9220732958
cryptography may bundle openssl in the wheel and that causes symbol conflicts if a different openssl is provided by the distribution. As such, it's probably safer to re-build cryptography ourselves just to be sure that the correct distro libraries are used. This has been addressed in openstack-ansible-tests/test-vars.yaml (https://review.openstack.org/#/c/486580/) to fix the CI tests but the problem is also present on regular deployments so we set it in the group_variables for the repo_all group of hosts so it's built from source in the wheel repository. Related-Bug: 1705521 Link: https://github.com/pyca/cryptography/issues/3804 Change-Id: I54ba3c1fa48a2f4c633930bc7e8cc65397f86659
69 lines
2.7 KiB
YAML
69 lines
2.7 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Ensure that the package state matches the global setting
|
|
repo_server_package_state: "{{ package_state }}"
|
|
repo_build_package_state: "{{ package_state }}"
|
|
|
|
# Optionally set this variable to the location on the deployment
|
|
# host where a set of git clones may be sourced to stage the repo
|
|
# server.
|
|
#repo_build_git_cache: /opt/git/openstack/
|
|
|
|
# The folder in the repo container where the git clones should
|
|
# be synchronised to.
|
|
repo_build_git_dir: /var/www/repo/openstackgit
|
|
|
|
# The folder in the repo container which is bind-mounted to
|
|
# the host.
|
|
repo_service_home_folder: /var/www
|
|
|
|
# The folder on the repo container's host which will hold
|
|
# the git clones via the container-host bind-mount
|
|
repo_build_git_bind_mount: "/openstack/{{ inventory_hostname }}{{ repo_build_git_dir | replace(repo_service_home_folder, '') }}"
|
|
|
|
# The appropriate user:group names for the repo_build_git_dir
|
|
# folder/file attributes.
|
|
repo_service_user_name: nginx
|
|
repo_service_group_name: www-data
|
|
|
|
# Ensure that the repo service and the repo build use the same user:group
|
|
repo_build_service_user_name: "{{ repo_service_user_name }}"
|
|
repo_build_service_group_name: "{{ repo_service_group_name }}"
|
|
|
|
# Disable the pip lock down for the repo servers
|
|
pip_lock_to_internal_repo: False
|
|
|
|
# The following package must always build from source.
|
|
#
|
|
# libvirt-python:
|
|
# A pre-built wheel can be missing libvirt capabilities from the installed
|
|
# version of libvirt-bin, leading to nova-compute failing to start.
|
|
#
|
|
# NOTE(hwoarang) cryptography may bundle openssl in the wheel and that
|
|
# causes symbol conflicts if a different openssl is provided by the
|
|
# distribution. As such, it's probably safer to re-build cryptography
|
|
# ourselves just to be sure that the correct distro libraries are used
|
|
# see https://github.com/pyca/cryptography/issues/3804
|
|
# This keeps popping up every now and then so it might worth keeping this
|
|
# around even if the upstream issue is resolved
|
|
repo_build_pip_no_binary:
|
|
- libvirt-python
|
|
- cryptography
|
|
|
|
# Set the build tag and the repo version
|
|
repo_build_release_tag: "{{ openstack_release }}"
|
|
repo_build_os_distro_version: "{{ os_distro_version }}"
|