Files
cinderlib/tools/virtualenv-sudo.sh
Gorka Eguileor 4d784d23a9 Fix privsep issues inside virtual env
When a virtual environment is created with the "--system-site-packages"
option and privsep is installed on the system privsep will only use the
system packages and completely ignore the ones in the virtual
environment.

This results in errors such as the ones we see:

- In the Ussuri gate: ModuleNotFoundError: No module named
  'os_brick.privileged.rootwrap'

- In the Wallaby gate: ModuleNotFoundError: No module named
  'os_brick.privileged.nvmeof'

This happens because os-brick and cinder are starting privsep using the
"privsep-helper" mechanism, and privsep was not installed in the virtual
env because it was already present system wide, so the "privsep-helper"
that is executed is the one from "/usr/local/bin/privsep-helper".

This python script "privsep-helper" ignores the virtual environment and
forces usage of the system's python, for example in a Wallaby
installation this could be "#!/usr/bin/python3.6".

Since it ignores the virtual environment it won't use its packages and
anything that's not present on system wide will not be found, and if
found it may be executing different code.

This patch fixes this issue by replacing the helper used to start
privsep with our own command.

This command is the same as the one usually installed in /usr/local/bin
but using /usr/bin/env to select the python to use.

This new script has been included as data in the cinderlib namespace
instead of making it install as a system script (like the original
privsep command) because we don't want to polute the system wide
binaries directory just for a corner case.

We also need to preserve user site-packages for the running Python when
calling root from the virtual environment, since the packages installed
on the virtual environment with "--system-site-packages" would have
taken those into consideration during the installation and not the ones
present on the root user.

To help debug issues at the gate all functional tests are now running
with debug logs.

Change-Id: I0278b42785d14f92a521e6deff872dcba6505270
Related-Bug: #1958159
Closes-Bug: #1979534
2022-06-24 15:26:48 +02:00

19 lines
691 B
Bash
Executable File

#!/usr/bin/env bash
# Script to ensure that calling commands added in the virtualenv with sudo will
# be able to find them during the functional tests, ie: cinder-rtstool
params=()
for arg in "$@"; do params+=("\"$arg\""); done
params="${params[@]}"
# Preserve user site-packages from the caller on the root user call in case
# it's a python program we are calling.
local_path=`python -c "import site; print(site.USER_SITE)"`
if [[ -n "$local_path" ]]; then
if [[ -z "$PYTHONPATH" ]]; then
PYTHONPATH="$local_path"
else
PYTHONPATH="$PYTHONPATH:$local_path"
fi
fi
sudo -E --preserve-env=PATH,VIRTUAL_ENV,PYTHONPATH PYTHONPATH="$PYTHONPATH" /bin/bash -c "$params"