Ansible 2.10 Porting Guide

Warning

In Ansible 2.10, many plugins and modules have migrated to Collections on Ansible Galaxy. Your playbooks should continue to work without any changes. We recommend you start using the fully-qualified collection name (FQCN) in your playbooks as the explicit and authoritative indicator of which collection to use as some collections may contain duplicate module names. You can search the index of all modules to find the collection a module has been relocated to.

This section discusses the behavioral changes between Ansible 2.9 and Ansible 2.10.

It is intended to assist in updating your playbooks, plugins and other parts of your Ansible infrastructure so they will work with this version of Ansible.

We suggest you read this page along with the Ansible Changelog for 2.10 to understand what updates you may need to make.

Since 2.10, Ansible consists of two parts:

  • ansible-base, which includes the command line tools with a small selection of plugins and modules, and

  • a set of collections.

The Ansible-base 2.10 Porting Guide is included in this porting guide. The complete list of porting guides can be found at porting guides.

Playbook

  • Fixed a bug on boolean keywords that made random strings return ‘False’, now they should return an error if they are not a proper boolean Example: diff: yes- was returning False.

  • A new fact, ansible_processor_nproc reflects the number of vcpus available to processes (falls back to the number of vcpus available to the scheduler).

Command Line

  • The ansible-galaxy login command has been removed, as the underlying API it used for GitHub auth is being shut down. Publishing roles or collections to Galaxy through ansible-galaxy now requires that a Galaxy API token be passed to the CLI through a token file (default location ~/.ansible/galaxy_token) or (insecurely) through the --token argument to ansible-galaxy.

Deprecated

Modules

Warning

Links on this page may not point to the most recent versions of modules. We will update them when we can.

  • Version 2.10.0 of ansible-base changed the default mode of file-based tasks to 0o600 & ~umask when the user did not specify a mode parameter on file-based tasks. This was in response to a CVE report which we have reconsidered. As a result, the mode change has been reverted in 2.10.1, and mode will now default to 0o666 & ~umask as in previous versions of Ansible.

  • If you changed any tasks to specify less restrictive permissions while using 2.10.0, those changes will be unnecessary (but will do no harm) in 2.10.1.

  • To avoid the issue raised in CVE-2020-1736, specify a mode parameter in all file-based tasks that accept it.

  • dnf and yum - As of version 2.10.1, the dnf module (and yum action when it uses dnf) now correctly validates GPG signatures of packages (CVE-2020-14365). If you see an error such as Failed to validate GPG signature for [package name], please ensure that you have imported the correct GPG key for the DNF repository and/or package you are using. One way to do this is with the rpm_key module. Although we discourage it, in some cases it may be necessary to disable the GPG check. This can be done by explicitly adding disable_gpg_check: yes in your dnf or yum task.

Noteworthy module changes

  • Ansible modules created with add_file_common_args=True added a number of undocumented arguments which were mostly there to ease implementing certain action plugins. The undocumented arguments src, follow, force, content, backup, remote_src, regexp, delimiter, and directory_mode are now no longer added. Modules relying on these options to be added need to specify them by themselves.

  • Ansible no longer looks for Python modules in the current working directory (typically the remote_user’s home directory) when an Ansible module is run. This is to fix becoming an unprivileged user on OpenBSD and to mitigate any attack vector if the current working directory is writable by a malicious user. Install any Python modules needed to run the Ansible modules on the managed node in a system-wide location or in another directory which is in the remote_user’s $PYTHONPATH and readable by the become_user.

Plugins

Lookup plugin names case-sensitivity

  • Prior to Ansible 2.10 lookup plugin names passed in as an argument to the lookup() function were treated as case-insensitive as opposed to lookups invoked through with_<lookup_name>. 2.10 brings consistency to lookup() and with_ to be both case-sensitive.

Noteworthy plugin changes

  • Cache plugins in collections can be used to cache data from inventory plugins. Previously, cache plugins in collections could only be used for fact caching.

  • Some undocumented arguments from FILE_COMMON_ARGUMENTS have been removed; plugins using these, in particular action plugins, need to be adjusted. The undocumented arguments which were removed are src, follow, force, content, backup, remote_src, regexp, delimiter, and directory_mode.

Action plugins which execute modules should use fully-qualified module names

  • Action plugins that call modules should pass explicit, fully-qualified module names to _execute_module() whenever possible (eg, ansible.builtin.file rather than file). This ensures that the task’s collection search order is not consulted to resolve the module. Otherwise, a module from a collection earlier in the search path could be used when not intended.

Porting custom scripts

No notable changes

Porting Guide for v2.10.7

Breaking Changes

community.general

Major Changes

  • Restricting the version of the community.okd collection to 1.0.0. The previously included version, 1.0.1, had a dependency on kubernetes.core and thus required the installation of an additional collection that was not included in Ansible 2.10. Version 1.0.0 is essentially identical to 1.0.1, except that it uses community.kubernetes, which is included in Ansible 2.10.

ovirt.ovirt

servicenow.servicenow

  • add new tests (find with no result, search many)

  • add related tests

  • add support for ServiceNOW table api display_value exclude_reference_link and suppress_pagination_header

  • use new API for pysnow >=0.6.0

Deprecated Features

cisco.nxos

  • Deprecated nxos_bgp and nxos_bgp_neighbor modules in favor of nxos_bgp_global resource module.

community.vmware

  • vmware_host_firewall_manager - the creation of new rule with no allowed_ip entry in the allowed_hosts dictionary won’t be allowed after 2.0.0 release.

