Isolate the Ansible bootstrap

As we move forward with the python build/install simplification,
more of the config is being applied in the pip conf, rather than
being given as CLI options in each ansible task. This is good
for providing a consistent experience, but has side effects for
things like the Ansible bootstrap.

When bootstrapping Ansible, we want to make use of a specific
set of constraints which is not polluted by additional config
on the host. We do not want the constraints from the repo
server because they happen to include a constraint for Ansible
which clashes with our requirement. As such, we only want the
native OpenStack upper-constraints.

In this patch we use the --isolated CLI option to ignore the
host's pip configuration. We also introduce the ability to set
extra pip install options by using the PIP_OPTS environment
variable. This can be used to set the installation to use an
alternative pypi mirror, or for extra links, etc.

Change-Id: Ic966bafd04c4c01b3d93851a0e3ec2c1f3312f28
Closes-Bug: #1751316
This commit is contained in:
Jesse Pretorius 2018-02-23 17:34:41 +00:00
parent 5d61ed448c
commit 6b94b21e18
3 changed files with 36 additions and 20 deletions

View File

@ -27,6 +27,10 @@ export ANSIBLE_ROLE_FILE=${ANSIBLE_ROLE_FILE:-"ansible-role-requirements.yml"}
export SSH_DIR=${SSH_DIR:-"/root/.ssh"} export SSH_DIR=${SSH_DIR:-"/root/.ssh"}
export DEBIAN_FRONTEND=${DEBIAN_FRONTEND:-"noninteractive"} export DEBIAN_FRONTEND=${DEBIAN_FRONTEND:-"noninteractive"}
# Use pip opts to add options to the pip install command.
# This can be used to tell it which index to use, etc.
export PIP_OPTS=${PIP_OPTS:-""}
# Set the role fetch mode to any option [galaxy, git-clone] # Set the role fetch mode to any option [galaxy, git-clone]
export ANSIBLE_ROLE_FETCH_MODE=${ANSIBLE_ROLE_FETCH_MODE:-git-clone} export ANSIBLE_ROLE_FETCH_MODE=${ANSIBLE_ROLE_FETCH_MODE:-git-clone}
@ -96,12 +100,11 @@ case ${DISTRO_ID} in
esac esac
# Ensure we use the HTTPS/HTTP proxy with pip if it is specified # Ensure we use the HTTPS/HTTP proxy with pip if it is specified
PIP_OPTS=""
if [ -n "$HTTPS_PROXY" ]; then if [ -n "$HTTPS_PROXY" ]; then
PIP_OPTS="--proxy $HTTPS_PROXY" PIP_OPTS+="--proxy $HTTPS_PROXY"
elif [ -n "$HTTP_PROXY" ]; then elif [ -n "$HTTP_PROXY" ]; then
PIP_OPTS="--proxy $HTTP_PROXY" PIP_OPTS+="--proxy $HTTP_PROXY"
fi fi
# Figure out the version of python is being used # Figure out the version of python is being used
@ -133,12 +136,10 @@ if [[ "${VIRTUALENV_VERSION}" -lt "13" ]]; then
fi fi
pip install ${PIP_OPTS} \ pip install ${PIP_OPTS} \
--constraint ${UPPER_CONSTRAINTS_FILE} \
virtualenv \
|| pip install ${PIP_OPTS} \
--constraint ${UPPER_CONSTRAINTS_FILE} \ --constraint ${UPPER_CONSTRAINTS_FILE} \
--isolated \ --isolated \
virtualenv virtualenv
# Ensure that our shell knows about the new pip # Ensure that our shell knows about the new pip
hash -r virtualenv hash -r virtualenv
fi fi
@ -163,13 +164,14 @@ PIP_COMMAND="/opt/ansible-runtime/bin/pip"
PIP_OPTS+=" --constraint global-requirement-pins.txt" PIP_OPTS+=" --constraint global-requirement-pins.txt"
PIP_OPTS+=" --constraint ${UPPER_CONSTRAINTS_FILE}" PIP_OPTS+=" --constraint ${UPPER_CONSTRAINTS_FILE}"
# When upgrading there will already be a pip.conf file locking pip down to the # When executing the installation, we want to specify all our options on the CLI,
# repo server, in such cases it may be necessary to use --isolated because the # making sure to completely ignore any config already on the host. This is to
# repo server does not meet the specified requirements. # prevent the repo server's extra constraints being applied, which include
# a different version of Ansible to the one we want to install. As such, we
# use --isolated so that the config file is ignored.
# Install ansible and the other required packages # Install ansible and the other required packages
${PIP_COMMAND} install ${PIP_OPTS} -r requirements.txt ${ANSIBLE_PACKAGE} \ ${PIP_COMMAND} install --isolated ${PIP_OPTS} -r requirements.txt ${ANSIBLE_PACKAGE}
|| ${PIP_COMMAND} install --isolated ${PIP_OPTS} -r requirements.txt ${ANSIBLE_PACKAGE}
# Install our osa_toolkit code from the current checkout # Install our osa_toolkit code from the current checkout
$PIP_COMMAND install -e . $PIP_COMMAND install -e .

