Remove pip_get_pip_options override from group_vars
In the group_vars pip_get_pip_options is set with the intention of restricting the initial pip install to using the local repo server first, then reaching out to a set upstream repo. The pip install role then has a fallback which ignores these settings and goes to pypi to fetch the versions required. While this works, it causes an initial failure to install pip when the repo server is not yet available. This is OK considering that there isa fallback, but when other pip install options need to be used (eg: proxy options, certificate validation disabling due to bad proxies) then circumstances are reached where both tasks will fail and pip is uninstallable. Going back to the original intent, the use of this setting in group_vars is a logic flaw. If there's a repo server already, then everywhere where it matters the pip_lock_down role would have already restricted pip install options to make use of the local repo server for the first task in pip_install anyway. In other words we're double-doing the lock down unnecessarily. This patch results in the following behaviour: - The first pip install task will look for the versions specified in the local repo if there is one and the pip_lock_down task has run on the host in question. - If there is no local pip.conf, the first pip install task will seek the packages from pypi. - If the deployer chooses to set 'pip_get_pip_options' in user_variables, then those options will be honoured. This patch paves the way for https://review.openstack.org/296114 to actually be something useful to have merged. Closes-Bug: 1559619 Change-Id: I148e3628a75d81711b969eddee0c452e2ba16664
This commit is contained in:
parent
0849367b62
commit
3cdac57fc8
@ -58,16 +58,6 @@ galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars
|
||||
galera_wsrep_address: "{{ ansible_ssh_host }}"
|
||||
|
||||
|
||||
## Pip install
|
||||
# Ensure that the pip_install role tries the local repo before looking
|
||||
# for pip in alternative locations
|
||||
pip_get_pip_options: >
|
||||
--no-index
|
||||
--find-links "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}"
|
||||
--find-links "{{ repo_pip_default_index | netorigin }}/os-releases/{{ openstack_release }}"
|
||||
--trusted-host "{{ openstack_repo_url | netloc_no_port }}"
|
||||
--trusted-host "{{ repo_pip_default_index | netloc_no_port }}"
|
||||
|
||||
pip_links:
|
||||
- { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" }
|
||||
|
||||
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
upgrade:
|
||||
- The ``pip_get_pip_options`` override has been removed from group_vars,
|
||||
resulting in the empty default being used. Previously this method was
|
||||
used to lock the pip install source appropriately, but this has been
|
||||
handled through the pip_lock_down role for several cycles. If a deployer
|
||||
has implemented an override in user_variables based on the previous
|
||||
group_vars settings then the settings should be reviewed. This override
|
||||
may now be used for catering to situations where the pip installation
|
||||
requires extra options set to allow installing through a proxy, or
|
||||
disabling certificate validation.
|
Loading…
Reference in New Issue
Block a user