Porting Guide for v2.10.6

Major Changes

community.general

  • For community.general 2.0.0, the kubevirt modules will be moved to the community.kubevirt collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use kubevirt modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.kubevirt. instead of community.general., for example replace community.general.kubevirt_vm in a task by community.kubevirt.kubevirt_vm.

    If you use ansible-base and installed community.general manually and rely on the kubevirt modules, you have to make sure to install the community.kubevirt collection as well. If you are using FQCNs, for example community.general.kubevirt_vm instead of kubevirt_vm, it will continue working, but we still recommend to adjust the FQCNs as well.

community.network

  • For community.network 2.0.0, the Cisco NSO modules will be moved to the cisco.nso collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use Cisco NSO modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with cisco.nso. instead of community.network., for example replace community.network.nso_config in a task by cisco.nso.nso_config.

    If you use ansible-base and installed community.network manually and rely on the Cisco NSO modules, you have to make sure to install the cisco.nso collection as well. If you are using FQCNs, for example community.network.nso_config instead of nso_config, it will continue working, but we still recommend to adjust the FQCNs as well.

  • For community.network 2.0.0, the FortiOS modules will be moved to the community.fortios collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use FortiOS modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.fortios. instead of community.network., for example replace community.network.fmgr_device in a task by community.fortios.fmgr_device.

    If you use ansible-base and installed community.network manually and rely on the FortiOS modules, you have to make sure to install the community.fortios collection as well. If you are using FQCNs, for example community.network.fmgr_device instead of fmgr_device, it will continue working, but we still recommend to adjust the FQCNs as well.

f5networks.f5_modules

  • Added async_timeout parameter to bigip_ucs_fetch module to allow customization of module wait for async interface

  • Changed bigip_ucs_fetch module to use asynchronous interface when generating UCS files

Porting Guide for v2.10.5

Breaking Changes

community.hashi_vault

Major Changes

community.general

  • For community.general 2.0.0, the Google modules will be moved to the community.google collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use Google modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.google. instead of community.general., for example replace community.general.gcpubsub in a task by community.google.gcpubsub.

    If you use ansible-base and installed community.general manually and rely on the Google modules, you have to make sure to install the community.google collection as well. If you are using FQCNs, for example community.general.gcpubsub instead of gcpubsub, it will continue working, but we still recommend to adjust the FQCNs as well.

  • For community.general 2.0.0, the OC connection plugin will be moved to the community.okd collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use OC connection plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs community.okd.oc instead of community.general.oc.

    If you use ansible-base and installed community.general manually and rely on the OC connection plugin, you have to make sure to install the community.okd collection as well. If you are using FQCNs, in other words community.general.oc instead of oc, it will continue working, but we still recommend to adjust this FQCN as well.

  • For community.general 2.0.0, the hashi_vault lookup plugin will be moved to the community.hashi_vault collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use hashi_vault lookup plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs community.hashi_vault.hashi_vault instead of community.general.hashi_vault.

    If you use ansible-base and installed community.general manually and rely on the hashi_vault lookup plugin, you have to make sure to install the community.hashi_vault collection as well. If you are using FQCNs, in other words community.general.hashi_vault instead of hashi_vault, it will continue working, but we still recommend to adjust this FQCN as well.

netbox.netbox

  • nb_inventory - Add dns_name option that adds dns_name to the host when True and device has a primary IP address. (#394)

  • nb_inventory - Add status as a group_by option. (398)

  • nb_inventory - Move around extracted_primary_ip to allow for config_context or custom_field to overwrite. (#377)

  • nb_inventory - Services are now a list of integers due to NetBox 2.10 changes. (#396)

  • nb_lookup - Allow ID to be passed in and use .get instead of .filter. (#376)

  • nb_lookup - Allow api_endpoint and token to be found through env. (#391)

Deprecated Features

community.aws

community.docker

community.hashi_vault

Porting Guide for v2.10.4

Breaking Changes

community.hrobot

Major Changes

community.general

  • For community.general 2.0.0, the Hetzner Robot modules will be moved to the community.hrobot collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.hrobot. instead of community.general.hetzner_, for example replace community.general.hetzner_firewall_info in a task by community.hrobot.firewall_info.

    If you use ansible-base and installed community.general manually and rely on the Hetzner Robot modules, you have to make sure to install the community.hrobot collection as well. If you are using FQCNs, that is community.general.hetzner_failover_ip instead of hetzner_failover_ip, it will continue working, but we still recommend to adjust the FQCNs as well.

