[SOLVED] Ansible cryptography warning with SCL Python 2.7 in Centos 6

Ansible cryptography warning with SCL Python 2.7 in Centos 6

Given the following:

[root@vmutil01 ~]# cat /etc/issue
CentOS release 6.7 (Final)

[root@vmutil01 ~]# yum -y install centos-release-SCL

[ ... ]

[root@vmutil01 ~]# yum -y install python27

[ ... ]

[root@vmutil01 ~]# scl enable python27 bash
[root@vmutil01 ~]# python -V
Python 2.7.5

Why am I getting this result?

[root@vmutil01 ansible]# ansible centos7_hosts -m ping
/usr/lib64/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
vmcentos7dev | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Ansible version even has the warning so it's definitely a local thing not related to the remote hosts:

[root@vmutil01 ansible]# ansible --version
/usr/lib64/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
ansible 2.0.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

It would appear that Ansible is calling the base Python version of cryptography. Is this a bug in this version of Ansible or related to the way SCL works? What do I need to do to fix it?

Edit to add more troubleshooting

The problem is related to the way Ansible is invoking Python itself as the she-bang in /usr/bin/ansible is #!/usr/bin/python. If I change that to #!/usr/bin/env python I get a different, but still show-stopping, error:

[root@vmutil01 ansible]# ansible --version
Traceback (most recent call last):
  File "/usr/bin/ansible", line 39, in <module>
    from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
ImportError: No module named ansible.errors

So it seems the problem is with Ansible.

Still looking for a fix or workaround...

Solution

As you ascertained, yes, Ansible always uses /usr/bin/python, and that is unlikely to change soon.

The cryptography library is pushing you to upgrade your version of Python. Changing the system version of Python can be rather dangerous, especially on CentOS, since yum uses it.

Your best choice for getting rid of the warning is to upgrade to CentOS 7, as that will include Python 2.7. Alternatively, you can get used to having deprecation warnings, since part of using CentOS is using old software.