From 366222725e53de3a293275ecd44f0c0ede9cc3e9 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 1 May 2024 10:44:10 +0100 Subject: [PATCH] Include REQUESTS_CA_BUNDLE in pip task environment If the SSH or login session is not restarted, it is possible that recently written contents of /etc/environment are not accounted for when installing the built wheels when TLS is enabled on the internal VIP. REQUESTS_CA_BUNDLE must be set to allow pip to trust the certificate presented on the internal VIP. Change-Id: I7ed37d76c4c3854dc4939c884062bd03a76ece37 --- defaults/main.yml | 3 ++- vars/debian.yml | 2 ++ vars/redhat-9.yml | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index c46387a..9b7c705 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -90,7 +90,8 @@ venv_default_pip_install_args: >- venv_pip_install_args: "" # Environemnt to be set for building the wheels -venv_pip_install_env: {} +venv_pip_install_env: + REQUESTS_CA_BUNDLE: "{{ _venv_install_ca_bundle_path }}" # Some python packages have C bindings which tend to be very # particular about the version of their underlying shared libraries. diff --git a/vars/debian.yml b/vars/debian.yml index 12a764b..0aeb247 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -24,3 +24,5 @@ _venv_build_base_distro_package_list: _venv_install_base_distro_package_list: - python3-venv - python3-setuptools + +_venv_install_ca_bundle_path: /etc/ssl/certs/ca-certificates.crt diff --git a/vars/redhat-9.yml b/vars/redhat-9.yml index cd01a29..4b5bdd3 100644 --- a/vars/redhat-9.yml +++ b/vars/redhat-9.yml @@ -21,3 +21,5 @@ _venv_build_base_distro_package_list: - python3-devel _venv_install_base_distro_package_list: [] + +_venv_install_ca_bundle_path: /etc/pki/tls/certs/ca-bundle.crt