  • For community.general 2.0.0, the docker modules and plugins will be moved to the community.docker collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use docker content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.docker. instead of community.general., for example replace community.general.docker_container in a task by community.docker.docker_container.

    If you use ansible-base and installed community.general manually and rely on the docker content, you have to make sure to install the community.docker collection as well. If you are using FQCNs, that is community.general.docker_container instead of docker_container, it will continue working, but we still recommend to adjust the FQCNs as well.

  • For community.general 2.0.0, the postgresql modules and plugins will be moved to the community.postgresql collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use postgresql content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.postgresql. instead of community.general., for example replace community.general.postgresql_info in a task by community.postgresql.postgresql_info.

    If you use ansible-base and installed community.general manually and rely on the postgresql content, you have to make sure to install the community.postgresql collection as well. If you are using FQCNs, that is community.general.postgresql_info instead of postgresql_info, it will continue working, but we still recommend to adjust the FQCNs as well.

  • The community.general collection no longer depends on the ansible.posix collection (https://github.com/ansible-collections/community.general/pull/1157).

community.network

  • For community.network 2.0.0, the routeros modules and plugins will be moved to the community.routeros collection. A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.

    If you use Ansible 2.9 and explicitly use routeros content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with community.routeros. instead of community.network.routeros_, for example replace community.network.routeros_api in a task by community.routeros.api.

    If you use ansible-base and installed community.network manually and rely on the routeros content, you have to make sure to install the community.routeros collection as well. If you are using FQCNs, that is community.network.routeros_command instead of routeros_command, it will continue working, but we still recommend to adjust the FQCNs as well.

  • In community.network 2.0.0, the fortimanager httpapi plugin will be removed and replaced by a redirect to the corresponding plugin in the fortios.fortimanager collection. For Ansible 2.10 and ansible-base 2.10 users, this means that it will continue to work assuming that collection is installed. For Ansible 2.9 users, this means that they have to adjust the FQCN from community.network.fortimanager to fortios.fortimanager.fortimanager (https://github.com/ansible-collections/community.network/pull/151).

community.okd

Removed Features

community.docker

Deprecated Features

community.general

community.network

Porting Guide for v2.10.2

Breaking Changes

Ansible-base

Major Changes

f5networks.f5_modules

  • Add phone home Teem integration into all modules, functionality can be disabled by setting up F5_TEEM environment variable or no_f5_teem provider parameter

ovirt.ovirt

Removed Features

f5networks.f5_modules

  • Removed arp_state parameter from the bigip_virtual_address module

Deprecated Features

cisco.nxos

  • Deprecated nxos_interface_ospf in favor of nxos_ospf_interfaces Resource Module.

Porting Guide for v2.10.1

Major Changes

community.kubernetes

Deprecated Features

cisco.nxos

  • Deprecated nxos_smu in favor of nxos_rpm module.

  • The nxos_ospf_vrf module is deprecated by nxos_ospfv2 and nxos_ospfv3 Resource Modules.

Porting Guide for v2.10.0

Known Issues

  • Due to a limitation in pip, you cannot pip install --upgrade from ansible-2.9 or earlier to ansible-2.10 or higher. Instead, you must explicitly use pip uninstall ansible before pip installing the new version. If you attempt to upgrade Ansible with pip without first uninstalling, the installer warns you to uninstall first.

  • The individual collections that make up the ansible-2.10.0 package can be viewed independently. However, they are not currently listed by ansible-galaxy. To view these collections with ansible-galaxy, explicitly specify where ansible has installed the collections – COLLECTION_INSTALL=$(python -c 'import ansible, os.path ; print("%s/../ansible_collections" % os.path.dirname(ansible.__file__))') ansible-galaxy collection list -p "$COLLECTION_INSTALL".

  • These fortios modules are not automatically redirected from their 2.9.x names to the new 2.10.x names within collections. You must modify your playbooks to use fully qualified collection names for them. You can use the documentation (https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/) for the fortinet.fortios collection to determine what the fully qualified collection names are.

    • fortios_address

    • fortios_config

    • fortios_firewall_DoS_policy

    • fortios_firewall_DoS_policy6

    • fortios_ipv4_policy

    • fortios_switch_controller_802_1X_settings

    • fortios_switch_controller_security_policy_802_1X

    • fortios_system_firmware_upgrade

    • fortios_system_nd_proxy

    • fortios_webfilter

community.grafana

  • grafana_datasource doesn’t set password correctly (#113)

Breaking Changes

  • cisco.nxos.nxos_igmp_interface - no longer supports the deprecated oif_prefix and oif_source options. These have been superseded by oif_ps.

  • community.grafana.grafana_dashboard - the parameter message is renamed to commit_message since message is used by Ansible Core engine internally.

  • purestorage.flashblade.purefb_fs - no longer supports the deprecated nfs option. This has been superseded by nfsv3.

amazon.aws

  • aws_s3 - can now delete versioned buckets even when they are not empty - set mode to delete to delete a versioned bucket and everything in it.

ansible.windows

  • setup - Make sure ansible_date_time.epoch is seconds since EPOCH in UTC to mirror the POSIX facts. The ansible_date_time.epoch_local contains seconds since EPOCH in the local timezone for backwards compatibility

  • setup - Will now add the IPv6 scope on link local addresses for ansible_ip_addresses

  • setup - ansible_processor will now return the index before the other values to match the POSIX fact behaviour

  • win_find - No longer filters by size on directories, this feature had a lot of bugs, slowed down the module, and not a supported scenario with the find module.

