openstack
/
tenks
Code Issues Proposed changes

Use venv instead of virtualenv 

virtualenv is not a part of the core python installation, but
venv is. Let's use it to be slimmer and avoid issues with
virtualenv installation.

At the same time, remove some existing hacks around selinux,
systemd, PyYAML and libvirt.

Change-Id: Icd60aca084323cede944ee261d2cf5941b320e4b
This commit is contained in:
Radosław Piliszek 2022-09-07 15:47:13 +00:00
parent c41b3edd67
commit 6c59da3daf
8 changed files with 91 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/hypervisors
View File

@ -4,7 +4,7 @@
physnet_mappings: {}
system_requirements:
- "python3-virtualenv"
- python3-libvirt
# Tenks bridge type. Options are "openvswitch", "linuxbridge". Default is
# "openvswitch". Note that this relates to bridges created by Tenks, not the

30
ansible/host_setup.yml
View File

@ -1,4 +1,28 @@
---
- name: Create Tenks venv
hosts: all
tags:
- host-setup
tasks:
- name: Ensure Tenks venv is properly set up
block:
- name: Init Tenks venv and upgrade pip
pip:
name: pip
state: latest # noqa package-latest
virtualenv: "{{ virtualenv_path }}"
virtualenv_command: "{{ ansible_facts.python.executable }} -m venv"
virtualenv_site_packages: true
- name: Upgrade setuptools
pip:
name: setuptools
state: latest # noqa package-latest
virtualenv: "{{ virtualenv_path }}"
when: virtualenv_path
- name: Load current Tenks state
hosts: localhost
tags:
@ -54,12 +78,8 @@
include_role:
name: virtualbmc-daemon
vars:
# NOTE(mgoddard): On CentOS 8 if SELinux is enabled, install
# virtualbmc to the system rather than a virtualenv. SELinux
# prevents systemd from accessing files in users' home directories.
selinux_enabled: "{{ ansible_facts.selinux.status | default('disabled') == 'enabled' }}"
is_redhat: "{{ ansible_facts.os_family == 'RedHat' }}"
vbmcd_virtualenv_path: "{{ '' if is_redhat and selinux_enabled else virtualenv_path }}"
vbmcd_virtualenv_path: "{{ virtualenv_path }}"
vbmcd_python_upper_constraints_url: >-
{{ python_upper_constraints_url }}

7
ansible/node_bmc.yml
View File

@ -46,12 +46,7 @@
vbmc_ipmi_username: "{{ ipmi_username }}"
vbmc_ipmi_password: "{{ ipmi_password }}"
vbmc_ipmi_port: "{{ domain.ipmi_port }}"
# NOTE(mgoddard): On CentOS 8 if SELinux is enabled, install virtualbmc
# to the system rather than a virtualenv. SELinux prevents systemd from
# accessing files in users' home directories.
selinux_enabled: "{{ ansible_facts.selinux.status | default('disabled') == 'enabled' }}"
is_redhat: "{{ ansible_facts.os_family == 'RedHat' }}"
vbmc_virtualenv_path: "{{ '' if is_redhat and selinux_enabled else virtualenv_path }}"
vbmc_virtualenv_path: "{{ virtualenv_path }}"
vbmc_log_directory: "{{ log_directory }}"
vbmc_state: "{{ domain.get('state', 'present') }}"
loop: "{{ vbmc_nodes | sort(attribute='name') | list }}"

