Open Stack

On Jun 26, 2014 12:12 PM, "Angus Salkeld" <angus.salkeld at rackspace.com>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25/06/14 15:13, Clark Boylan wrote:
> > On Tue, Jun 24, 2014 at 9:54 PM, Adrian Otto <adrian.otto at rackspace.com>
wrote:
> >> Hello,
> >>
> >> Solum has run into a constraint with the current scheme for
requirements management within the OpenStack CI system. We have a proposal
for dealing with this constraint that involves making a contribution to
openstack-infra. This message explains the constraint, and our proposal for
addressing it.
> >>
> >> == Background ==
> >>
> >> OpenStack uses a list of global requirements in the requirements
repo[1], and each project has it’s own requirements.txt and
test-requirements.txt files. The requirements are satisfied by gate jobs
using pip configured to use the pypi.openstack.org mirror, which is
periodically updated with new content from pypi.python.org. One motivation
for doing this is that pypi.python.org may not be as fast or as reliable as
a local mirror. The gate/check jobs for the projects use the OpenStack
internal pypi mirror to ensure stability.
> >>
> >> The OpenStack CI system will sync up the requirements across all the
official projects and will create reviews in the participating projects for
any mis-matches. Solum is one of these projects, and enjoys this feature.
> >>
> >> Another motivation is so that users of OpenStack will have one single
set of python package requirements/dependencies to install and run the
individual OpenStack components.
> >>
> >> == Problem ==
> >>
> >> Stackforge projects listed in openstack/requirements/projects.txt that
decide to depend on each other (for example, Solum wanting to list
mistralclient as a requirement) are unable to, because they are not yet
integrated, and are not listed in
openstack/requirements/global-requirements.txt yet. This means that in
order to depend on each other, a project must withdraw from projects.txt
and begin using pip with pypi.poython.org to satisfy all of their
requirements.I strongly dislike this option.
> >>
> >> Mistral is still evolving rapidly, and we don’t think it makes sense
for them to pursue integration wight now. The upstream distributions who
include packages to support OpenStack will also prefer not to deal with a
requirement that will be cutting a new version every week or two in order
to satisfy evolving needs as Solum and other consumers of Mistral help
refine how it works.
> >>
> >> == Proposal ==
> >>
> >> We want the best of both worlds. We want the freedom to innovate and
use new software for a limited selection of stackforge projects, and still
use the OpenStack pypi server to satisfy my regular requirements. We want
the speed and reliability of using our local mirror, and users of Solum to
use a matching set of requirements for all the things that we use, and
integrated projects use. We want to continue getting the reviews that bring
us up to date with new requirements versions.
> >>
> >> We propose that we submit an enhancement to the gate/check job setup
that will:
> >>
> >> 1) Begin (as it does today) by satisfying global-requirements.txt and
my local project’s requirements.txt and test-requirements.txt using the
local OpenStack pypi mirror.
> >> 2) After all requirements are satisfied, check the name of my project.
If it begins with ‘stackforge/‘ then look for a stackforge-requirements.txt
file. If one exists, reconfigure pip to switch to use pypi.python.org, and
satisfy the requirements listed in the file. We will list mistralclient
there, and get the latest tagged/released version of that.
> >>
> > I am reasonably sure that if you remove yourself from the
> > openstack/requirements project list this is basically how it will
> > work. Pip is configured to use the OpenStack mirror and fall back on
> > pypi.python.org for packages not available on the OpenStack mirror
> > [2]. So I don't think there is any work to do here with additional
> > requirements files. It should just work. Adding a new requirements
> > file will just make things more confusing for packagers and consumers
> > of your software.
>
> Adrian I know this is not the optimal solution, but I think this is
> the most pragmatic solution (esp. given we need to progress and not be
held
> up by this), most stackforge projects are in the same boat as us.
> As far as pypi breakages (most are easily fixable by restricting the
> package versions if we get an issue with a new release
> of *random-api-breaking-package*).
>

I've looked through the infra choose mirror code, and Clark is correct. If
the project isn't in the projects.txt file they will only access to
pypi.openstack.org however if removed then it will first check
pypi.openstack.org and then fall back to to pypi.python.org. I think the
only real solution is what Angus mentioned, remove yourself from
projects.txt at least until all your dependencies can be provided by
pypi.openstack.org or another solution is put into place. In the mean time
you can at least progress and continue development.

If you code requires a direct dependency (rather then an optional
dependency) of some non integrated project, then your stuck until they are.


>
> >>
> >> == Call To Action ==
> >>
> >> What do you think of this approach to satisfy a balance of interests?
Everything remains the same for OpenStack projects, and Stackforge projects
get a new feature that allows them to require software that has not yet
been integrated. Are there even better options that we should consider?
> >>
> >> Thanks,
> >>
> >> Adrian Otto
> >>
> >>
> >> References:
> >> [1] https://review.openstack.org/openstack/requirements
> >
> > For what it is worth the Infra team has also been looking at
> > potentially using something like bandersnatch to mirror all of pypi
> > which is now a possibility because OpenStack doesn't depend on
> > packages that are hosted external to pypi. We would then do
> > requirements enforcement via checks rather than explicit use of a
> > restricted mirror. There are some things to sort out like platform
> > dependent wheels (I am not sure that any OpenStack project directly
> > consumes these but I have found them to be quite handy) and the
> > potential need for more enforcement to keep this working, but I think
> > this is a possibility.
>
> This would be neat.
>
> - -Angus
>
> >
> > Clark
> >
> > [2]
https://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/files/slave_scripts/select-mirror.sh#n54
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTq4A7AAoJEFrDYBLxZjWo51UH/1MoUNlFkWErEjHWmmXEB3dK
> iLkf+kanOPoy6lB1F8n7sYTnniylS6+jHqikHtxNb53vyfP1qwVuMvh44HrgHoSm
> 3Z/d08dF8T0yI0y2WUmCfuDvrzWFqkxf99zve/R7JHZane2vCfUK3vJYDyV+75sY
> jBUo6vMh51l91vf1wDFfIw6AltqMLGnuGaul6GS0ALx2T3Glr6OQwfXbKDxGB1eJ
> L3EOzeW4Qn8TkabW8Z+zl1d9nnNiKWeUs7rk+hOAR3LPO2smxLStsKKRSJrjnrU0
> ri62fl93q3QQ+E2ATBc74hQWxQBoYKiiPNhJ4iUSrAx44Adn0n5jQy0k5y34Kj8=
> =tVqv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140626/dcaaafb4/attachment-0001.html>