[SOLVED] Failed to import the required Python library (python-ldap) using Ansible inside a Podman Container Using Alpine

Failed to import the required Python library (python-ldap) using Ansible inside a Podman Container Using Alpine

I ran a playbook from the container, but it failed with the following error message:

"Failed to import the required Python library (python-ldap) on rocky9.localdomain's Python /usr/bin/python3.9. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"

Containerfile:

FROM alpine:3.20

RUN apk add --update --no-cache \
    ansible=9.5.1-r0 \
    git \
    openssh-client \
    sshpass \
    python3 \
    py3-podman \
    py3-pip \
    openldap-clients \
    build-base \
    python3-dev \
    openldap-dev \
    py3-ldap && \
    rm -rf /var/cache/apk/* \

RUN ansible-galaxy collection install community.general

RUN mkdir -p /etc/ansible && \
    echo "localhost" > /etc/ansible/hosts

WORKDIR /srv/ansible

CMD [ "ansible-playbook", "--version" ]

ansible.cfg:

interpreter_python = auto

stdout (first few lines):

ansible-playbook [core 2.17.0]
  config file = /srv/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.12/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.12.7 (main, Oct  7 2024, 11:30:19) [GCC 13.2.1 20240309] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True

Container:

/srv/ansible # ls -la /usr/bin/python*
lrwxrwxrwx    1 root     root             7 Oct 18 09:20 /usr/bin/python -> python3
lrwxrwxrwx    1 root     root            14 Oct 18 09:21 /usr/bin/python-config -> python3-config
lrwxrwxrwx    1 root     root            10 Oct 18 09:20 /usr/bin/python3 -> python3.12
lrwxrwxrwx    1 root     root            17 Oct 18 09:21 /usr/bin/python3-config -> python3.12-config
-rwxr-xr-x    1 root     root         14080 Oct  7 11:30 /usr/bin/python3.12
-rwxr-xr-x    1 root     root          3014 Oct  7 11:30 /usr/bin/python3.12-config

Test VM:

[vagrant@rocky9 ~]$ ls /usr/bin/python*
/usr/bin/python  /usr/bin/python3  /usr/bin/python3.9

Then I have a task in a role:

- name: Modify LDAP attributes
  community.general.ldap_attrs:
    dn: "xxx"
    attributes:
      servicePrincipalName:
         - "host/xxx"
         - "RestrictedKrbHost/xxx"
    state: present
    server_uri: "ldap://xx"
    bind_dn: "cn=xxx,OU=aaa,DC=bbb,DC=ccc"
    bind_pw: "xxx"

But the task fails with following error massage:

    "msg": "Failed to import the required Python library (python-ldap) on rocky9.localdomain's Python /usr/bin/python3.9. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"

ansible.builtin modules before that task work fine, of course.

So I assume I am doing something wrong when building the container and trying to import my first collection. Maybe some magic with delegate_to localhost?

Solution

I fixed it by adding

delegate_to: localhost
connection: local

- name: Modify LDAP attributes
  community.general.ldap_attrs:
    dn: "xxx"
    attributes:
      servicePrincipalName:
         - "host/xxx"
         - "RestrictedKrbHost/xxx"
    state: present
    server_uri: "ldap://xx"
    bind_dn: "cn=xxx,OU=aaa,DC=bbb,DC=ccc"
    bind_pw: "xxx"
  delegate_to: localhost # <<<<<<<<<<<<<<<<
  connection: local      # <<<<<<<<<<<<<<<<