Fix gnocchi install from git

Recent changes to git prevent git repos from being parsed if they
are not owned by the current user as part of a CVE fix. Some
project use stevedore to load plugins and this is broken if
gnocchi is installed from git via "sudo pip install".

This change uses devstacks git_clone to ensure that the gnocchi
repos is clonned under $DEST aka /opt/stack as the current user not
root. It then uses pip install -e to install the precloned repo.

To enable this GNOCCHI_REPO and GNOCCHI_BRANCH are intoduced
and the non standard GNOCCHI_GIT_PATH is removed.

A long standing comment to stop installing from git after
Gnocchi 4.0 is adressed by only installing from  git if
gnocchi is listed in LIBS_FROM_GIT. However since
4.4.2 is currently incompatible with openstacks upper-constraits
file the ci will continue to git however the git repo will
now be prepared by zuul using required-projects.

This will have the side effect of allowing
Depends on to work for PRs to gnocchi however testing that
is out of scope of this patch.

This patch adds a sample local.conf that can be used to deploy
locally for devopment.

Depends-On: https://review.opendev.org/c/openstack/telemetry-tempest-plugin/+/872350
Change-Id: I833ea3bffb18bec063423450be0f3b8ff92f9a5a
This commit is contained in:
Sean Mooney 2023-01-31 12:03:05 -05:00
parent e83a6802ca
commit cb7084ed18
5 changed files with 59 additions and 4 deletions

View File

@ -5,6 +5,7 @@
required-projects: required-projects:
- opendev.org/openstack/grenade - opendev.org/openstack/grenade
- opendev.org/openstack/ceilometer - opendev.org/openstack/ceilometer
- gnocchixyz/gnocchi
vars: vars:
configure_swap_size: 8192 configure_swap_size: 8192
grenade_devstack_localrc: grenade_devstack_localrc:

View File

@ -22,4 +22,7 @@ Enabling Ceilometer in DevStack
installation of Ceilometer. If you don't want to use their default value, installation of Ceilometer. If you don't want to use their default value,
you can set a new one in ``local.conf``. you can set a new one in ``local.conf``.
Alternitvely you can modify copy and modify the sample ``local.conf``
located at ``ceilometer/devstack/local.conf.sample``
3. Run ``stack.sh``. 3. Run ``stack.sh``.

View File

@ -0,0 +1,45 @@
[[local|localrc]]
# Common options
# --------------
#RECLONE=True
#FORCE=True
#OFFLINE=True
#USE_PYTHON3=True
#PYTHON3_VERSION=3.8
# HOST_IP shoudl be set to an ip that is present on the host
# e.g. the ip of eth0. This will be used to bind api endpoints and horizon.
HOST_IP=<hostip>
# Minimal Contents
# ----------------
# While ``stack.sh`` is happy to run without ``localrc``, devlife is better when
# there are a few minimal variables set:
# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter
# values for them by ``stack.sh``and they will be added to ``local.conf``.
ADMIN_PASSWORD=password
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
LOGFILE=$DEST/logs/stack.sh.log
LOGDAYS=2
# the plugin line order matters but the placment in the file does not
enable_plugin aodh https://opendev.org/openstack/aodh
enable_plugin ceilometer https://opendev.org/openstack/ceilometer.git
# Gnocchi settings
# Gnocchi is optional but can be enbaled by uncommenting CEILOMETER_BACKEND
CEILOMETER_BACKEND=gnocchi
# if gnocchi is not in LIBS_FROM_GIT it will install from pypi.
# Currently this is broken with the latest gnocchi release 4.4.2
# so we need to install from git until
# https://github.com/gnocchixyz/gnocchi/issues/1290 is resolved
LIBS_FROM_GIT+=gnocchi
# to control the version of gnocchi installed from git uncomment these options
#GNOCCHI_BRANCH="master"
#GNOCCHI_REPO=https://github.com/gnocchixyz/gnocchi

View File

@ -137,8 +137,12 @@ function ceilometer_create_accounts {
function install_gnocchi { function install_gnocchi {
echo_summary "Installing Gnocchi" echo_summary "Installing Gnocchi"
if [ $GNOCCHI_GIT_PATH ]; then if use_library_from_git "gnocchi"; then
pip_install -e $GNOCCHI_GIT_PATH[redis,${DATABASE_TYPE},keystone] uwsgi # we need to git clone manually to ensure that the git repo is added
# to the global git repo list and ensure its cloned as the current user
# not as root.
git_clone ${GNOCCHI_REPO} ${GNOCCHI_DIR} ${GNOCCHI_BRANCH}
pip_install -e ${GNOCCHI_DIR}[redis,${DATABASE_TYPE},keystone] uwsgi
else else
pip_install gnocchi[redis,${DATABASE_TYPE},keystone] uwsgi pip_install gnocchi[redis,${DATABASE_TYPE},keystone] uwsgi
fi fi

View File

@ -16,9 +16,11 @@ if [ "$CEILOMETER_BACKEND" = "gnocchi" ]; then
enable_service gnocchi-api gnocchi-metricd enable_service gnocchi-api gnocchi-metricd
fi fi
GNOCCHI_DIR=${GNOCCHI_DIR:-${DEST}/gnocchi}
GNOCCHI_BRANCH=${GNOCCHI_BRANCH:-"master"}
GNOCCHI_REPO=${GNOCCHI_REPO:-https://github.com/gnocchixyz/gnocchi}
# Gnocchi default archive_policy for Ceilometer # Gnocchi default archive_policy for Ceilometer
# TODO(sileht): when Gnocchi 4.0 is out use the tarball instead
GNOCCHI_GIT_PATH=${GNOCCHI_GIT_PATH:-git+https://github.com/gnocchixyz/gnocchi#egg=gnocchi}
if [ -n "$GNOCCHI_ARCHIVE_POLICY_TEMPEST" ]; then if [ -n "$GNOCCHI_ARCHIVE_POLICY_TEMPEST" ]; then
GNOCCHI_ARCHIVE_POLICY=$GNOCCHI_ARCHIVE_POLICY_TEMPEST GNOCCHI_ARCHIVE_POLICY=$GNOCCHI_ARCHIVE_POLICY_TEMPEST
else else