Fix gnocchi install from git

Recent changes to git prevent git repos from being parsed if they are not owned by the current user as part of a CVE fix. Some project use stevedore to load plugins and this is broken if gnocchi is installed from git via "sudo pip install". This change uses devstacks git_clone to ensure that the gnocchi repos is clonned under $DEST aka /opt/stack as the current user not root. It then uses pip install -e to install the precloned repo. To enable this GNOCCHI_REPO and GNOCCHI_BRANCH are intoduced and the non standard GNOCCHI_GIT_PATH is removed. A long standing comment to stop installing from git after Gnocchi 4.0 is adressed by only installing from git if gnocchi is listed in LIBS_FROM_GIT. However since 4.4.2 is currently incompatible with openstacks upper-constraits file the ci will continue to git however the git repo will now be prepared by zuul using required-projects. This will have the side effect of allowing Depends on to work for PRs to gnocchi however testing that is out of scope of this patch. This patch adds a sample local.conf that can be used to deploy locally for devopment. Depends-On: https://review.opendev.org/c/openstack/telemetry-tempest-plugin/+/872350 Change-Id: I833ea3bffb18bec063423450be0f3b8ff92f9a5a
2023-01-31 12:03:05 -05:00 · 2023-01-31 12:03:05 -05:00 · cb7084ed18
parent e83a6802ca
commit cb7084ed18
5 changed files with 59 additions and 4 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -5,6 +5,7 @@
    required-projects:
      - opendev.org/openstack/grenade
      - opendev.org/openstack/ceilometer
+      - gnocchixyz/gnocchi
    vars:
      configure_swap_size: 8192
      grenade_devstack_localrc:
--- a/devstack/README.rst
+++ b/devstack/README.rst
@ -22,4 +22,7 @@ Enabling Ceilometer in DevStack
   installation of Ceilometer. If you don't want to use their default value,
   you can set a new one in ``local.conf``.

+   Alternitvely you can modify copy and modify the sample ``local.conf``
+   located at ``ceilometer/devstack/local.conf.sample``
+
 3. Run ``stack.sh``.
--- a/devstack/local.conf.sample
+++ b/devstack/local.conf.sample
@ -0,0 +1,45 @@
+[[local|localrc]]
+# Common options
+# --------------
+#RECLONE=True
+#FORCE=True
+#OFFLINE=True
+#USE_PYTHON3=True
+#PYTHON3_VERSION=3.8
+# HOST_IP shoudl be set to an ip that is present on the host
+# e.g. the ip of eth0. This will be used to bind api endpoints and horizon.
+HOST_IP=<hostip>
+
+# Minimal Contents
+# ----------------
+
+# While ``stack.sh`` is happy to run without ``localrc``, devlife is better when
+# there are a few minimal variables set:
+
+# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter
+# values for them by ``stack.sh``and they will be added to ``local.conf``.
+ADMIN_PASSWORD=password
+DATABASE_PASSWORD=$ADMIN_PASSWORD
+RABBIT_PASSWORD=$ADMIN_PASSWORD
+SERVICE_PASSWORD=$ADMIN_PASSWORD
+
+LOGFILE=$DEST/logs/stack.sh.log
+LOGDAYS=2
+
+# the plugin line order matters but the placment in the file does not
+enable_plugin aodh https://opendev.org/openstack/aodh
+enable_plugin ceilometer https://opendev.org/openstack/ceilometer.git
+
+# Gnocchi settings
+# Gnocchi is optional but can be enbaled by uncommenting CEILOMETER_BACKEND
+CEILOMETER_BACKEND=gnocchi
+
+# if gnocchi is not in LIBS_FROM_GIT it will install from pypi.
+# Currently this is broken with the latest gnocchi release 4.4.2
+# so we need to install from git until
+# https://github.com/gnocchixyz/gnocchi/issues/1290 is resolved
+LIBS_FROM_GIT+=gnocchi
+
+# to control the version of gnocchi installed from git uncomment these options
+#GNOCCHI_BRANCH="master"
+#GNOCCHI_REPO=https://github.com/gnocchixyz/gnocchi
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -137,8 +137,12 @@ function ceilometer_create_accounts {

 function install_gnocchi {
    echo_summary "Installing Gnocchi"
-    if [ $GNOCCHI_GIT_PATH ]; then
-        pip_install -e $GNOCCHI_GIT_PATH[redis,${DATABASE_TYPE},keystone] uwsgi
+    if use_library_from_git "gnocchi"; then
+        # we need to git clone manually to ensure that the git repo is added
+        # to the global git repo list and ensure its cloned as the current user
+        # not as root.
+        git_clone ${GNOCCHI_REPO} ${GNOCCHI_DIR} ${GNOCCHI_BRANCH}
+        pip_install -e ${GNOCCHI_DIR}[redis,${DATABASE_TYPE},keystone] uwsgi
    else
        pip_install gnocchi[redis,${DATABASE_TYPE},keystone] uwsgi
    fi
--- a/devstack/settings
+++ b/devstack/settings
@ -16,9 +16,11 @@ if [ "$CEILOMETER_BACKEND" = "gnocchi" ]; then
    enable_service gnocchi-api gnocchi-metricd
 fi

+
+GNOCCHI_DIR=${GNOCCHI_DIR:-${DEST}/gnocchi}
+GNOCCHI_BRANCH=${GNOCCHI_BRANCH:-"master"}
+GNOCCHI_REPO=${GNOCCHI_REPO:-https://github.com/gnocchixyz/gnocchi}
 # Gnocchi default archive_policy for Ceilometer
-# TODO(sileht): when Gnocchi 4.0 is out use the tarball instead
-GNOCCHI_GIT_PATH=${GNOCCHI_GIT_PATH:-git+https://github.com/gnocchixyz/gnocchi#egg=gnocchi}
 if [ -n "$GNOCCHI_ARCHIVE_POLICY_TEMPEST" ]; then
    GNOCCHI_ARCHIVE_POLICY=$GNOCCHI_ARCHIVE_POLICY_TEMPEST
 else