Install python modules required for embedded ansible credentials #341
Conversation
There was a problem hiding this comment.
I am fine with this route for things.
I think where we get the source of truth for the requirements.txt is the only thing of concern here. That said, I think we can determine that out of band, and that doesn't really change the core functionality of this PR, just what we are version locking things to.
|
So I made all the changes needed to get Unfortunately, now, a significant number are different from what is listed in awx and also from what is shipped in the tower rpm. Plus we added a few additional rpms. Not sure what option we want to go with here. I can always revert this PR to its original state though if we think that's better. @simaishi @NickLaMuro @Fryguy ? |
|
@carbonin Yeah, I don't know. Personally, I would rather we be as close to downstream as possible, or there eventually will be someone who tries fixing/replicating a bug on upstream and then turns out it is an issue with these packages and fixing it in one spot doesn't solve it in the other. I am going to have to come back to this, but this how I started evaluating it:
So I want to take a finer look at the about, but have to work on a few of my own TODO items first. |
|
Yeah, I came to the same conclusion @NickLaMuro I think we're closer to the downstream set with what we have here even though it required a bunch of workarounds vs the upstream set. I'm going to un-wip this and if we need to follow up on it we can do that after. Better to just get cloud modules working more quickly. |
carbonin
changed the title
|
I'll leave it up to @carbonin and @NickLaMuro for what should be included in requirements.txt, the rest looks good to me. |
| virtualenv venv | ||
| source venv/bin/activate | ||
|
|
||
| cat > requirements.txt << EOF |
There was a problem hiding this comment.
Minor, but would this be better as a straight file in COPY?
There was a problem hiding this comment.
I considered that, but thought that it might be more natural to keep what is essentially a packages list in this repo rather than in manageiq-appliance.
|
@simaishi brought up that |
carbonin
changed the title
|
|
We install these into a new venv so that we don't conflict with appliance python packages. This list is taken from `pip freeze -l` on an appliance with the ansible-tower-venv-ansible rpm installed
This is needed for building python modules as we install via pip https://bugzilla.redhat.com/show_bug.cgi?id=1734129
carbonin
force-pushed
the
install_python_modules
branch
from
f367e74
to
23df7d9
Compare
|
Checked commits carbonin/manageiq-appliance-build@4e6ae89~...23df7d9 with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0 |
carbonin
changed the title
|
well, this got a lot simpler 😂 |
There was a problem hiding this comment.
So looked through the differences between what is in requirements_ansible.txt and what you have here:
applicationinsights==0.11.9 => applicationinsights==0.11.1
argcomplete==1.9.5 => argcomplete==1.9.4
bcrypt==3.1.6 => bcrypt==3.1.4
botocore==1.9.23 => botocore==1.9.3
cachetools==3.1.0 => cachetools==3.0.0
certifi==2019.3.9 => certifi==2018.1.18
cffi==1.12.3 => cffi==1.11.5
colorama==0.4.1 => colorama==0.3.9
decorator==4.4.0 => decorator==4.2.1
dogpile.cache==0.7.1 => dogpile.cache==0.6.5
enum34==1.1.6; python_version < "3" => <missing>
futures==3.2.0; python_version < "3" => <missing>
humanfriendly==4.18 => humanfriendly==4.8
idna==2.8 => idna==2.6
ipaddress==1.0.22; python_version < "3" => ipaddress==1.0.19
jmespath==0.9.4 => jmespath==0.9.3
jsonpatch==1.23 => jsonpatch==1.21
keystoneauth1==3.14.0 => keystoneauth1==3.11.2
lxml==4.3.3 => lxml==4.1.1
monotonic==1.5; python_version < "3" => monotonic==1.4
munch==2.3.2 => munch==2.2.0
netifaces==0.10.9 => netifaces==0.10.6
ntlm-auth==1.3.0 => ntlm-auth==1.0.6
oauthlib==3.0.1 => oauthlib==2.0.6
openstacksdk==0.31.1 => openstacksdk==0.23.0
os-service-types==1.7.0 => os-service-types==1.2.0
ovirt-engine-sdk-python==4.3.0 => ovirt-engine-sdk-python==4.2.4
packaging==19.0 => packaging==17.1
pbr==5.2.0 => pbr==3.1.1
pyasn1==0.4.5 => pyasn1==0.4.2
pyasn1-modules==0.2.5 => pyasn1-modules==0.2.3
pycparser==2.19 => pycparser==2.18
pycurl==7.43.0.1 => <missing>
pygments==2.3.1 => pygments==2.2.0
pyjwt==1.7.1 => pyjwt==1.6.0
pynacl==1.3.0 => pynacl==1.2.1
pyopenssl==19.0.0 => pyopenssl==17.5.0
pyparsing==2.4.0 => pyparsing==2.2.0
pywinrm[kerberos]==0.3.0 => pywinrm==0.3.0
requests==2.21.0 => requests==2.20.0
requests-credssp==1.0.2 => requests-credssp==0.1.0
requests-oauthlib==1.2.0 => requests-oauthlib==0.8.0
rsa==4.0 => <missing>
six==1.12.0 => six==1.11.0
stevedore==1.30.1 => stevedore==1.28.0
tabulate==0.8.2 => tabulate==0.7.7
typing==3.6.6; python_version < "3" => <missing>
wheel==0.30.0 => <missing>
xmltodict==0.12.0 => xmltodict==0.11.0
pip==9.0.1 => <missing and not needed>
setuptools==36.0.1 => <missing and not needed>
And everything should just be a downgrade (which is expected), or is missing, though probably not needed. I think this is good, and we are definitely making less changes than what was done previously. 👍
| colorama==0.3.9 | ||
| cryptography==2.6.1 | ||
| decorator==4.2.1 | ||
| deprecation==2.0 |
There was a problem hiding this comment.
This is the only new package that isn't in the source from awx:
| pyparsing==2.2.0 | ||
| python-dateutil==2.6.1 | ||
| pyvmomi==6.5 | ||
| pywinrm==0.3.0 |
There was a problem hiding this comment.
This one is the only one that has a different notation (pywinrm[kerberos]==0.3.0) in the ansible/awx file:
https://github.com/ansible/awx/blob/c7bb0f10/requirements/requirements_ansible.txt#L99
Install python modules required for embedded ansible credentials (cherry picked from commit 441d102) https://bugzilla.redhat.com/show_bug.cgi?id=1734129
|
Ivanchuk backport details: |
We install these into a new venv so that we don't conflict with
appliance python packages.
This list is taken directly from
https://raw.githubusercontent.com/ansible/awx/c7bb0f10e10476e10df8a7e7b26732eb60958ca1/requirements/requirements_ansible.txt
which is the result of resolving the dependencies from
https://github.com/ansible/awx/blob/c7bb0f10e10476e10df8a7e7b26732eb60958ca1/requirements/requirements_ansible.in
I feel like taking the resolved file first is safer since pip doesn't
do true dependency resolution (pypa/pip#988)
Replacement for #340
Looking for input on places to put the list of packages. I felt like people wouldn't go looking for this list in
manageiq-appliance, but it needs to live on disk somewhere ...I could put it in manageiq core, but this seemed like a better place to start since it's really a build-time concern.
https://bugzilla.redhat.com/show_bug.cgi?id=1734129