Ansible 11 Porting Guide

Ansible 11 is based on Ansible-core 2.18.

We suggest you read this page along with the Ansible 11 Changelog to understand what updates you may need to make.

Playbook

No notable changes

Command Line

  • Python 3.10 is a no longer supported control node version. Python 3.11+ is now required for running Ansible.

  • Python 3.7 is a no longer supported remote version. Python 3.8+ is now required for target execution.

Deprecated

No notable changes

Modules

No notable changes

Modules removed

The following modules no longer exist:

  • No notable changes

Deprecation notices

No notable changes

Noteworthy module changes

No notable changes

Plugins

  • The ssh connection plugin now officially supports targeting Windows hosts. A breaking change that has been made as part of this official support is the low level command execution done by plugins like ansible.builtin.raw and action plugins calling _low_level_execute_command is no longer wrapped with a powershell.exe wrapped invocation. These commands will now be executed directly on the target host using the default shell configuration set on the Windows host. This change is done to simplify the configuration required on the Ansible side, make module execution more efficient, and to remove the need to decode stderr CLIXML output. A consequence of this change is that ansible.builtin.raw commands are no longer guaranteed to be run through a PowerShell shell and with the output encoding of UTF-8. To run a command through PowerShell and with UTF-8 output support, use the ansible.windows.win_shell or ansible.windows.win_powershell module instead.

    - name: Run with win_shell
      ansible.windows.win_shell: Write-Host "Hello, Café"
    
    - name: Run with win_powershell
      ansible.windows.win_powershell:
        script: Write-Host "Hello, Café"
    

Porting custom scripts

No notable changes

Networking

No notable changes

Porting Guide for v11.1.0

Known Issues

dellemc.openmanage

  • idrac_diagnostics - Issue(285322) - This module doesn’t support export of diagnostics file to HTTP and HTTPS share via SOCKS proxy.

  • idrac_firmware - Issue(279282) - This module does not support firmware update using HTTP, HTTPS, and FTP shares with authentication on iDRAC8.

  • ome_smart_fabric_uplink - Issue(186024) - The module supported by OpenManage Enterprise Modular, however it does not allow the creation of multiple uplinks of the same name. If an uplink is created using the same name as an existing uplink, then the existing uplink is modified.

Major Changes

dellemc.openmanage

  • omevv_baseline_profile - This module allows to manage baseline profile.

  • omevv_baseline_profile_info - This module allows to retrieve baseline profile information.

  • omevv_compliance_info - This module allows to retrieve firmware compliance reports.

Deprecated Features

  • The collection ibm.spectrum_virtualize was renamed to ibm.storage_virtualize. For now both collections are included in Ansible. The collection will be completely removed from Ansible 12. Please update your FQCNs from ibm.spectrum_virtualize to ibm.storage_virtualize.

community.general

vmware.vmware_rest

  • content_library_item_info - the module has been deprecated and will be removed in vmware.vmware_rest 5.0.0

Porting Guide for v11.0.0

Added Collections

  • ieisystem.inmanage (version 3.0.0)

  • kubevirt.core (version 2.1.0)

  • vmware.vmware (version 1.6.0)

Known Issues

Ansible-core

  • ansible-test - When using ansible-test containers with Podman on a Ubuntu 24.04 host, ansible-test must be run as a non-root user to avoid permission issues caused by AppArmor.

  • ansible-test - When using the Fedora 40 container with Podman on a Ubuntu 24.04 host, the unix-chkpwd AppArmor profile must be disabled on the host to allow SSH connections to the container.

ansible.netcommon

  • libssh - net_put and net_get fail when the destination file intended to be fetched is not present.

community.docker

community.general

dellemc.openmanage

  • idrac_diagnostics - Issue(285322) - This module doesn’t support export of diagnostics file to HTTP and HTTPS share via SOCKS proxy.

  • idrac_firmware - Issue(279282) - This module does not support firmware update using HTTP, HTTPS, and FTP shares with authentication on iDRAC8.

  • idrac_storage_volume - Issue(290766) - The module will report success instead of showing failure for new virtual creation on the BOSS-N1 controller if a virtual disk is already present on the same controller.

