Change interpreter discovery defaults to silently prefer Python 3 (#75049)

Push /usr/bin/python to almost the bottom of the barrel. This makes the strategy to prefer
specific versions of the "mystery meat" version.

* Change INTERPRETER_PYTHON default to 'auto'
    Change description to match change in behavior.
    Change deprecation message to a warning.

* Update docs
* Add porting guide entry
* Update unit tests
* Update integration test
* Allow INTERPRETER_PYTHON_FALLBACK to be configure using a variable
* Prefer platform-python above other Python 2 interpreters
* Add Python 3.10 to the list of interpreters

2 files changed, 22 insertions, 23 deletions

diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml
index 8656b6a834..859043f12f 100644
--- a/lib/ansible/config/base.yml
+++ b/lib/ansible/config/base.yml
@@ -422,7 +422,7 @@ DEFAULT_ALLOW_UNSAFE_LOOKUPS:
     - "When enabled, this option allows lookup plugins (whether used in variables as ``{{lookup('foo')}}`` or as a loop as with_foo)
       to return data that is not marked 'unsafe'."
     - By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language,
-      as this could represent a security risk.  This option is provided to allow for backwards-compatibility,
+      as this could represent a security risk. This option is provided to allow for backward compatibility,
       however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run
       through the templating engine late
   env: []
@@ -1433,7 +1433,7 @@ HOST_PATTERN_MISMATCH:
   version_added: "2.8"
 INTERPRETER_PYTHON:
   name: Python interpreter path (or automatic discovery behavior) used for module execution
-  default: auto_legacy
+  default: auto
   env: [{name: ANSIBLE_PYTHON_INTERPRETER}]
   ini:
   - {key: interpreter_python, section: defaults}
@@ -1442,14 +1442,13 @@ INTERPRETER_PYTHON:
   version_added: "2.8"
   description:
   - Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode.
-    Supported discovery modes are ``auto``, ``auto_silent``, and ``auto_legacy`` (the default). All discovery modes
-    employ a lookup table to use the included system Python (on distributions known to include one), falling back to a
-    fixed ordered list of well-known Python interpreter locations if a platform-specific default is not available. The
-    fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters installed
-    later may change which one is used). This warning behavior can be disabled by setting ``auto_silent``. The default
-    value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility with older Ansible releases
-    that always defaulted to ``/usr/bin/python``, will use that interpreter if present (and issue a warning that the
-    default behavior will change to that of ``auto`` in a future Ansible release.
+    Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``.
+    All discovery modes employ a lookup table to use the included system Python (on distributions known to include one),
+    falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not
+    available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters
+    installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or
+    ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility
+    with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present.
 INTERPRETER_PYTHON_DISTRO_MAP:
   name: Mapping of known included platform pythons for various Linux distros
   default:
@@ -1474,18 +1473,21 @@ INTERPRETER_PYTHON_DISTRO_MAP:
 INTERPRETER_PYTHON_FALLBACK:
   name: Ordered list of Python interpreters to check for in discovery
   default:
-  - /usr/bin/python
+  - python3.10
   - python3.9
   - python3.8
   - python3.7
   - python3.6
   - python3.5
+  - /usr/bin/python3
+  - /usr/libexec/platform-python
   - python2.7
   - python2.6
-  - /usr/libexec/platform-python
-  - /usr/bin/python3
+  - /usr/bin/python
   - python
-  # FUTURE: add inventory override once we're sure it can't be abused by a rogue target
+  vars:
+    - name: ansible_interpreter_python_fallback
+  type: list
   version_added: "2.8"
 TRANSFORM_INVALID_GROUP_CHARS:
   name: Transform invalid characters in group names
diff --git a/lib/ansible/executor/interpreter_discovery.py b/lib/ansible/executor/interpreter_discovery.py
index 28158aedb3..ff14e608d3 100644
--- a/lib/ansible/executor/interpreter_discovery.py
+++ b/lib/ansible/executor/interpreter_discovery.py
@@ -116,16 +116,13 @@ def discover_interpreter(action, interpreter_name, discovery_mode, task_vars):
         # provide a transition period for hosts that were using /usr/bin/python previously (but shouldn't have been)
         if is_auto_legacy:
             if platform_interpreter != u'/usr/bin/python' and u'/usr/bin/python' in found_interpreters:
-                # FIXME: support comments in sivel's deprecation scanner so we can get reminded on this
                 if not is_silent:
-                    action._discovery_deprecation_warnings.append(dict(
-                        msg=u"Distribution {0} {1} on host {2} should use {3}, but is using "
-                            u"/usr/bin/python for backward compatibility with prior Ansible releases. "
-                            u"A future Ansible release will default to using the discovered platform "
-                            u"python for this host. See {4} for more information"
-                            .format(distro, version, host, platform_interpreter,
-                                    get_versioned_doclink('reference_appendices/interpreter_discovery.html')),
-                        version='2.12'))
+                    action._discovery_warnings.append(
+                        u"Distribution {0} {1} on host {2} should use {3}, but is using "
+                        u"/usr/bin/python for backward compatibility with prior Ansible releases. "
+                        u"See {4} for more information"
+                        .format(distro, version, host, platform_interpreter,
+                                get_versioned_doclink('reference_appendices/interpreter_discovery.html')))
                 return u'/usr/bin/python'
 
         if platform_interpreter not in found_interpreters: