container - the purge_networks option is deprecated and will be removed in community.docker 4.0.0. Use networks: strict in comparisons instead, and make sure to provide networks, with value [] if all networks should be removed (https://github.com/ansible-collections/community.docker/pull/487).

community.general

community.hashi_vault