Solved: Re: Ansible Installation Method

Trevor

Installing Ansible can be accomplished by using the dnf command, or
by using the Python package installer, pip. However, according to one
source, using pip is NOT the recommended approach by Red Hat.
Why does Red Hat not recommended this approach?

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_

@Trevor clearly you have got a scalpel sharp mind and a hunger to learn the depths !

Installing Python packages via pip (as the root user) can overwrite critical system Python libraries that are managed by Red Hat’s package ecosystem. This can result in instability or conflicts with supported packages, as pip is unaware of the RPM ecosystem’s safeguards.

As Red Hat documentation cautions, using a virtual environment as a regular user or leveraging pip install --user is strongly recommended to avoid these issues.

The core problem is that pip operates independently of the system package manager (dnf/yum). It cannot enforce or honor dependency constraints enforced by RPMs. Consequently, installing software via pip may introduce changes that leave your prod system in an inconsistent or non-functioning state.

Moreover, Red Hat does not support software installed through pip at the system level. Such installations fall outside the scope of official support, meaning that if something breaks, Red Hat may ask you to revert or reproduce the issue using supported packages.

In short, this is why Red Hat does not recommend using pip to install Ansible for production environments. pip may fail to correctly install and configure all necessary dependencies in a way that is consistent with Red Hat’s lifecycle and support standards. In contrast, installing Ansible via dnf is safer bcz it ensures proper dependency resolution, integration into the RPM ecosystem, and alignment with Red Hat’s support and maintenance workflows.

View solution in original post

shashi01

@Trevor

According to the official Red Hat documentation for RHEL 9, using pip with sudo to install system-level software is an unsupported practice that can cause serious system instability. Red Hat warns that this method can override core system libraries and create conflicts with packages managed by dnf. Because of this risk, they will not provide support for a system configured this way. The correct, supported method is to use dnf for system-wide installations or to use pip only within a virtual environment.

Trevor

Thanks shashi01 for your response!

It doesn't get any more "official" than the official Red Hat documentation!!!!

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_

@Trevor clearly you have got a scalpel sharp mind and a hunger to learn the depths !

Installing Python packages via pip (as the root user) can overwrite critical system Python libraries that are managed by Red Hat’s package ecosystem. This can result in instability or conflicts with supported packages, as pip is unaware of the RPM ecosystem’s safeguards.

As Red Hat documentation cautions, using a virtual environment as a regular user or leveraging pip install --user is strongly recommended to avoid these issues.

The core problem is that pip operates independently of the system package manager (dnf/yum). It cannot enforce or honor dependency constraints enforced by RPMs. Consequently, installing software via pip may introduce changes that leave your prod system in an inconsistent or non-functioning state.

Moreover, Red Hat does not support software installed through pip at the system level. Such installations fall outside the scope of official support, meaning that if something breaks, Red Hat may ask you to revert or reproduce the issue using supported packages.

In short, this is why Red Hat does not recommend using pip to install Ansible for production environments. pip may fail to correctly install and configure all necessary dependencies in a way that is consistent with Red Hat’s lifecycle and support standards. In contrast, installing Ansible via dnf is safer bcz it ensures proper dependency resolution, integration into the RPM ecosystem, and alignment with Red Hat’s support and maintenance workflows.

Travis

@Trevor and @Chetan_Tiwary_ -

There is a more "fundamental" reason we don't use pip. Red Hat publishes software via RPMs and official channels and official repositories. This is what you get when you have Red Hat Entitlements. So you are consuming from our software release pipelines on tested and supported products. So RPMs are signed and available with the correct subscription, you can download supported container images from registry.redhat.io and these are all what Red Hat engineering publishes and has certified for running in production to be supported by Red Hat Support Engineers.

When installing from pip you are using various upstream PyPi servers to install applications, packages, and programs. These are not coming from the same version of published and supported supply chain even if a Red Hat engineer worked on the development of ansible or ansible-navigator that you installed with pip. It is NOT the same version and often newer. This is no different than subscribing your system to EPEL and consuming packages from there instead of Red Hat's official repositories.

As you are aware Red Hat has active development in the Fedora project as well as CentOS Stream and these are upstream projects where active development is being done which eventually get fine tuned and packages locked to a version to be pulled into the supported RHEL ecosystem. So just like Red Hat doesn't directly support Fedora and CentOS Stream as an OS for production or installing packages from Fedora and CentOS Stream and EPEL on a production RHEL system, they don't support packages installed from upstream using pip. Everything that @Chetan_Tiwary_ stated is 100% accurate, but I wanted to drive home that it isn't the installation method pip that is the only reason it isn't supported (for reasons mentioned above), it is important to know that when installing via pip you are potentially getting much newer versions of the software or possibly even the same versions but operate differently because it isn't managed directly by the Red Hat engineering release process.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

Chetan_Tiwary_

@Travis Thanks for zooming out and widening the discussion!

Trevor

I was wondering where you were Travis. I know when it comes to
anything Ansible, that's an indirect call to you!!!!

Thank you for adding to what Chetan provided earlier. Your reply put
the exclamation mark behind all that has been said!!!

Trevor "Red Hat Evangelist" Chandler

Trevor

Your grade for this response: A+

Even if your name was not associated with this response, I would have
known it was coming from you!!!! As usual, this is as direct a response
as one could possibly serve up.

When I'm asked why Red Hat does not recommend using pip to install
Ansible, I'm going to lead of with "Red Hat does not support software
installed through pip at the system level". This will establish credibility
with everything else that follows.

Chetan, you're absolutely right with your comment about my hunger to
learn the depths. However, I'm wondering, if my mind is scapled sharp,
what description is there to describe the acuity of your cerebrum!!!!

Thank you for another grandslam explanation!!!

Trevor "Red Hat Evangelist" Chandler

Ansible Installation Method

Ansible

automation