Ansible role to manage the building of python venvs
Go to file
Jonathan Rosser 366222725e Include REQUESTS_CA_BUNDLE in pip task environment
If the SSH or login session is not restarted, it is possible that
recently written contents of /etc/environment are not accounted for
when installing the built wheels when TLS is enabled on the internal
VIP.

REQUESTS_CA_BUNDLE must be set to allow pip to trust the certificate
presented on the internal VIP.

Change-Id: I7ed37d76c4c3854dc4939c884062bd03a76ece37
2024-05-01 10:44:10 +01:00
defaults Include REQUESTS_CA_BUNDLE in pip task environment 2024-05-01 10:44:10 +01:00
doc Switch sphinx language to en 2022-05-30 16:01:09 +02:00
examples Replace linters test with integarted one 2021-05-26 07:40:38 +00:00
handlers Fix linters and metadata 2023-07-14 05:48:27 +00:00
meta Fix linters and metadata 2023-07-14 05:48:27 +00:00
releasenotes Update master for stable/2023.2 2023-12-07 11:04:12 +00:00
tasks Workaround ansible unsafe text templating bug 2024-02-28 08:51:29 +00:00
tests Remove references to unsupported operating systems 2021-03-16 10:47:53 +00:00
vars Include REQUESTS_CA_BUNDLE in pip task environment 2024-05-01 10:44:10 +01:00
zuul.d Remove TripleO jobs 2023-03-15 23:49:47 +09:00
.gitignore Updated from OpenStack Ansible Tests 2019-08-20 03:07:42 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:04 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2021-03-12 22:23:26 +00:00
CONTRIBUTING.rst [ussuri][goal] Update contributor documentation 2020-05-13 00:10:31 +03:00
LICENSE Initial commit 2018-03-09 17:50:21 +00:00
README.rst Merge "Add source code and bugs url link to README" 2021-01-26 09:52:27 +00:00
run_tests.sh Updated from OpenStack Ansible Tests 2022-04-01 12:13:22 +00:00
setup.cfg setup.cfg: Replace dashes with underscores 2023-05-05 09:12:38 +08:00
setup.py Revert "Cleanup setup.py config" 2022-03-31 17:08:13 -04:00
tox.ini Update tox.ini to work with 4.0 2022-12-27 17:53:06 +01:00
Vagrantfile Updated from OpenStack Ansible Tests 2021-12-17 16:50:22 +00:00

Team and repository tags

image

OpenStack-Ansible python_venv_build

This Ansible role prepares a python venv for use within the OpenStack-Ansible project, but it may be used for other projects as well.

The role requires the following to be present prior to execution:

  • virtualenv >= 1.10 (to support using the never-download option)
  • pip >= 7.1 (to support using the constraints option) in the virtualenv once it has been created.

Use-cases

This role is built for the following use-cases:

  1. Using a build host (a.k.a. repo server):
    • Build python wheels on a repo server with a given list of python packages.
    • Prepare a requirements.txt and constraints.txt file on the repo server, and use them to ensure that the build and installation processes are both consistent and idempotent.
    • On the build host, install the distribution packages required at build time.
    • On any number of target hosts, create a virtualenv and install these built wheels into it using the pip --find-links option.
    • On any number of target hosts, install the distribution packages required at run time.
    • Re-use previously built wheels to speed up any subsequent builds..
  2. Not using a build host:
    • On any number of target hosts, create a virtualenv, then locally install the distribution packages required at build and run time, then locally compile and install the given list of python packages.
    • This negates the need for a repo server, but takes longer due to the increased number of dependencies to install and the compilation happening on every target host.
    • The only situation where a build host provides no benefit is where there is only a single target host (with no containers) and none of the packages installed into the venv will be used again for any other venvs built by this role on the same host.

It may be useful to review the Python Build/Install Process Simplification specification to understand the background that led to the creation of this role.

Process

  1. Pre-requisites are checked.
  2. If wheel building is enabled, and there is a repo server in the environment, then the following happens on the repo server:
    1. The distribution packages required to execute the python wheel compile are installed.
    2. A set of requirements and source-constraints for the venv are compiled for pip to use when building the wheels. These are also used to determine whether there are changes to either for the purpose of idempotence.
    3. The python wheels are compiled, and an install-time constraints file is created. The install-time constraints file has the list of python packages with their versions - this differs from the source-constraints which may contain git SHA's.
  3. The installation of the python packages then commences on the target hosts:
    1. If the wheel build was enabled:
      1. Only the distribution packages required at runtime by the python packages are installed.
      2. A python venv is created at venv_install_destination_path.
      3. The requirements and constraints files for the venv are prepared in the venv path.
      4. The python packages are installed from the wheels on the repo server using pip's --find-links option to ensure that they are preferred above the default pypi index.
      5. If there are any venv_packages_to_symlink then the appropriate python libraries installed into the system from those packages will be symlinked into the virtualenv. This provides for python libraries which have a tight coupling with C bindings which may not be portable as a wheel.
    2. If the wheel build was not enabled:
      1. The distribution packages required for compiling and at runtime by the python packages are installed.
      2. A python venv is created at venv_install_destination_path.
      3. The requirements and constraints files for the venv are prepared in the venv path. The constraints file in this case would contain the same content as the source-constraints file on the repo server where there is one.
      4. The python packages are installed from the default pip index. During the installation pip will do a git clone and build from it for any packages that have a git SHA as a constraint.
      5. If there are any venv_packages_to_symlink then the appropriate python libraries installed into the system from those packages will be symlinked into the virtualenv. This provides for python libraries which have a tight coupling with C bindings which may not be portable as a wheel.
  4. If any venv_facts_when_changed are set, then they are implemented on the target host in /etc/ansible/facts.d.

Default variables

../../defaults/main.yml

References

Documentation for the project can be found at:

https://docs.openstack.org/ansible-role-python_venv_build/latest/

The project home is at:

https://launchpad.net/openstack-ansible

Release notes for the project can be found at:

https://docs.openstack.org/releasenotes/ansible-role-python_venv_build/

The project source code repository is located at:

https://git.openstack.org/cgit/openstack/ansible-role-python_venv_build

The bug tracker can be found at:

https://bugs.launchpad.net/openstack-ansible