Hi,
On a few of my FreeBSD boxes I want to start managing via Ansible, I have run into a python deprecation error / warning I am not sure how to deal with. I am using what is in the git repo, not the older version from the ports.
% ansible -m setup site0340
ps0340snmp.station.pioneer.ca | FAILED >> {
“failed”: true,
“msg”: “/tmp/.ansible/tmp/ansible-tmp-1417115114.01-177476480407452/setup:234: DeprecationWarning: the sha module is deprecated; use the hashlib module instead\r\n from sha import sha as _sha1\r\nTraceback (most recent call last):\r\n File "/tmp/.ansible/tmp/ansible-tmp-1417115114.01-177476480407452/setup", line 234, in \r\n from sha import sha as _sha1\r\n File "/usr/local/lib/python2.6/sha.py", line 10, in \r\n from hashlib import sha1 as sha\r\n File "/usr/local/lib/python2.6/hashlib.py", line 136, in \r\n md5 = __get_builtin_constructor(‘md5’)\r\n File "/usr/local/lib/python2.6/hashlib.py", line 63, in __get_builtin_constructor\r\n import _md5\r\nImportError: No module named _md5\r\n”,
“parsed”: false
}
This is more than just a deprecation warning unfortunately. It seems that your system doesn’t have the usual stdlib sha1 related modules. Does freebsd not include those in its standard python packages?
I’ll be back at my computer tonight and can look at the freebsd vm I have there but I don’t remember this occurring there for me. Is this a non standard python build? Or are those modules available but in some sort of separately installable package?
I just checked my freebsd install and AFAICS, the python package has
hashlib built into it. However I don't know how standard my install
is. I recall that I first installed freebsd from the bootonly iso.
After install I used "pkg install python" and that got me the python
package that I have. Is there some other method of getting python on
freebsd that I should be looking at instead?
On the BSDs It is common enough that python is built from ports and
not using the binary package, in which case it might be missing
hashlib or parts of it depending on the selections made by the
builder.
Unfortunately, no. Md5 was being used previously in many places to checksum files. However, on boxes that have to comply with the us government fips140-2 standard, md5 is not present. So we switched to using sha1 instead. Md5 is no longer needed for operation of the modules but it’s still provided when available for backwards compat. (thus the second set of exception handling that makes importing md5 optional.)
I believe Brian has the right idea. Your build of python likely does
not have the hash modules compiled into it. Having a hash available
in order to checksum files is needed by many basic ansible functions
so we can't get rid of it altogether but there are some options:
* Install python from freebsd's prebuilt collection using pkg install
python -- On my freebsd10 box, this version does have hashing built
in.
* Rebuild python on these boxes with hashing.enabled
* If these are truly special purpose, embedded boxes, you could use
the ansible modules "raw" and "script". These alllow you to execute
commands on the remote machine and pass shell scripts you've written
yourself to the remote machine and then execute them. These modules
sometimes work for people managing, for instance, routers, network
appliances, routers, and other special purpose devices without python
installed at all. This option doesn't allow you to use the full power
of ansible but may work if you can't get a version of python that has
hashing onto those boxes.
If using the last option with playbooks, note that you'll have to turn
off fact gathering for boxes which do not have a hashing function.
For instance: