Running Ansible on bookworm

https://woju.eu/blog/2025/03/ansible-bookworm/

written by woju on 11.03.2025 12:00 CET bookworm is about 1,5 year old at this point, and has Python 3.11 and Ansible 7. The problem is, Python 3.12 removed quite much of the deprecated stuff and one of those was cert_file= argument to http.client.HTTPSConnection. This argument was used by Ansible, specifically in ansible.builtin.get_url module. So it works just fine if the target system also runs bookworm (Python 3.11), however if you run it against system that has Python 3.12 (e.g. noble aka Ubuntu 24.04 LTS), then it breaks:

…, “msg”: “An unknown error occurred: HTTPSConnection.init() got an unexpected keyword argument ‘cert_file’”, … The bug was fixed (#83213) and backported to ansible-core 2.15 (#81257), however bookworms Ansible 7 means ansible-core is 2.14.

The solution is to upgrade Ansible. One of the good ways it to get ansible packages from trixie (testing).

/etc/apt/sources.list.d/trixie.list:

deb https://deb.debian.org/debian trixie main /etc/apt/preferences.d/ansible.pref:

Package: * Pin: release n=trixie Pin-Priority: -10

Package: ansible* python3-netaddr Pin: release n=trixie Pin-Priority: 990 testing is not covered by Debian Security, however it’s still better that installing from pip.

Mastodon thread: https://social.hackerspace.pl/@woju/114143424041984794