ansible-freeipa icon indicating copy to clipboard operation
ansible-freeipa copied to clipboard

Published 20 hours ago verified publisher icon freeipa

RedHat famiy with minimal install

Open bedenko opened this issue 1 year ago • 8 comments

If you install RedHat family OS (OL 8 in my instance), and choose "Minimal install", freeipa.ansible_freeipa.ipaclient will fail with error No module named 'ipapython'.

I manually had to install python3-pip and add env ansible_python_interpreter: /usr/bin/python3, for install to work.

bedenko avatar Dec 15 '23 16:12 bedenko

RHEL-8 is using modules for idm. The ipaclient role is installing the idm:DL1/client module by default. This module also installs ipapython for use with platform-python that is also used by Ansible.

t-woerner avatar Dec 15 '23 17:12 t-woerner

On clean install of Oracle Linux 8.9 (minimal install) install fails, due to missing python3-pip.

bedenko avatar Dec 16 '23 07:12 bedenko

Neither IPA nor ansible-freeipa should require pip as we rely on rpm packages for instalation of all the packages. Also, on EL8, we rely on modules for server and client deployment.

Can you provide the complete original error message (with -vvv)? Also, inventory and playbook task would be nice to have (remember to clean up any password/sensitive data).

rjeffman avatar Dec 18 '23 13:12 rjeffman

Ofcourse. Created new instance with parameters: anaconda-ks.cfg.txt Preformed dnf update && reboot. Executed: ansible-run.txt

Default packages, before ansible execution were: installed_packages.txt

bedenko avatar Dec 18 '23 14:12 bedenko

Here is something I see from your log:

[WARNING]: Platform linux on host test is using the discovered Python interpreter at /usr/bin/python3.11, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.

Note that it is using Python 3.11, but platform python for EL8 should be Python 3.6, and IPA is only supported on EL8 with that Python version (Python 3.6).

With that, the error you are seing, `No module named 'ipapython', makes sense, as it should only be available for Python 3.6 and not Python 3.11.

You should review your distro Python installation.

rjeffman avatar Dec 18 '23 15:12 rjeffman

Ah, makes sense, since installing python3-pip also installs python36. Would it makes sense, if python36 would also be included in ipaclient_packages?

bedenko avatar Dec 18 '23 16:12 bedenko

This would not fix the issue, it might only fix the installation, but python3 would still be Python 3.11, and other issues may arise due to the use of a different version.

My recommendation is to contact the vendor support about the Python version issue.

rjeffman avatar Dec 18 '23 18:12 rjeffman

So... we start to see similar issues in CentOS Stream 8, and it seems that, for some reason I still haven't found, Ansible fails to detect /usr/libexec/platform-python as the Python interpreter, falling back to python3.11.

For a similar issue, the suggested workaround (may need free enrollment) is to manually set ansible_python_interpreter, as proposed for our CI tests is PR #1212. I still don't think we need to modify vars as it seems to be an Ansible issue.

rjeffman avatar Feb 10 '24 03:02 rjeffman