Managing Ubuntu 24.04 hosts with Foreman using Ansible: unable to use multiple modules b/c of HTTPSConnection.__init__() got an unexpected keyword argument 'cert_file'

Problem:
So we have a playbook that installs our AV, which includes doing some api calls, installing the GPG key and lastly install the AV. However it seems that using the uri and apt_key module’s no longer work and is throwing the following error:

An unknown error occurred: HTTPSConnection.__init__() got an unexpected keyword argument 'cert_file'

Our foreman host runs on RHEL 9 and is running ansible core: ansible-core-2.14.17-1.el9 from the official RedHat repo.

When looking into this, i noticed a newer ansible would fix this:

So ansible version 2.18 would fix that. But…

“However, starting with RHEL 9.3, we are not planning on releasing new versions of Ansible Core in RHEL 9. Instead, we are planning on supporting Ansible Core 2.14 for the remainder of the RHEL 9 lifecycle. Read on for more details.”
Source: Updates to using Ansible Core in Red Hat Enterprise Linux

Ubuntu 22.04 uses python 3.10 onwards, Ubuntu 24.04 uses Python 3.12 onwards. And the latter one introduces the change that causes this all.

The question:
I’m unsure how to properly tackle this issue now

  1. ansible-core package is needed for Foreman-Katello to use ansible so using the pip variant isn’t an option (or we would have a mixed setup of a pip ansible and the package version and have to redirect foreman to use the pip one). I assume this isn’t a supported/recommended setup.
  2. We could install an older version of python on all the newer ubuntu system’s and use that for ansible. But personally i feel like this is more of a last resort action to adjust all the customer environments so ansible works more fully again.

I’m also writing a support ticket to redhat about it, but this is something i noticed from a RHEL os, with foreman, using ansible 2.14 to an 24.04 Ubuntu host using Python 3.12. I don’t think foreman nor Ubuntu are relevant but i’m unsure if RedHat would take this case to maybe backport this bugfix to Ansible.

So my question to anyone reading this is, have you had to deal with this? And how did you resolve it? What would be the best approach to properly fix ansible with newer python versions?

Expected outcome:
Able to use modules like uri and apt_key again.

Foreman and Proxy versions:
3.13

Foreman and Proxy plugin versions:
3.13

Distribution and version:
RHEL 9

Other relevant data:

This was mentioned in Ansible-core upgrade? at some point in the past, and I am afraid backporting Ansible 2.16 (which contains the above fix) or newer would be the correct solution here, but that won’t be done but RH (they want to stick to 2.14) and I have no idea who else would do it right now.

ah i even replied in that discussion! But seeing the bug i seems they won’t solve it so i think only option is to use python 3.11 for ansible until rhel 10 is out. Bit of a bummer but thank you for replying so soon! <3

Maybe someone will come up with a repo that contains a newer Ansible for EL9, who knows…

Btw, I can highly recommend using the ansible.builtin.deb822_repository module when you configure APT repos. Much better than the whole apt_key wrangling etc. (But won’t solve your URL issue, I think)

2 Likes

Oh i see! I’ll keep that one in mind :slight_smile: !
I’ve created a case at RedHat because in the future this will become an issue when one tries to manage RHEL 10 hosts with the out of box default python3.12.

The support agent has opend a jira ticket about it here:
https://issues.redhat.com/plugins/servlet/mobile#issue/RHEL-74370

Let’s hope they changed their mind :slight_smile: !

1 Like

The new (not closed) jira ticket is this one:
https://issues.redhat.com/browse/SAT-30571
In here i hope an alternative will be provided where we can use an ansible version that’s higher then default on rhel 9, if it’s not an official supported methode, it would atleast bridge the gap between supporting RHEL 10 nodes from RHEL 9 nodes until the latter are also on RHEL 10.

For now i’ll choose this message as the solution, but for anyone reading and wondering what options you have on rhel 9 to a Python 3.12 enabled host with your uri/etc modules.

  1. Either rework your playbooks to do the actions that fail remote, locally and copy the file over.
  2. Change the python version to something below 3.12 on the destination host and change the interpeter to it for those jobs.
  3. Or, but this is definitly not adviced. Try to incoperate locally the fix they did here (i think only the changes in the lib/ansible/module_utils/urls.py are needed).