From b95eafb0eeaaa8700b1293aec9a68b252602af00 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Tue, 12 Sep 2017 07:18:27 -0600 Subject: [PATCH] Skip host pip installs for ansible bootstrap The requirements.txt contents do not need to be installed on to the host. The majority of the requirements are for ansible, or for release and management tooling which needs to use the Ansible runtime venv. Rather than forcing the installation of pip on the host, we only install virtualenv via distro packages (where possible). With virtualenv in place we can create the runtime venv and install pip, etc and all requirements into there. Doing this keeps the system python libraries as clean as possible, preventing clashes with other packages (eg: ceph) which try to install other python libraries which conflict on CentOS. Change-Id: I0db786645c11649764680697518c97ddf9610cfa --- deploy-guide/source/configure.rst | 4 +-- osa_toolkit/manage.py | 2 +- scripts/bootstrap-ansible.sh | 54 ++++++++++++++++++++----------- scripts/pw-token-gen.py | 2 +- 4 files changed, 39 insertions(+), 23 deletions(-) diff --git a/deploy-guide/source/configure.rst b/deploy-guide/source/configure.rst index d6f92be02d..d0d2cb6e1c 100644 --- a/deploy-guide/source/configure.rst +++ b/deploy-guide/source/configure.rst @@ -183,8 +183,8 @@ values for the variables in each file that contains service credentials: .. code-block:: shell-session - # cd /opt/openstack-ansible/scripts - # python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + # cd /opt/openstack-ansible + # ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml To regenerate existing passwords, add the ``--regen`` flag. diff --git a/osa_toolkit/manage.py b/osa_toolkit/manage.py index 9e4d02a5fd..243d973a08 100644 --- a/osa_toolkit/manage.py +++ b/osa_toolkit/manage.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/opt/ansible-runtime/bin/python # # Copyright 2014, Rackspace US, Inc. # diff --git a/scripts/bootstrap-ansible.sh b/scripts/bootstrap-ansible.sh index d9580589d4..e152c20eb1 100755 --- a/scripts/bootstrap-ansible.sh +++ b/scripts/bootstrap-ansible.sh @@ -67,6 +67,10 @@ case ${DISTRO_ID} in python2 python2-devel \ openssl-devel libffi-devel \ libselinux-python + # CentOS base does not include a recent + # enough version of virtualenv or pip, + # so we do not bother trying to install + # them. ;; ubuntu) apt-get update @@ -75,12 +79,14 @@ case ${DISTRO_ID} in python-minimal python-dev \ python3 python3-dev \ libssl-dev libffi-dev \ - python-apt python3-apt + python-apt python3-apt \ + python-virtualenv ;; opensuse) zypper -n install -l git-core curl autoconf gcc gcc-c++ \ netcat-openbsd python python-xml python-devel gcc \ - libffi-devel libopenssl-devel python-pip + libffi-devel libopenssl-devel \ + python-virtualenv # Leap ships with python3.4 which is not supported by ansible and as # such we are using python2 # See https://github.com/ansible/ansible/issues/24180 @@ -108,24 +114,34 @@ UPPER_CONSTRAINTS_PROTO=$([ "$PYTHON_VERSION" == $(echo -e "$PYTHON_VERSION\n2.7 # Set the location of the constraints to use for all pip installations export UPPER_CONSTRAINTS_FILE=${UPPER_CONSTRAINTS_FILE:-"$UPPER_CONSTRAINTS_PROTO://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?id=$(awk '/requirements_git_install_branch:/ {print $2}' playbooks/defaults/repo_packages/openstack_services.yml)"} -# Install pip on the host if it is not already installed, -# but also make sure that it is at least version 9.x or above. -PIP_VERSION=$(pip --version 2>/dev/null | awk '{print $2}' | cut -d. -f1) -if [[ "${PIP_VERSION}" -lt "9" ]]; then - get_pip ${PYTHON_EXEC_PATH} - # Ensure that our shell knows about the new pip - hash -r pip -fi +# Install virtualenv if it is not already installed, +# but also make sure it is at least version 13.x or above +# so that it supports using the no-pip, no-setuptools +# and no-wheels options (the last one was added in v13.0.0). +VIRTUALENV_VERSION=$(virtualenv --version 2>/dev/null | cut -d. -f1) +if [[ "${VIRTUALENV_VERSION}" -lt "13" ]]; then -# Install the requirements for the various python scripts -# on to the host, including virtualenv. -pip install ${PIP_OPTS} \ - --requirement requirements.txt \ - --constraint ${UPPER_CONSTRAINTS_FILE} \ - || pip install ${PIP_OPTS} \ - --requirement requirements.txt \ - --constraint ${UPPER_CONSTRAINTS_FILE} \ - --isolated + # Install pip on the host if it is not already installed, + # but also make sure that it is at least version 7.x or above + # so that it supports the use of the constraint option which + # was added in pip 7.1. + PIP_VERSION=$(pip --version 2>/dev/null | awk '{print $2}' | cut -d. -f1) + if [[ "${PIP_VERSION}" -lt "7" ]]; then + get_pip ${PYTHON_EXEC_PATH} + # Ensure that our shell knows about the new pip + hash -r pip + fi + + pip install ${PIP_OPTS} \ + --constraint ${UPPER_CONSTRAINTS_FILE} \ + virtualenv \ + || pip install ${PIP_OPTS} \ + --constraint ${UPPER_CONSTRAINTS_FILE} \ + --isolated \ + virtualenv + # Ensure that our shell knows about the new pip + hash -r virtualenv +fi # Create a Virtualenv for the Ansible runtime if [ -f "/opt/ansible-runtime/bin/python" ]; then diff --git a/scripts/pw-token-gen.py b/scripts/pw-token-gen.py index b1bd1f0963..0e6b3595bb 100755 --- a/scripts/pw-token-gen.py +++ b/scripts/pw-token-gen.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/opt/ansible-runtime/bin/python # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License");