  • win_find - module has been refactored to better match the behaviour of the find module. Here is what has changed:
    • When the directory specified by paths does not exist or is a file, it will no longer fail and will just warn the user

    • Junction points are no longer reported as islnk, use isjunction to properly report these files. This behaviour matches the win_stat module

    • Directories no longer return a size, this matches the stat and find behaviour and has been removed due to the difficulties in correctly reporting the size of a directory

  • win_user - Change idempotency checks for description to be case sensitive

  • win_user - Change idempotency checks for fullname to be case sensitive

cisco.meraki

  • meraki_device - Changed tags from string to list

  • meraki_device - Removed serial_lldp_cdp parameter

  • meraki_device - Removed serial_uplink parameter

  • meraki_intrusion_prevention - Rename whitedlisted_rules to allowed_rules

  • meraki_mx_l3_firewall - Rule responses are now in a rules list

  • meraki_mx_l7_firewall - Rename blacklisted_countries to blocked_countries

  • meraki_mx_l7_firewall - Rename whitelisted_countries to allowed_countries

  • meraki_network - Local and remote status page settings cannot be set during network creation

  • meraki_network - disableRemoteStatusPage response is now remote_status_page_enabled

  • meraki_network - disable_my_meraki_com response is now local_status_page_enabled

  • meraki_network - disable_my_meraki has been deprecated

  • meraki_network - enable_my_meraki is now called local_status_page_enabled

  • meraki_network - enable_remote_status_page is now called remote_status_page_enabled

  • meraki_network - enabled response for VLAN status is now vlans_enabled

  • meraki_network - tags and type now return a list

  • meraki_snmp - peer_ips is now a list

  • meraki_switchport - access_policy_number is now an int and not a string

  • meraki_switchport - tags is now a list and not a string

  • meraki_webhook - Querying test status now uses state of query.

community.general

  • The environment variable for the auth context for the oc.py connection plugin has been corrected (K8S_CONTEXT). It was using an initial lowercase k by mistake. (https://github.com/ansible-collections/community.general/pull/377).

  • bigpanda - the parameter message was renamed to deployment_message since message is used by Ansible Core engine internally.

  • cisco_spark - the module option message was renamed to msg, as message is used internally in Ansible Core engine (https://github.com/ansible/ansible/issues/39295)

  • datadog - the parameter message was renamed to notification_message since message is used by Ansible Core engine internally.

  • docker_container - no longer passes information on non-anonymous volumes or binds as Volumes to the Docker daemon. This increases compatibility with the docker CLI program. Note that if you specify volumes: strict in comparisons, this could cause existing containers created with docker_container from Ansible 2.9 or earlier to restart.

  • docker_container - support for port ranges was adjusted to be more compatible to the docker command line utility: a one-port container range combined with a multiple-port host range will no longer result in only the first host port be used, but the whole range being passed to Docker so that a free port in that range will be used.

  • hashi_vault lookup - now returns the latest version when using the KV v2 secrets engine. Previously, it returned all versions of the secret which required additional steps to extract and filter the desired version.

  • log_plays callback - add missing information to the logs generated by the callback plugin. This changes the log message format (https://github.com/ansible-collections/community.general/pull/442).

  • pkgng - passing name: * with state: absent will no longer remove every installed package from the system. It is now a noop. (https://github.com/ansible-collections/community.general/pull/569).

  • pkgng - passing name: * with state: latest or state: present will no longer install every package from the configured package repositories. Instead, name: *, state: latest will upgrade all already-installed packages, and name: *, state: present is a noop. (https://github.com/ansible-collections/community.general/pull/569).

community.network

community.vmware

  • vmware_datastore_maintenancemode - now returns datastore_status instead of Ansible internal key results.

  • vmware_guest_custom_attributes - does not require VM name which was a required parameter for releases prior to Ansible 2.10.

  • vmware_guest_find - the datacenter option has been removed.

  • vmware_host_kernel_manager - now returns host_kernel_status instead of Ansible internal key results.

  • vmware_host_ntp - now returns host_ntp_status instead of Ansible internal key results.

  • vmware_host_service_manager - now returns host_service_status instead of Ansible internal key results.

  • vmware_tag - now returns tag_status instead of Ansible internal key results.

  • vmware_vmkernel - the options ip_address and subnet_mask have been removed; use the suboptions ip_address and subnet_mask of the network option instead.

community.windows

  • win_pester - no longer runs all *.ps1 file in the directory specified due to it executing potentially unknown scripts. It will follow the default behaviour of only running tests for files that are like *.tests.ps1 which is built into Pester itself.

community.zabbix

  • zabbix_javagateway - options javagateway_pidfile, javagateway_listenip, javagateway_listenport and javagateway_startpollers renamed to zabbix_javagateway_xyz (see UPGRADE.md).

netbox.netbox

  • Change ip-addresses key in netbox inventory plugin to ip_addresses (https://github.com/netbox-community/ansible_modules/issues/139)

  • Changed group to tenant_group in netbox_tenant.py (https://github.com/netbox-community/ansible_modules/issues/9)

  • Changed role to prefix_role in netbox_prefix.py (https://github.com/netbox-community/ansible_modules/issues/9)

  • Module failures when required fields aren’t provided (https://github.com/netbox-community/ansible_modules/issues/24)

  • Renamed netbox_interface to netbox_device_interface (https://github.com/netbox-community/ansible_modules/issues/9)

  • This version has a few breaking changes due to new namespace and collection name. I felt it necessary to change the name of the lookup plugin and inventory plugin just not to have a non descriptive namespace call to use them. Below is an example: netbox.netbox.netbox would be used for both inventory plugin and lookup plugin, but in different contexts so no collision will arise, but confusion will. I renamed the lookup plugin to nb_lookup so it will be used with the FQCN netbox.netbox.nb_lookup. The inventory plugin will now be called within an inventory file by netbox.netbox.nb_inventory

  • To pass in integers through Ansible Jinja filters for a key in data that requires querying an endpoint is now done by making it a dictionary with an id key. The previous behavior was to just pass in an integer and it was converted when normalizing the data, but some people may have names that are all integers and those were being converted erroneously so we made the decision to change the method to convert to an integer for the NetBox API.

    tasks:
      - name: Create device within NetBox with only required information
        netbox_device:
          netbox_url: http://netbox-demo.org:32768
          netbox_token: 0123456789abcdef0123456789abcdef01234567
          data:
            name: Test66
            device_type:
              id: "{{ some_jinja_variable }}"
            device_role: Core Switch
            site: Test Site
            status: Staged
          state: present
    
  • pynetbox changed to using requests.Session() to manage the HTTP session which broke passing in ssl_verify when building the NetBox API client. This PR makes pynetbox 5.0.4+ the new required version of pynetbox for the Ansible modules and lookup plugin. (https://github.com/netbox-community/ansible_modules/pull/269)

theforeman.foreman

  • All modules were renamed to drop the foreman_ and katello_ prefixes. Additionally to the prefix removal, the following modules were further ranamed:

    • katello_upload to content_upload

    • katello_sync to repository_sync

    • katello_manifest to subscription_manifest

    • foreman_search_facts to resource_info

    • foreman_ptable to partition_table

    • foreman_model to hardware_model

    • foreman_environment to puppet_environment

Major Changes

Ansible-base

  • Both ansible-doc and ansible-console’s help command will error for modules and plugins whose return documentation cannot be parsed as YAML. All modules and plugins passing ansible-test sanity --test yamllint will not be affected by this.

  • Collections may declare a list of supported/tested Ansible versions for the collection. A warning is issued if a collection does not support the Ansible version that loads it (can also be configured as silent or a fatal error). Collections that do not declare supported Ansible versions do not issue a warning/error.

  • Plugin routing allows collections to declare deprecation, redirection targets, and removals for all plugin types.

  • Plugins that import module_utils and other ansible namespaces that have moved to collections should continue to work unmodified.

  • Routing data built into Ansible 2.10 ensures that 2.9 content should work unmodified on 2.10. Formerly included modules and plugins that were moved to collections are still accessible by their original unqualified names, so long as their destination collections are installed.

  • When deprecations are done in code, they to specify a collection_name so that deprecation warnings can mention which collection - or ansible-base - is deprecating a feature. This affects all Display.deprecated() or AnsibleModule.deprecate() or Ansible.Basic.Deprecate() calls, and removed_in_version/removed_at_date or deprecated_aliases in module argument specs.

  • ansible-test now uses a different default test container for Ansible Collections

amazon.aws

  • ec2 module_utils - The AWSRetry decorator no longer catches NotFound exceptions by default. NotFound exceptions need to be explicitly added using catch_extra_error_codes. Some AWS modules may see an increase in transient failures due to AWS’’s eventual consistency model.

ansible.netcommon

ansible.posix

cisco.meraki

  • Rewrite requests method for version 1.0 API and improved readability

  • meraki_mr_rf_profile - Configure wireless RF profiles.

  • meraki_mr_settings - Configure network settings for wireless.

  • meraki_ms_l3_interface - New module

  • meraki_ms_ospf - Configure OSPF.

community.general

  • docker_container - the network_mode option will be set by default to the name of the first network in networks if at least one network is given and networks_cli_compatible is true (will be default from community.general 2.0.0 on). Set to an explicit value to avoid deprecation warnings if you specify networks and set networks_cli_compatible to true. The current default (not specifying it) is equivalent to the value default.

  • docker_container - the module has a new option, container_default_behavior, whose default value will change from compatibility to no_defaults. Set to an explicit value to avoid deprecation warnings.

  • gitlab_user - no longer requires name, email and password arguments when state=absent.

community.grafana

  • Add changelog management for ansible 2.10 (#112)

  • grafana_datasource ; adding additional_json_data param

community.kubernetes

community.libvirt

  • added generic libvirt inventory plugin

  • removed libvirt_lxc inventory script

dellemc.os10

  • New role os10_aaa - Facilitates the configuration of Authentication Authorization and Accounting (AAA), TACACS and RADIUS server.

  • New role os10_acl - Facilitates the configuration of Access Control lists.

  • New role os10_bfd - Facilitates the configuration of BFD global attributes.

  • New role os10_bgp - Facilitates the configuration of border gateway protocol (BGP) attributes.

  • New role os10_copy_config - This role pushes the backup running configuration into a OS10 device.

  • New role os10_dns - Facilitates the configuration of domain name service (DNS).

  • New role os10_ecmp - Facilitates the configuration of equal cost multi-path (ECMP) for IPv4.

  • New role os10_fabric_summary Facilitates to get show system information of all the OS10 switches in the fabric.

  • New role os10_flow_monitor Facilitates the configuration of ACL flow-based monitoring attributes.

  • New role os10_image_upgrade Facilitates installation of OS10 software images.

  • New role os10_interface Facilitates the configuration of interface attributes.

  • New role os10_lag Facilitates the configuration of link aggregation group (LAG) attributes.

  • New role os10_lldp Facilitates the configuration of link layer discovery protocol (LLDP) attributes at global and interface level.

  • New role os10_logging Facilitates the configuration of global logging attributes and logging servers.

  • New role os10_network_validation Facilitates validation of wiring connection, BGP neighbors, MTU between neighbors and VLT pair.

  • New role os10_ntp Facilitates the configuration of network time protocol (NTP) attributes.

  • New role os10_prefix_list Facilitates the configuration of IP prefix-list.

  • New role os10_qos Facilitates the configuration of quality of service attributes including policy-map and class-map.

  • New role os10_raguard Facilitates the configuration of IPv6 RA Guard attributes.

  • New role os10_route_map Facilitates the configuration of route-map attributes.

  • New role os10_snmp Facilitates the configuration of global SNMP attributes.

  • New role os10_system Facilitates the configuration of hostname and hashing algorithm.

  • New role os10_template The role takes the raw string input from the CLI of OS10 device, and returns a structured text in the form of a Python dictionary.

  • New role os10_uplink Facilitates the configuration of uplink attributes like uplink-state group.

  • New role os10_users Facilitates the configuration of global system user attributes.

  • New role os10_vlan Facilitates the configuration of virtual LAN (VLAN) attributes.

  • New role os10_vlt Facilitates the configuration of virtual link trunking (VLT).

  • New role os10_vrf Facilitates the configuration of virtual routing and forwarding (VRF).

  • New role os10_vrrp Facilitates the configuration of virtual router redundancy protocol (VRRP) attributes.

  • New role os10_vxlan Facilitates the configuration of virtual extensible LAN (VXLAN) attributes.

  • New role os10_xstp Facilitates the configuration of xSTP attributes.

f5networks.f5_modules

  • Broke apart bigip_device_auth_radius to implement radius server configuration in bigip_device_auth_server module. Refer to module documentation for usage details

  • Remove redundant parameters in f5_provider to fix disparity between documentation and module parameters

gluster.gluster

ovirt.ovirt

purestorage.flasharray

  • purefa_console - manage Console Lock setting for the FlashArray

  • purefa_endpoint - manage VMware protocol-endpoints on the FlashArray

  • purefa_eula - sign, or resign, FlashArray EULA

  • purefa_inventory - get hardware inventory information from a FlashArray

  • purefa_network - manage the physical and virtual network settings on the FlashArray

  • purefa_pgsched - manage protection group snapshot and replication schedules on the FlashArray

  • purefa_pod - manage ActiveCluster pods in FlashArrays

  • purefa_pod_replica - manage ActiveDR pod replica links in FlashArrays

  • purefa_proxy - manage the phonehome HTTPS proxy setting for the FlashArray

  • purefa_smis - manage SMI-S settings on the FlashArray

  • purefa_subnet - manage network subnets on the FlashArray

  • purefa_timeout - manage the GUI idle timeout on the FlashArray

  • purefa_vlan - manage VLAN interfaces on the FlashArray

  • purefa_vnc - manage VNC for installed applications on the FlashArray

  • purefa_volume_tags - manage volume tags on the FlashArray

purestorage.flashblade

  • purefb_alert - manage alert email settings on a FlashBlade

  • purefb_bladename - manage FlashBlade name

  • purefb_bucket_replica - manage bucket replica links on a FlashBlade

  • purefb_connect - manage connections between FlashBlades

  • purefb_dns - manage DNS settings on a FlashBlade

  • purefb_fs_replica - manage filesystem replica links on a FlashBlade

  • purefb_inventory - get information about the hardware inventory of a FlashBlade

