Since the cisco.asa collection is deprecated, we should remove it from the Ansible Community Package.
Although the official EOL is December 2026, I think we should remove it already from Ansible 12 because of this:
No guarantees of compatibility with ansible-core versions >2.17 will be provided
There’s also an issue on this in ansible-build-data.
Since the collection has been officially deprecated, I think we can remove it without a vote according to our current process.
So if nobody objects, especially from the @SteeringCommittee, I would open a PR to deprecate the collection in 11 and remove it from 12 in a couple of days.
Cross-posted from GitHub PR 509 to reach the forum audience.
I disagree with the decision to remove the cisco.asa collection. Cisco ASA software is supported on the very latest Cisco Firewall hardware and virtual platforms. New releases are being developed with new features for example the latest release train is 9.22.x which first shipped in September 2024. Ansible is one of the best ways to automate management of the Cisco ASA. See my detailed comments under Deprecation Announcement for the cisco.asa Ansible Collection
The Ansible Community Package contains the ansible-core engine and plugins, plus a curated list of collections from the community. To be part of the ACP, collections must abide by some rules and, as described in the original post, it looks like cisco.asa is breaching those requirments.
That does not mean the collection will not be available, you can always install it with:
ansible-galaxy collection install cisco.asa
But from Ansible 12 (that’s the ACP package) onwards, it will not b part of the package.
Personally (myself alone, not the opinion of the Steering Committee or any other person, group of people or entity), I think it is better to install ansible-core and then only the collections that are really needed. But different people work in different contexts and may see value in having the one big package with “everything”.
This decision here does not eliminate the cisco.asa collection, it is still available in Galaxy and it can be installed with the command above. And, if the collection becomes compliant with the rules, the maintainers are welcome to submit a request to re-add it to the ACP.
The decision to remove the collection from the Ansible Community Package has nothing to do with Cisco supporting ASA or not. We’ll remove the collection because we have been informed that the collection is deprecated.
I suggest to not spam multiple GitHub issues and forum threads with this, but discuss this in Deprecation Announcement for the cisco.asa Ansible Collection. At the end of the day, as long as the collection is deprecated I think we’ll keep to our decision to remove it from the Ansible community package (not galaxy!).
Indeed, It can still be installed from Ansible Galaxy, as @russoz pointed out.
The main issue that prompted removal is
No guarantees of compatibility with ansible-core versions >2.17 will be provided
Ansible 11 ships with Core 2.18 and 12 will ship with 2.19, and one of the most basic requirements is that collections in the package test against the version of ansible-core that we include in a given version of Ansible.
This is very helpful information regarding Ansible Core 2.18+. Is there a big change between 2.17 and 2.18 requiring much of the collection to be rewritten? My current deployment is RHEL/CentOS/compatible 9.x with Ansible Core 2.14 and Ansible Collections 7.7 (supports cisco.asa) packages from appstream/epel. Maybe I don’t need to worry about this until my deployment will be running ansible-core 2.18+.