From 6c59da3daf416fa4211858ef3a5154d0894fa85f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Wed, 7 Sep 2022 15:47:13 +0000 Subject: [PATCH] Use venv instead of virtualenv virtualenv is not a part of the core python installation, but venv is. Let's use it to be slimmer and avoid issues with virtualenv installation. At the same time, remove some existing hacks around selinux, systemd, PyYAML and libvirt. Change-Id: Icd60aca084323cede944ee261d2cf5941b320e4b --- ansible/group_vars/hypervisors | 2 +- ansible/host_setup.yml | 30 ++++++++-- ansible/node_bmc.yml | 7 +-- .../roles/virtualbmc-daemon/tasks/main.yml | 58 ++++++++++++++----- .../roles/virtualbmc-daemon/vars/Debian.yml | 3 - .../roles/virtualbmc-daemon/vars/RedHat.yml | 5 +- playbooks/tenks-deploy-teardown/pre.yml | 22 +++++-- roles/tenks-ci-prep/tasks/main.yml | 47 --------------- 8 files changed, 91 insertions(+), 83 deletions(-) delete mode 100644 roles/tenks-ci-prep/tasks/main.yml diff --git a/ansible/group_vars/hypervisors b/ansible/group_vars/hypervisors index b5bbd4f..fdfc2bf 100644 --- a/ansible/group_vars/hypervisors +++ b/ansible/group_vars/hypervisors @@ -4,7 +4,7 @@ physnet_mappings: {} system_requirements: - - "python3-virtualenv" + - python3-libvirt # Tenks bridge type. Options are "openvswitch", "linuxbridge". Default is # "openvswitch". Note that this relates to bridges created by Tenks, not the diff --git a/ansible/host_setup.yml b/ansible/host_setup.yml index 3969b9f..ed4d253 100644 --- a/ansible/host_setup.yml +++ b/ansible/host_setup.yml @@ -1,4 +1,28 @@ --- +- name: Create Tenks venv + hosts: all + tags: + - host-setup + tasks: + - name: Ensure Tenks venv is properly set up + block: + + - name: Init Tenks venv and upgrade pip + pip: + name: pip + state: latest # noqa package-latest + virtualenv: "{{ virtualenv_path }}" + virtualenv_command: "{{ ansible_facts.python.executable }} -m venv" + virtualenv_site_packages: true + + - name: Upgrade setuptools + pip: + name: setuptools + state: latest # noqa package-latest + virtualenv: "{{ virtualenv_path }}" + + when: virtualenv_path + - name: Load current Tenks state hosts: localhost tags: @@ -54,12 +78,8 @@ include_role: name: virtualbmc-daemon vars: - # NOTE(mgoddard): On CentOS 8 if SELinux is enabled, install - # virtualbmc to the system rather than a virtualenv. SELinux - # prevents systemd from accessing files in users' home directories. selinux_enabled: "{{ ansible_facts.selinux.status | default('disabled') == 'enabled' }}" - is_redhat: "{{ ansible_facts.os_family == 'RedHat' }}" - vbmcd_virtualenv_path: "{{ '' if is_redhat and selinux_enabled else virtualenv_path }}" + vbmcd_virtualenv_path: "{{ virtualenv_path }}" vbmcd_python_upper_constraints_url: >- {{ python_upper_constraints_url }} diff --git a/ansible/node_bmc.yml b/ansible/node_bmc.yml index f1082a7..95133cb 100644 --- a/ansible/node_bmc.yml +++ b/ansible/node_bmc.yml @@ -46,12 +46,7 @@ vbmc_ipmi_username: "{{ ipmi_username }}" vbmc_ipmi_password: "{{ ipmi_password }}" vbmc_ipmi_port: "{{ domain.ipmi_port }}" - # NOTE(mgoddard): On CentOS 8 if SELinux is enabled, install virtualbmc - # to the system rather than a virtualenv. SELinux prevents systemd from - # accessing files in users' home directories. - selinux_enabled: "{{ ansible_facts.selinux.status | default('disabled') == 'enabled' }}" - is_redhat: "{{ ansible_facts.os_family == 'RedHat' }}" - vbmc_virtualenv_path: "{{ '' if is_redhat and selinux_enabled else virtualenv_path }}" + vbmc_virtualenv_path: "{{ virtualenv_path }}" vbmc_log_directory: "{{ log_directory }}" vbmc_state: "{{ domain.get('state', 'present') }}" loop: "{{ vbmc_nodes | sort(attribute='name') | list }}" diff --git a/ansible/roles/virtualbmc-daemon/tasks/main.yml b/ansible/roles/virtualbmc-daemon/tasks/main.yml index 8324ff8..ec69f4e 100644 --- a/ansible/roles/virtualbmc-daemon/tasks/main.yml +++ b/ansible/roles/virtualbmc-daemon/tasks/main.yml @@ -26,27 +26,59 @@ virtualenv: "{{ vbmcd_virtualenv_path or omit }}" become: "{{ not vbmcd_virtualenv_path }}" +- name: Create the temporary u-c file + tempfile: + state: file + suffix: u-c + register: u_c_file + +- name: Download u-c + get_url: + url: "{{ vbmcd_python_upper_constraints_url }}" + dest: "{{ u_c_file.path }}" + +# NOTE(yoctozepto): It is preferable to use the libvirt python binding that +# is delivered with the distribution as it is guaranteed to work with the +# deployed daemon (and the accompanying Python). +- name: Remove libvirt-python from u-c + lineinfile: + path: "{{ u_c_file.path }}" + state: absent + regexp: '^libvirt-python' + - name: Ensure Python requirements are installed pip: - name: - - "virtualbmc>=1.4.0" - # NOTE(priteau): Ignore PyYAML when installing system-wide to avoid the - # following error: Cannot uninstall 'PyYAML'. It is a distutils