[openstack-dev] Devstack installation failed with CINDER installation

Ben Nemec openstack at nemebean.com
Fri Feb 14 21:00:01 UTC 2014


On 2014-02-13 20:44, Jeremy Stanley wrote:
> On 2014-02-13 10:56:28 -0600 (-0600), Ben Nemec wrote:
> [...]
>> configure pip to use the pypi.openstack.org mirror.
> [...]
> 
> While this is sometimes a useful hack for working around
> intermittent PyPI CDN growing pains on your personal development
> workstation, or maybe for ferreting out whether your local tests are
> getting different results because of varied package set between PyPI
> and our mirror, I fear that some people reading this might assume
> it's a stable public service and encode it into production
> configuration.
> 
> The pypi.openstack.org mirror is just a single VM, while
> pypi.python.org has CDN services fronting it for improved
> reachability, reliability and scalability. In fact,
> pypi.openstack.org resides on the same single-point-of-failure VM
> which also provides access to build logs and lots of other data.
> It's intended mostly as a place for our automated build systems to
> look for packages so as not to hammer actual PyPI constantly and to
> provide us an additional layer of control over what we test with. It
> is *not* secure. Let me reiterate that point. It is for test jobs,
> so the content is served via plain unencrypted HTTP *only* and is
> therefore easily modified by a man-in-the-middle attack. It's also
> not guaranteed to be around indefinitely, or to necessarily be
> reachable outside the cloud provider networks where testing is
> performed, or to carry all the packages you may need, or to have
> enough bandwidth available to serve the entire user base, or to be
> up and on line 100% of the time, or...
> 
> ...you get the idea.

And yet it's still way, way more stable than official pypi, at least in 
my experience. :-)

But point taken.  I will make sure to include a disclaimer in the 
future.

-Ben



More information about the OpenStack-dev mailing list