View File

@ -90,6 +90,12 @@ if [ -n "${DATA_DISK_DEVICE}" ]; then
export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}" export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}"
fi fi
# If in OpenStack-Infra, set some vars to use the mirror when bootstrapping Ansible
if [[ -e /etc/ci/mirror_info.sh ]]; then
source /etc/ci/mirror_info.sh
export PIP_OPTS="--index-url ${NODEPOOL_PYPI_MIRROR} --trusted-host ${NODEPOOL_MIRROR_HOST} --extra-index-url ${NODEPOOL_WHEEL_MIRROR}"
fi
# Bootstrap Ansible # Bootstrap Ansible
source "${OSA_CLONE_DIR}/scripts/bootstrap-ansible.sh" source "${OSA_CLONE_DIR}/scripts/bootstrap-ansible.sh"
@ -206,6 +212,13 @@ if [[ "${ACTION}" == "upgrade" ]]; then
# requirements to be installed. # requirements to be installed.
unset ANSIBLE_PACKAGE unset ANSIBLE_PACKAGE
unset UPPER_CONSTRAINTS_FILE unset UPPER_CONSTRAINTS_FILE
unset PIP_OPTS
# If in OpenStack-Infra, set some vars to use the mirror when bootstrapping Ansible
if [[ -e /etc/ci/mirror_info.sh ]]; then
source /etc/ci/mirror_info.sh
export PIP_OPTS="--index-url ${NODEPOOL_PYPI_MIRROR} --trusted-host ${NODEPOOL_MIRROR_HOST} --extra-index-url ${NODEPOOL_WHEEL_MIRROR}"
fi
# Source the current scripts-library.sh functions # Source the current scripts-library.sh functions
source "${OSA_CLONE_DIR}/scripts/scripts-library.sh" source "${OSA_CLONE_DIR}/scripts/scripts-library.sh"

View File

@ -321,6 +321,10 @@ function get_instance_info {
function get_pip { function get_pip {
# Use pip opts to add options to the pip install command.
# This can be used to tell it which index to use, etc.
PIP_OPTS=${PIP_OPTS:-""}
# The python executable to use when executing get-pip is passed # The python executable to use when executing get-pip is passed
# as a parameter to this function. # as a parameter to this function.
GETPIP_PYTHON_EXEC_PATH="${1:-$(which python)}" GETPIP_PYTHON_EXEC_PATH="${1:-$(which python)}"
@ -337,10 +341,7 @@ function get_pip {
|| ${GETPIP_CMD} https://raw.githubusercontent.com/pypa/get-pip/master/get-pip.py > ${GETPIP_FILE} || ${GETPIP_CMD} https://raw.githubusercontent.com/pypa/get-pip/master/get-pip.py > ${GETPIP_FILE}
fi fi
${GETPIP_PYTHON_EXEC_PATH} ${GETPIP_FILE} \ ${GETPIP_PYTHON_EXEC_PATH} ${GETPIP_FILE} ${PIP_OPTS} \
pip setuptools wheel \
--constraint global-requirement-pins.txt \
|| ${GETPIP_PYTHON_EXEC_PATH} ${GETPIP_FILE} \
pip setuptools wheel \ pip setuptools wheel \
--constraint global-requirement-pins.txt \ --constraint global-requirement-pins.txt \
--isolated --isolated