Standardize Python interpreter handling

This patch ensures that the system Python interpreter is always used during the `bootstrap-servers` phase by setting `ansible_python_interpreter=auto_silent` via `extra_vars`, while the `octavia-certificates` command now explicitly uses the same Python interpreter that was used to invoke the `kolla-ansible` CLI, ensuring compatibility with the local environment. Summary: - The `ansible_python_interpreter` is now dynamically defined in `group_vars/all.yml`, falling back to the system interpreter if no virtualenv is configured. - CLI commands now detect and respect user-specified `ansible_python_interpreter` values via `-e`, and avoid overriding them. - The `bootstrap-servers` command always uses the system Python interpreter by setting `ansible_python_interpreter=auto_silent`, ensuring a clean environment for virtualenv creation. - The `octavia-certificates` command uses the Python interpreter that invoked the `kolla-ansible` CLI, ensuring compatibility with locally installed packages (e.g. cryptography). This improves interpreter handling across commands, especially in environments with custom Python setups or virtual environments. Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/949767 Change-Id: I7dc6cf8eda3b1fd48d2000f18b4670a4ef4ce1b4
2025-05-15 01:25:31 +02:00
parent dcafed4145
commit 9c41becc8d
4 changed files with 38 additions and 3 deletions
--- a/ansible/group_vars/baremetal.yml
+++ b/ansible/group_vars/baremetal.yml
@ -0,0 +1,15 @@
+---
+ansible_python_interpreter: >-
+  {{
+    virtualenv ~ '/bin/python'
+    if virtualenv is defined
+      and virtualenv is not none
+      and virtualenv | length > 0
+    else (
+      ansible_facts.python.executable
+      if ansible_facts.python.executable is defined
+        and ansible_facts.python.executable is not none
+        and ansible_facts.python.executable | length > 0
+      else 'auto_silent'
+    )
+  }}
--- a/kolla_ansible/cli/commands.py
+++ b/kolla_ansible/cli/commands.py
@ -10,6 +10,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import sys
+
 from cliff.command import Command

 from kolla_ansible import ansible
@ -63,6 +65,14 @@ class KollaAnsibleMixin:
        return verbosity_args

    def run_playbooks(self, parsed_args, *args, **kwargs):
+        # If the user knows what they're doing and explicitly sets
+        # ansible_python_interpreter, respect their choice and avoid
+        # overriding it by kolla-ansible.
+        extra = kwargs.get("extra_vars", {})
+        for var in getattr(parsed_args, "extra_vars", []) or []:
+            if var.startswith("ansible_python_interpreter="):
+                extra.pop("ansible_python_interpreter", None)
+                break
        kwargs.update(self._get_verbosity_args())
        return ansible.run_playbooks(parsed_args, *args, **kwargs)

@ -153,6 +163,7 @@ class BootstrapServers(KollaAnsibleMixin, Command):

        extra_vars = {}
        extra_vars["kolla_action"] = "bootstrap-servers"
+        extra_vars["ansible_python_interpreter"] = "auto_silent"

        playbooks = _choose_playbooks(parsed_args, "kolla-host")

@ -199,7 +210,9 @@ class OctaviaCertificates(KollaAnsibleMixin, Command):
        return parser

    def take_action(self, parsed_args):
-        extra_vars = {}
+        extra_vars = {
+            "ansible_python_interpreter": sys.executable
+        }

        if hasattr(parsed_args, "check_expiry") \
                and parsed_args.check_expiry is not None:
--- a/releasenotes/notes/use-auto-detected-python-interpreter-for-bootstrap-b83cc25d03e4eeb5.yaml
+++ b/releasenotes/notes/use-auto-detected-python-interpreter-for-bootstrap-b83cc25d03e4eeb5.yaml
@ -0,0 +1,8 @@
+---
+features:
+  - |
+    ``bootstrap-servers`` now always uses the system Python interpreter via
+    ``auto_silent`` autodetection.
+
+    ``octavia-certificates`` now use the same Python interpreter as the one
+    running the ``kolla-ansible`` command itself.
--- a/tests/test-octavia.sh
+++ b/tests/test-octavia.sh
@ -11,8 +11,7 @@ export PYTHONUNBUFFERED=1
 function check_certificate_expiry {
    RAW_INVENTORY=/etc/kolla/inventory
    source $KOLLA_ANSIBLE_VENV_PATH/bin/activate
-    # NOTE(mnasiadka): Use venv python here for cryptography package (Ansible fails otherwise)
-    kolla-ansible octavia-certificates -i ${RAW_INVENTORY} --check-expiry 7 -e ansible_python_interpreter=$KOLLA_ANSIBLE_VENV_PATH/bin/python
+    kolla-ansible octavia-certificates -i ${RAW_INVENTORY} --check-expiry 7
    deactivate
 }