Fetch upper constraints file with curl rather than allow pip to download it
On centos-7 the distro provided trust store for pip is out of date and
cannot validate LetsEncrypt certificates issued against their new root
CA.
Use curl to download a local copy of upper-constraints.txt so that we can
pass it to pip as a file instead of a url in order to boostrap the ansible
virtualenv and upgrade pip/setuptools/wheel to more modern versions.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/816317
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/815631
Change-Id: Ia5c80ff18836b08d4caff82b2ac69a11d6e54210
(cherry picked from commit 1f707ccf21
)
This commit is contained in:
parent
c66a806ac8
commit
bf854c2423
|
@ -131,6 +131,13 @@ UPPER_CONSTRAINTS_PROTO=$([ "$PYTHON_VERSION" == $(echo -e "$PYTHON_VERSION\n2.7
|
|||
# Set the location of the constraints to use for all pip installations
|
||||
export UPPER_CONSTRAINTS_FILE=${UPPER_CONSTRAINTS_FILE:-"$UPPER_CONSTRAINTS_PROTO://opendev.org/openstack/requirements/raw/$(awk '/requirements_git_install_branch:/ {print $2}' playbooks/defaults/repo_packages/openstack_services.yml)/upper-constraints.txt"}
|
||||
|
||||
# Define a location for a local copy of upper constraints and download it with curl
|
||||
UPPER_CONSTRAINTS_LOCAL_FILE=/opt/ansible-runtime-venv-constraints.txt
|
||||
curl -L -o ${UPPER_CONSTRAINTS_LOCAL_FILE} ${UPPER_CONSTRAINTS_FILE}
|
||||
|
||||
# Use the local copy for pip rather than have pip attempt (and fail due to outdated CA store) to download it itself
|
||||
export UPPER_CONSTRAINTS_FILE=${UPPER_CONSTRAINTS_LOCAL_FILE}
|
||||
|
||||
if [[ -z "${SKIP_OSA_RUNTIME_VENV_BUILD+defined}" ]]; then
|
||||
build_ansible_runtime_venv
|
||||
fi
|
||||
|
|
|
@ -242,10 +242,7 @@ tempest_run: yes
|
|||
tempest_network_ping_gateway: yes
|
||||
|
||||
{% if nodepool_dir.stat.exists %}
|
||||
# Copy /etc/pip.conf into containers to get mirrors for wheels
|
||||
# and due to extra-index-url bugs in Ubuntu, we workaround it
|
||||
# by ignoring the config file during PIP upgrade time
|
||||
venv_pip_upgrade_noconf: true
|
||||
# Settings which are specific to opendev CI
|
||||
lxc_container_cache_files_from_host:
|
||||
- /etc/pip.conf
|
||||
# Disable chronyd in OpenStack CI
|
||||
|
|
Loading…
Reference in New Issue