  • purefb_ntp - manage the NTP settings for a FlashBlade

  • purefb_phonehome - manage the phone home settings for a FlashBlade

  • purefb_policy - manage the filesystem snapshot policies for a FlashBlade

  • purefb_proxy - manage the phone home HTTP proxy settings for a FlashBlade

  • purefb_remote_cred - manage the Object Store Remote Credentials on a FlashBlade

  • purefb_snmp_agent - modify the FlashBlade SNMP Agent

  • purefb_snmp_mgr - manage SNMP Managers on a FlashBlade

  • purefb_target - manage remote S3-capable targets for a FlashBlade

  • purefb_user - manage local pureuser account password on a FlashBlade

Removed Features

Ansible-base

  • core - remove support for check_invalid_arguments in AnsibleModule, AzureModule and UTMModule.

ansible.netcommon

  • module_utils.network.common.utils.ComplexDict has been removed

ansible.windows

  • win_stat - removed the deprecated get_md55 option and md5 return value.

community.crypto

  • The letsencrypt module has been removed. Use acme_certificate instead.

community.general

community.network

community.vmware

  • vmware_guest_find - Removed deprecated datacenter option

  • vmware_portgroup - removed ‘inbound_policy’, and ‘rolling_order’ deprecated options.

  • vmware_vmkernel - Removed deprecated ip_address option; use sub-option ip_address in the network option instead

  • vmware_vmkernel - Removed deprecated subnet_mask option; use sub-option subnet_mask in the network option instead

community.windows

  • win_disk_image - removed the deprecated return value mount_path in favor of mount_paths.

  • win_psexec - removed the deprecated extra_opts option.

f5networks.f5_modules

  • Remove _bigip_iapplx_package alias

  • Remove _bigip_security_address_list alias

  • Remove _bigip_security_port_list alias

  • Remove _bigip_traffic_group alias

  • Remove bigip_appsvcs_extension module

  • Remove bigip_asm_policy module

Deprecated Features

  • The vyos.vyos.vyos_static_route module has been deprecated and will be removed in a later release; use vyos.vyos.vyos_static_routes instead.

Ansible-base

  • Using the DefaultCallback without the correspodning doc_fragment or copying the documentation.

  • hash_behaviour - Deprecate hash_behaviour for future removal.

  • script inventory plugin - The ‘cache’ option is deprecated and will be removed in 2.12. Its use has been removed from the plugin since it has never had any effect.

amazon.aws

  • All AWS Modules - aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01.

  • cloudformation - The template_format option had no effect since Ansible 2.3 and will be removed after 2022-06-01

  • cloudformation - the template_format option has been deprecated and will be removed in a later release. It has been ignored by the module since Ansible 2.3.

  • data_pipeline - The version option had no effect and will be removed in after 2022-06-01

  • ec2 - in a later release, the group and group_id options will become mutually exclusive. Currently group_id is ignored if you pass both.

  • ec2_ami - The no_device alias NoDevice has been deprecated and will be removed after 2022-06-01

  • ec2_ami - The virtual_name alias VirtualName has been deprecated and will be removed after 2022-06-01

  • ec2_eip - The wait_timeout option had no effect and will be removed after 2022-06-01

  • ec2_key - The wait_timeout option had no effect and will be removed after 2022-06-01

  • ec2_key - The wait option had no effect and will be removed after 2022-06-01

  • ec2_key - the wait_timeout option has been deprecated and will be removed in a later release. It has had no effect since Ansible 2.5.

  • ec2_key - the wait option has been deprecated and will be removed in a later release. It has had no effect since Ansible 2.5.

  • ec2_lc - The associate_public_ip_address option had no effect and will be removed after 2022-06-01

  • ec2_tag - deprecate the list option in favor of ec2_tag_info

  • ec2_tag - support for list as a state has been deprecated and will be removed in a later release. The ec2_tag_info can be used to fetch the tags on an EC2 resource.

ansible.windows

  • win_domain_computer - Deprecated the undocumented log_path option. This option will be removed in a major release after 2022-07-01.

  • win_domain_controller - the log_path option has been deprecated and will be removed in a later release. This was undocumented and only related to debugging information for module development.

  • win_package - the ensure alias for the state option has been deprecated and will be removed in a later release. Please use state instead of ensure.

  • win_package - the productid alias for the product_id option has been deprecated and will be removed in a later release. Please use product_id instead of productid.

  • win_package - the username and password options has been deprecated and will be removed in a later release. The same functionality can be done by using become: yes and become_flags: logon_type=new_credentials logon_flags=netcredentials_only on the task.

  • win_regedit - Deprecated using forward slashes as a path separator, use backslashes to avoid ambiguity between a forward slash in the key name or a forward slash as a path separator. This feature will be removed in a major release after 2021-07-01.

community.aws

  • cloudformation - The template_format option had no effect since Ansible 2.3 and will be removed after 2022-06-01

  • data_pipeline - The version option had no effect and will be removed after 2022-06-01

  • data_pipeline - the version option has been deprecated and will be removed in a later release. It has always been ignored by the module.

  • ec2_eip - The wait_timeout option had no effect and will be removed after 2022-06-01

  • ec2_eip - the wait_timeout option has been deprecated and will be removed in a later release. It has had no effect since Ansible 2.3.