  • idrac_support_assist - Issue(308550) - This module fails when the NFS share path contains sub directory.

  • ome_diagnostics - Issue(279193) - Export of SupportAssist collection logs to the share location fails on OME version 4.0.0.

  • ome_smart_fabric_uplink - Issue(186024) - The module supported by OpenManage Enterprise Modular, however it does not allow the creation of multiple uplinks of the same name. If an uplink is created using the same name as an existing uplink, then the existing uplink is modified.

Breaking Changes

Ansible-core

  • Stopped wrapping all commands sent over SSH on a Windows target with a powershell.exe executable. This results in one less process being started on each command for Windows to improve efficiency, simplify the code, and make raw an actual raw command run with the default shell configured on the Windows sshd settings. This should have no affect on most tasks except for raw which now is not guaranteed to always be running in a PowerShell shell and from having the console output codepage set to UTF-8. To avoid this issue either swap to using ansible.windows.win_command, ansible.windows.win_shell, ansible.windows.win_powershell or manually wrap the raw command with the shell commands needed to set the output console encoding.

  • persistent connection plugins - The ANSIBLE_CONNECTION_PATH config option no longer has any effect.

amazon.aws

cloud.common

community.aws

  • The community.aws collection has dropped support for botocore<1.31.0 and boto3<1.28.0. Most modules will continue to work with older versions of the AWS SDK. However, compatability with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (https://github.com/ansible-collections/community.aws/pull/2195).

  • autoscaling_instance_refresh - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh (https://github.com/ansible-collections/community.aws/pull/2177).

  • autoscaling_instance_refresh_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh_info (https://github.com/ansible-collections/community.aws/pull/2177).

  • ec2_launch_template - Tags defined using option tags are now applied to the launch template resources not the resource created using this launch template (https://github.com/ansible-collections/community.aws/issues/176).

  • ec2_launch_template - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_launch_template (https://github.com/ansible-collections/community.aws/pull/2185).

  • ec2_placement_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group.

  • ec2_placement_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group_info.

  • ec2_transit_gateway - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway.

  • ec2_transit_gateway_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_info.

  • ec2_transit_gateway_vpc_attachment - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment.

  • ec2_transit_gateway_vpc_attachment_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment_info.

  • ec2_vpc_egress_igw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_egress_igw (https://api.github.com/repos/ansible-collections/community.aws/pulls/2169).

  • ec2_vpc_nacl - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl (https://github.com/ansible-collections/community.aws/pull/2178).

  • ec2_vpc_nacl_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl_info (https://github.com/ansible-collections/community.aws/pull/2178).

  • ec2_vpc_peer - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peer.

  • ec2_vpc_peering_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peering_info.

  • ec2_vpc_vgw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw.

  • ec2_vpc_vgw_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw_info.

  • ec2_vpc_vpn - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn.

  • ec2_vpc_vpn_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn_info.

  • ecs_cluster - the parameter purge_capacity_providers defaults to true. (https://github.com/ansible-collections/community.aws/pull/2165).

  • elb_classic_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_classic_lb_info.

  • iam_policy - the connection_properties return key was previously deprecated and has been removed, please use raw_connection_properties instead (https://github.com/ansible-collections/community.aws/pull/2165).

community.docker

community.general

community.routeros

community.vmware

community.zabbix

  • All Roles - Remove support for Centos 7

  • All Roles - Remove support for Python2

  • All Roles - Removed support for Debian 10.

  • All Roles - Removed support for Ubuntu 18.08 (Bionic)

  • Remove support for Ansible < 2.15 and Python < 3.9

  • Remove support for Zabbix 6.2

  • Removed support for Zabbix 6.2

  • zabbix_agent role - Remove support for zabbix_agent_zabbix_alias.

  • zabbix_agent role - Remove support for zabbix_get_package variable.

  • zabbix_agent role - Remove support for zabbix_sender_package variable.

  • zabbix_agent role - Remove support for all zabbix_agent2_* variables.

hetzner.hcloud

  • Drop support for ansible-core 2.14.

kubernetes.core

vmware.vmware_rest

  • Removing any support for ansible-core <=2.14

Major Changes

amazon.aws

  • autoscaling_instance_refresh - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh (https://github.com/ansible-collections/amazon.aws/pull/2338).

