RedHat famiy with minimal install

[bedenko]

If you install RedHat family OS (OL 8 in my instance), and choose "Minimal install", freeipa.ansible_freeipa.ipaclient will fail with error No module named 'ipapython'.

I manually had to install python3-pip and add env ansible_python_interpreter: /usr/bin/python3, for install to work.

[t-woerner]

RHEL-8 is using modules for idm. The ipaclient role is installing the idm:DL1/client module by default. This module also installs ipapython for use with platform-python that is also used by Ansible.

[bedenko]

On clean install of Oracle Linux 8.9 (minimal install) install fails, due to missing python3-pip.

[rjeffman]

Neither IPA nor ansible-freeipa should require pip as we rely on rpm packages for instalation of all the packages. Also, on EL8, we rely on modules for server and client deployment.

Can you provide the complete original error message (with -vvv)? Also, inventory and playbook task would be nice to have (remember to clean up any password/sensitive data).

[bedenko]

Ofcourse. Created new instance with parameters: anaconda-ks.cfg.txt Preformed dnf update && reboot. Executed: ansible-run.txt

Default packages, before ansible execution were: installed_packages.txt

[rjeffman]

Here is something I see from your log:

[WARNING]: Platform linux on host test is using the discovered Python interpreter at /usr/bin/python3.11, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.

Note that it is using Python 3.11, but platform python for EL8 should be Python 3.6, and IPA is only supported on EL8 with that Python version (Python 3.6).

With that, the error you are seing, `No module named 'ipapython', makes sense, as it should only be available for Python 3.6 and not Python 3.11.

You should review your distro Python installation.

[bedenko]

Ah, makes sense, since installing python3-pip also installs python36. Would it makes sense, if python36 would also be included in ipaclient_packages?

[rjeffman]

This would not fix the issue, it might only fix the installation, but python3 would still be Python 3.11, and other issues may arise due to the use of a different version.

My recommendation is to contact the vendor support about the Python version issue.

[rjeffman]

So... we start to see similar issues in CentOS Stream 8, and it seems that, for some reason I still haven't found, Ansible fails to detect /usr/libexec/platform-python as the Python interpreter, falling back to python3.11.

For a similar issue, the suggested workaround (may need free enrollment) is to manually set ansible_python_interpreter, as proposed for our CI tests is PR #1212. I still don't think we need to modify vars as it seems to be an Ansible issue.