58
ansible/roles/virtualbmc-daemon/tasks/main.yml
View File

@ -26,27 +26,59 @@
virtualenv: "{{ vbmcd_virtualenv_path or omit }}"
become: "{{ not vbmcd_virtualenv_path }}"
- name: Create the temporary u-c file
tempfile:
state: file
suffix: u-c
register: u_c_file
- name: Download u-c
get_url:
url: "{{ vbmcd_python_upper_constraints_url }}"
dest: "{{ u_c_file.path }}"
# NOTE(yoctozepto): It is preferable to use the libvirt python binding that
# is delivered with the distribution as it is guaranteed to work with the
# deployed daemon (and the accompanying Python).
- name: Remove libvirt-python from u-c
lineinfile:
path: "{{ u_c_file.path }}"
state: absent
regexp: '^libvirt-python'
- name: Ensure Python requirements are installed
pip:
name:
- "virtualbmc>=1.4.0"
# NOTE(priteau): Ignore PyYAML when installing system-wide to avoid the
# following error: Cannot uninstall 'PyYAML'. It is a distutils installed
# project and thus we cannot accurately determine which files belong to it
# which would lead to only a partial uninstall.
# NOTE(priteau): Use --no-binary to avoid installing libvirt-python from
# wheel. There is a problem with the 7.5.0 wheel resulting in the error:
# The `libvirt` module is not importable. Check the requirements.
extra_args: >-
-c {{ vbmcd_python_upper_constraints_url }}
{% if not vbmcd_virtualenv_path %}--ignore-installed PyYAML{% endif %}
--no-binary libvirt-python
name: virtualbmc
extra_args: -c {{ u_c_file.path }}
virtualenv: "{{ vbmcd_virtualenv_path or omit }}"
register: result
until: result is success
retries: 3
become: "{{ not vbmcd_virtualenv_path }}"
- name: Remove the temporary u-c file
file:
path: "{{ u_c_file.path }}"
state: absent
- name: "[selinux] Allow systemd to start vbmcd from venv"
block:
- name: "[selinux] Allow systemd to start vbmcd from venv - sefcontext"
become: true
sefcontext:
target: "{{ vbmcd_virtualenv_path }}/bin(/.*)?"
setype: bin_t
state: present
register: sefcontext
- name: "[selinux] Allow systemd to start vbmcd from venv - restorecon"
become: true
command: "restorecon -r {{ vbmcd_virtualenv_path }}/bin"
when: sefcontext.changed
when: selinux_enabled and vbmcd_virtualenv_path
- name: Ensure Virtual BMC systemd service is configured
template:
src: templates/{{ item }}.j2

3
ansible/roles/virtualbmc-daemon/vars/Debian.yml
View File

@ -1,7 +1,4 @@
---
# List of package dependencies to install.
vbmcd_packages:
- gcc
- libvirt-dev
- pkg-config
- libzmq5

5
ansible/roles/virtualbmc-daemon/vars/RedHat.yml
View File

@ -1,6 +1,3 @@
---
# List of package dependencies to install.
vbmcd_packages:
- gcc
- pkgconfig
- libvirt-devel
vbmcd_packages: []

22
playbooks/tenks-deploy-teardown/pre.yml
View File

@ -7,7 +7,6 @@
- role: tenks-diagnostics
tenks_diagnostics_phase: "pre"
tenks_diagnostics_log_dir: "{{ logs_dir }}"
- role: tenks-ci-prep
tasks:
- name: Ensure config directory exists
file:
@ -22,13 +21,28 @@
- name: Install python3
become: true
package:
name: python3
name:
- python3
- python3-pip
- python3-setuptools
- name: Create virtualenv for tenks
- name: Create venv for tenks and upgrade pip
pip:
name: pip
state: latest # noqa package-latest
virtualenv: "{{ tenks_venv }}"
virtualenv_command: "{{ ansible_facts.python.executable }} -m venv"
- name: Upgrade setuptools
pip:
name: setuptools
state: latest # noqa package-latest
virtualenv: "{{ tenks_venv }}"
- name: Install tenks deps
pip:
requirements: "{{ tenks_src_dir }}/requirements.txt"
virtualenv: "{{ tenks_venv }}"
virtualenv_python: "{{ ansible_facts.python.executable }}"
- name: Ensure /etc/ansible exists
file:

47
roles/tenks-ci-prep/tasks/main.yml
View File

@ -1,47 +0,0 @@
---
- block:
# NOTE(mgoddard): The CentOS image used in CI has epel-release installed,
# but the configure-mirrors role used by Zuul disables epel. Since we
# install epel-release and expect epel to be enabled, enable it here.
- name: Ensure yum-utils is installed
yum:
name: yum-utils
state: installed
- name: Enable the EPEL yum repository
command: yum-config-manager --enable epel
- name: Enable the CRB yum repository
command: yum-config-manager --enable crb
when: ansible_facts.distribution_major_version == '9'
when: ansible_facts.os_family == 'RedHat'
become: true
- name: Install Python3 modules
become: true
package:
name:
- python3-pip
- python3-setuptools
- python3-wheel
- name: Install Python3 devel
become: true
package:
name:
- python3-devel
when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9'
- name: Install virtualenv from distribution package
become: true
package:
name:
- "{% if ansible_facts.os_family == 'Debian' %}virtualenv{% else %}python3-virtualenv{% endif %}"
when: not (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9')
- name: Install virtualenv using pip
become: true
pip:
name: virtualenv
when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '9'