  • autoscaling_instance_refresh_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh_info (https://github.com/ansible-collections/amazon.aws/pull/2338).

  • ec2_launch_template - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_launch_template (https://github.com/ansible-collections/amazon.aws/pull/2348).

  • ec2_placement_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group.

  • ec2_placement_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group_info.

  • ec2_transit_gateway - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway.

  • ec2_transit_gateway_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_info.

  • ec2_transit_gateway_vpc_attachment - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment.

  • ec2_transit_gateway_vpc_attachment_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment_info.

  • ec2_vpc_egress_igw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_egress_igw (https://api.github.com/repos/ansible-collections/amazon.aws/pulls/2327).

  • ec2_vpc_nacl - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl (https://github.com/ansible-collections/amazon.aws/pull/2339).

  • ec2_vpc_nacl_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl_info (https://github.com/ansible-collections/amazon.aws/pull/2339).

  • ec2_vpc_peer - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peer.

  • ec2_vpc_peering_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peering_info.

  • ec2_vpc_vgw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw.

  • ec2_vpc_vgw_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw_info.

  • ec2_vpc_vpn - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn.

  • ec2_vpc_vpn_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn_info.

  • elb_classic_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_classic_lb_info.

ansible.netcommon

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

ansible.posix

  • Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required version for this release

ansible.utils

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

arista.eos

  • Bumping requires_ansible to >=2.15.0 due to the end-of-life status of previous ansible-core versions.

check_point.mgmt

  • New R82 Resource Modules

  • Support relative positioning for sections

cisco.asa

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

cisco.ios

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

cisco.iosxr

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

cisco.nxos

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

community.vmware

community.zabbix

  • All Roles - Add support for openSUSE Leap 15 and SLES 15.

  • All Roles - Separate installation of Zabbix repo from all other roles and link them together.

containers.podman

  • Add mount and unmount for volumes

  • Add multiple subnets for networks

  • Add new options for podman_container

  • Add new options to pod module

  • Add podman search

  • Improve idempotency for networking in podman_container

  • Redesign idempotency for Podman Pod module

dellemc.openmanage

  • Added support to use session ID for authentication of iDRAC, OpenManage Enterprise and OpenManage Enterprise Modular.

  • idrac_secure_boot - This module allows to Configure attributes, import, or export secure boot certificate, and reset keys.

  • idrac_secure_boot - This module allows to import the secure boot certificate.

  • idrac_server_config_profile - This module is enhanced to allow you to export and import custom defaults on iDRAC.

  • idrac_support_assist - This module allows to run and export SupportAssist collection logs on iDRAC.

  • idrac_system_erase - This module allows to Erase system and storage components of the server on iDRAC.

  • ome_configuration_compliance_baseline - This module is enhanced to schedule the remediation job and stage the reboot.

  • ome_session - This module allows you to create and delete the sessions on OpenManage Enterprise and OpenManage Enterprise Modular.

  • omevv_firmware_repository_profile - This module allows to manage firmware repository profile.

  • omevv_firmware_repository_profile_info - This module allows to retrieve firmware repository profile information.

  • omevv_vcenter_info - This module allows to retrieve vCenter information.

fortinet.fortios

  • Add a sanity_test.yaml file to trigger CI tests in GitHub.

  • Improve the logic for SET function to send GET request first then PUT or POST

  • Mantis

  • Support Ansible-core 2.17.

  • Support new FOS versions 7.4.4.

  • Support new FOS versions 7.6.0.

grafana.grafana

ibm.qradar

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

junipernetworks.junos

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

kaytus.ksmanage

splunk.es

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

vyos.vyos

  • Bumping requires_ansible to >=2.15.0, since previous ansible-core versions are EoL now.

Removed Collections

  • frr.frr (previously included version: 2.0.2)

  • inspur.sm (previously included version: 2.3.0)

  • ngine_io.exoscale (previously included version: 1.1.0)

  • openvswitch.openvswitch (previously included version: 2.1.1)

  • t_systems_mms.icinga_director (previously included version: 2.0.1)

Removed Features

  • The inspur.sm collection was considered unmaintained and has been removed from Ansible 11 (https://forum.ansible.com/t/2854). Users can still install this collection with ansible-galaxy collection install inspur.sm.