  • ec2_key - The wait_timeout option had no effect and will be removed after 2022-06-01

  • ec2_key - The wait option had no effect and will be removed after 2022-06-01

  • ec2_lc - The associate_public_ip_address option had no effect and will be removed after 2022-06-01

  • ec2_lc - the associate_public_ip_address option has been deprecated and will be removed after a later release. It has always been ignored by the module.

  • elb_network_lb - The current default value of the state option has been deprecated and will change from absent to present after 2022-06-01

  • elb_network_lb - in a later release, the default behaviour for the state option will change from absent to present. To maintain the existing behavior explicitly set state to absent.

  • iam_managed_policy - The fail_on_delete option had no effect and will be removed after 2022-06-01

  • iam_managed_policy - the fail_on_delete option has been deprecated and will be removed after a later release. It has always been ignored by the module.

  • iam_policy - The policy_document will be removed after 2022-06-01. To maintain the existing behavior use the policy_json option and read the file with the lookup plugin.

  • iam_policy - The default value of skip_duplicates will change after 2022-06-01 from true to false.

  • iam_policy - in a later release, the default value for the skip_duplicates option will change from true to false. To maintain the existing behavior explicitly set it to true.

  • iam_policy - the policy_document option has been deprecated and will be removed after a later release. To maintain the existing behavior use the policy_json option and read the file with the lookup plugin.

  • iam_role - The default value of the purge_policies has been deprecated and will change from true to false after 2022-06-01

  • iam_role - in a later release, the purge_policies option (also know as purge_policy) default value will change from true to false

  • s3_lifecycle - The requester_pays option had no effect and will be removed after 2022-06-01

  • s3_lifecycle - the requester_pays option has been deprecated and will be removed after a later release. It has always been ignored by the module.

  • s3_sync - The retries option had no effect and will be removed after 2022-06-01

  • s3_sync - the retries option has been deprecated and will be removed after 2022-06-01. It has always been ignored by the module.

community.crypto

  • openssl_csr - all values for the version option except 1 are deprecated. The value 1 denotes the current only standardized CSR version.

community.general

  • The ldap_attr module has been deprecated and will be removed in a later release; use ldap_attrs instead.

  • airbrake_deployment - Add deprecation notice for token parameter and v2 api deploys. This feature will be removed in community.general 3.0.0.

  • clc_aa_policy - The wait option had no effect and will be removed in community.general 3.0.0.

  • clc_aa_policy - the wait parameter will be removed. It has always been ignored by the module.

  • docker_container - the trust_image_content option is now deprecated and will be removed in community.general 3.0.0. It has never been used by the module.

  • docker_container - the trust_image_content option will be removed. It has always been ignored by the module.

  • docker_container - the default of container_default_behavior will change from compatibility to no_defaults in community.general 3.0.0. Set the option to an explicit value to avoid a deprecation warning.

  • docker_container - the default value for network_mode will change in community.general 3.0.0, provided at least one network is specified and networks_cli_compatible is true. See porting guide, module documentation or deprecation warning for more details.

  • docker_stack - Return values out and err have been deprecated and will be removed in community.general 3.0.0. Use stdout and stderr instead.

  • docker_stack - the return values err and out have been deprecated. Use stdout and stderr from now on instead.

  • helm - Put helm module to deprecated. New implementation is available in community.kubernetes collection.

  • redfish_config - Deprecate bios_attribute_name and bios_attribute_value in favor of new bios_attributes` option.

  • redfish_config - the bios_attribute_name and bios_attribute_value options will be removed. To maintain the existing behavior use the bios_attributes option instead.

  • redfish_config and redfish_command - the behavior to select the first System, Manager, or Chassis resource to modify when multiple are present will be removed. Use the new resource_id option to specify target resource to modify.

  • redfish_config, redfish_command - Behavior to modify the first System, Manager, or Chassis resource when multiple are present is deprecated. Use the new resource_id option to specify target resource to modify.

  • xbps - the force option never had any effect. It is now deprecated, and will be removed in 3.0.0 (https://github.com/ansible-collections/community.general/pull/568).

community.vmware

  • The vmware_dns_config module has been deprecated and will be removed in a later release; use vmware_host_dns instead.

  • vca - vca_fw, vca_nat, vca_app are deprecated since these modules rely on deprecated part of Pyvcloud library.

  • vmware_dns_config - Deprecate in favor of new module vmware_host_dns.

  • vmware_guest - deprecate specifying CDROM configuration as a dict, instead use a list.

  • vmware_tag_info - in a later release, the module will not return tag_facts since it does not return multiple tags with the same name and different category id. To maintain the existing behavior use tag_info which is a list of tag metadata.

community.zabbix

  • zabbix_proxy (module) - deprecates interface sub-options type and main when proxy type is set to passive through status=passive. Make sure these suboptions are removed from your playbook as they were never supported by Zabbix in the first place.

f5networks.f5_modules

  • Deprecated bigip_appsvcs_extension module

  • Deprecated bigip_device_facts module name

  • Deprecated bigiq_device_facts module name