* Remove PyCrypto from setup.py and packaging script
* Remove mention of pycrpto from installation docs
* Remove PyCrypto from vault
* Remove pycryto constraint and unit test requirement
* Remove PyCrypto tests from unit tests
* Add docs and fix warning message
* Remove section about cryptography library in Ansible Vault docs
@ -119,11 +119,11 @@ Installing Ansible with ``pip``
If you have Ansible 2.9 or older installed or Ansible 3, see :ref:`pip_upgrade`.
Once ``pip`` is installed, you can install Ansible[1]_::
Once ``pip`` is installed, you can install Ansible::
$ python -m pip install --user ansible
In order to use the ``paramiko`` connection plugin or modules that require ``paramiko``, install the required module [2]_::
In order to use the ``paramiko`` connection plugin or modules that require ``paramiko``, install the required module [1]_::
$ python -m pip install --user paramiko
@ -188,7 +188,7 @@ As explained by the message, to upgrade you must first remove the version of Ans
$ pip install ansible
Upgrading from Ansible 3 or ansible-core 2.10
Upgrading from Ansible 3 or ansible-core 2.10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``ansible-base`` only exists for version 2.10 and in Ansible 3. In 2.11 and later, the package is called ``ansible-core``. Before installing ``ansible-core`` or Ansible 4, you must uninstall ``ansible-base`` if you have installed Ansible 3 or ``ansible-base`` 2.10.
@ -663,5 +663,4 @@ See the `argcomplete documentation <https://kislyuk.github.io/argcomplete/>`_.
`irc.freenode.net <http://irc.freenode.net>`_
#ansible IRC chat channel
..[1] If you have issues with the "pycrypto" package install on macOS, then you may need to try ``CC=clang sudo -E pip install pycrypto``.
..[2]``paramiko`` was included in Ansible's ``requirements.txt`` prior to 2.8.
..[1]``paramiko`` was included in Ansible's ``requirements.txt`` prior to 2.8.
@ -573,18 +573,6 @@ When are encrypted files made visible?
In general, content you encrypt with Ansible Vault remains encrypted after execution. However, there is one exception. If you pass an encrypted file as the ``src`` argument to the :ref:`copy <copy_module>`, :ref:`template <template_module>`, :ref:`unarchive <unarchive_module>`, :ref:`script <script_module>` or :ref:`assemble <assemble_module>` module, the file will not be encrypted on the target host (assuming you supply the correct vault password when you run the play). This behavior is intended and useful. You can encrypt a configuration file or template to avoid sharing the details of your configuration, but when you copy that configuration to servers in your environment, you want it to be decrypted so local users and processes can access it.
.._speeding_up_vault:
Speeding up Ansible Vault
=========================
If you have many encrypted files, decrypting them at startup may cause a perceptible delay. To speed this up, install the cryptography package:
rstcheck >=3.3.1 # required for sphinx version >= 1.8
pygments >= 2.4.0 # Pygments 2.4.0 includes bugfixes for YAML and YAML+Jinja lexers
wheel < 0.30.0 ; python_version < '2.7' # wheel 0.30.0 and later require python 2.7 or later
pycrypto >= 2.6 # Need features found in 2.6 and greater
ncclient >= 0.5.2 # Need features added in 0.5.2 and greater
idna < 2.6, >= 2.5 # linode requires idna < 2.9, >= 2.5, requests requires idna < 2.6, but cryptography will cause the latest version to be installed instead
paramiko < 2.4.0 ; python_version < '2.7' # paramiko 2.4.0 drops support for python 2.6
Sam Doran
4 years ago
committed by