installed - # project and thus we cannot accurately determine which files belong to it - # which would lead to only a partial uninstall. - # NOTE(priteau): Use --no-binary to avoid installing libvirt-python from - # wheel. There is a problem with the 7.5.0 wheel resulting in the error: - # The `libvirt` module is not importable. Check the requirements. - extra_args: >- - -c {{ vbmcd_python_upper_constraints_url }} - {% if not vbmcd_virtualenv_path %}--ignore-installed PyYAML{% endif %} - --no-binary libvirt-python + name: virtualbmc + extra_args: -c {{ u_c_file.path }} virtualenv: "{{ vbmcd_virtualenv_path or omit }}" register: result until: result is success retries: 3 become: "{{ not vbmcd_virtualenv_path }}" +- name: Remove the temporary u-c file + file: + path: "{{ u_c_file.path }}" + state: absent + +- name: "[selinux] Allow systemd to start vbmcd from venv" + block: + + - name: "[selinux] Allow systemd to start vbmcd from venv - sefcontext" + become: true + sefcontext: + target: "{{ vbmcd_virtualenv_path }}/bin(/.*)?" + setype: bin_t + state: present + register: sefcontext + + - name: "[selinux] Allow systemd to start vbmcd from venv - restorecon" + become: true + command: "restorecon -r {{ vbmcd_virtualenv_path }}/bin" + when: sefcontext.changed + + when: selinux_enabled and vbmcd_virtualenv_path + - name: Ensure Virtual BMC systemd service is configured template: src: templates/{{ item }}.j2 diff --git a/ansible/roles/virtualbmc-daemon/vars/Debian.yml b/ansible/roles/virtualbmc-daemon/vars/Debian.yml index bd97e98..085eb8b 100644 --- a/ansible/roles/virtualbmc-daemon/vars/Debian.yml +++ b/ansible/roles/virtualbmc-daemon/vars/Debian.yml @@ -1,7 +1,4 @@ --- # List of package dependencies to install. vbmcd_packages: - - gcc - - libvirt-dev - - pkg-config - libzmq5 diff --git a/ansible/roles/virtualbmc-daemon/vars/RedHat.yml b/ansible/roles/virtualbmc-daemon/vars/RedHat.yml index a3adafb..bd0cc0a 100644 --- a/ansible/roles/virtualbmc-daemon/vars/RedHat.yml +++ b/ansible/roles/virtualbmc-daemon/vars/RedHat.yml @@ -1,6 +1,3 @@ --- # List of package dependencies to install. -vbmcd_packages: - - gcc - - pkgconfig - - libvirt-devel +vbmcd_packages: [] diff --git a/playbooks/tenks-deploy-teardown/pre.yml b/playbooks/tenks-deploy-teardown/pre.yml index 7744b4e..7fcbfad 100644 --- a/playbooks/tenks-deploy-teardown/pre.yml +++ b/playbooks/tenks-deploy-teardown/pre.yml @@ -7,7 +7,6 @@ - role: tenks-diagnostics tenks_diagnostics_phase: "pre" tenks_diagnostics_log_dir: "{{ logs_dir }}" - - role: tenks-ci-prep tasks: - name: Ensure config directory exists file: @@ -22,13 +21,28 @@ - name: Install python3 become: true package: - name: python3 + name: + - python3 + - python3-pip + - python3-setuptools - - name: Create virtualenv for tenks + - name: Create venv for tenks and upgrade pip + pip: + name: pip + state: latest # noqa package-latest + virtualenv: "{{ tenks_venv }}" + virtualenv_command: "{{ ansible_facts.python.executable }} -m venv" + + - name: Upgrade setuptools + pip: + name: setuptools + state: latest # noqa package-latest + virtualenv: "{{ tenks_venv }}" + + - name: Install tenks deps pip: requirements: "{{ tenks_src_dir }}/requirements.txt" virtualenv: "{{ tenks_venv }}" - virtualenv_python: "{{ ansible_facts.python.executable }}" - name: Ensure /etc/ansible exists file: diff --git a/roles/tenks-ci-prep/tasks/main.yml b/roles/tenks-ci-prep/tasks/main.yml deleted file mode 100644 index 16e9d7a..0000000 --- a/roles/tenks-ci-prep/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- block: - # NOTE(mgoddard): The CentOS image used in CI has epel-release installed, - # but the configure-mirrors role used by Zuul disables epel. Since we - # install epel-release and expect epel to be enabled, enable it here. - - name: Ensure yum-utils is installed - yum: - name: yum-utils - state: installed - - - name: Enable the EPEL yum repository - command: yum-config-manager --enable epel - - - name: Enable the CRB yum repository - command: yum-config-manager --enable crb - when: ansible_facts.distribution_major_version == '9' - - when: ansible_facts.os_family == 'RedHat' - become: true - -- name: Install Python3 modules - become: true - package: - name: - - python3-pip - - python3-setuptools - - python3-wheel - -- name: Install Python3 devel - become: true - package: - name: - - python3-devel - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9' - -- name: Install virtualenv from distribution package - become: true - package: - name: - - "{% if ansible_facts.os_family == 'Debian' %}virtualenv{% else %}python3-virtualenv{% endif %}" - when: not (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9') - -- name: Install virtualenv using pip - become: true - pip: - name: virtualenv - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9'