  • The collection t_systems_mms.icinga_director has been completely removed from Ansible. It has been renamed to telekom_mms.icinga_director. t_systems_mms.icinga_director has been replaced by deprecated redirects to telekom_mms.icinga_director in Ansible 9.0.0. Please update your FQCNs from t_systems_mms.icinga_director to telekom_mms.icinga_director.

  • The deprecated frr.frr collection has been removed (https://forum.ansible.com/t/6243).

  • The deprecated ngine_io.exoscale collection has been removed (https://forum.ansible.com/t/2572).

  • The deprecated openvswitch.openvswitch collection has been removed (https://forum.ansible.com/t/6245).

Ansible-core

community.docker

community.general

community.grafana

  • removed check and handling of mangled api key in grafana_dashboard lookup

  • removed deprecated message argument in grafana_dashboard

community.okd

community.routeros

  • The collection no longer supports Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14. If you need to continue using End of Life versions of Ansible/ansible-base/ansible-core, please use community.routeros 2.x.y (https://github.com/ansible-collections/community.routeros/pull/318).

community.sops

  • The collection no longer supports Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14. If you need to continue using End of Life versions of Ansible/ansible-base/ansible-core, please use community.sops 1.x.y (https://github.com/ansible-collections/community.sops/pull/206).

kubernetes.core

Deprecated Features

Ansible-core

  • Deprecate ansible.module_utils.basic.AnsibleModule.safe_eval and ansible.module_utils.common.safe_eval as they are no longer used.

  • persistent connection plugins - The ANSIBLE_CONNECTION_PATH config option no longer has any effect, and will be removed in a future release.

  • yum_repository - deprecate async option as it has been removed in RHEL 8 and will be removed in ansible-core 2.22.

  • yum_repository - the following options are deprecated: deltarpm_metadata_percentage, gpgcakey, http_caching, keepalive, metadata_expire_filter, mirrorlist_expire, protect, ssl_check_cert_permissions, ui_repoid_vars as they have no effect for dnf as an underlying package manager. The options will be removed in ansible-core 2.22.

amazon.aws

cisco.ios

  • ios_bgp_address_family - deprecated attribute password in favour of password_options within neigbhors.

  • ios_bgp_global - deprecated attributes aggregate_address, bestpath, inject_map, ipv4_with_subnet, ipv6_with_subnet, nopeerup_delay, distribute_list, address, tag, ipv6_addresses, password, route_map, route_server_context and scope

  • ios_linkagg - deprecate legacy module ios_linkagg

  • ios_lldp - deprecate legacy module ios_lldp

community.aws

community.docker

  • The collection deprecates support for all ansible-core versions that are currently End of Life, according to the ansible-core support matrix. This means that the next major release of the collection will no longer support ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14.

community.general

community.grafana

  • Deprecate grafana_notification_channel. It will be removed in version 3.0.0

community.mysql

  • collection - support of mysqlclient connector is deprecated - use PyMySQL connector instead! We will stop testing against it in collection version 4.0.0 and remove the related code in 5.0.0 (https://github.com/ansible-collections/community.mysql/issues/654).

  • mysql_info - The users_info filter returned variable plugin_auth_string contains the hashed password and it’s misleading, it will be removed from community.mysql 4.0.0. Use the plugin_hash_string return value instead (https://github.com/ansible-collections/community.mysql/pull/629).

  • mysql_user - the user alias of the name argument has been deprecated and will be removed in collection version 5.0.0. Use the name argument instead.

community.network

  • This collection and all content in it is unmaintained and deprecated (https://forum.ansible.com/t/8030). If you are interested in maintaining parts of the collection, please copy them to your own repository, and tell others about in the Forum discussion. See the collection creator path for details.

community.routeros

  • The collection deprecates support for all Ansible/ansible-base/ansible-core versions that are currently End of Life, according to the ansible-core support matrix. This means that the next major release of the collection will no longer support Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14.

community.sops

  • The collection deprecates support for all Ansible/ansible-base/ansible-core versions that are currently End of Life, according to the ansible-core support matrix. This means that the next major release of the collection will no longer support Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14.

community.vmware