[openstack-dev] [devstack] Possible issues cryptography 1.0 and os-client-config 1.6.2

Sean Dague sean at dague.net
Wed Aug 19 13:42:04 UTC 2015


On 08/18/2015 09:34 PM, John Griffith wrote:
> 
> 
> On Tue, Aug 18, 2015 at 7:42 PM, John Griffith <john.griffith8 at gmail.com
> <mailto:john.griffith8 at gmail.com>> wrote:
> 
> 
> 
>     On Tue, Aug 18, 2015 at 2:14 PM, Robert Collins
>     <robertc at robertcollins.net <mailto:robertc at robertcollins.net>> wrote:
> 
>         On 19 August 2015 at 03:51, Sean Dague <sean at dague.net
>         <mailto:sean at dague.net>> wrote:
> 
>         > So... I'm at Linux Con this week, meaning that things will be slow. I
>         > think - https://review.openstack.org/#/c/208582/ (slightly updated this
>         > morning) will get devstack users working again. And I agree, we really
>         > need devstack and the gate to be convergent on their solution here, not
>         > divergent.
> 
>         So unless something has changed, devstack users are broken only on
>         Fedora - and the constraints thing won't protect them at this stage
>         because of two things.
> 
>         Firstly, the bug isn't a cryptography bug - its a setuptools / pip
>         thing resulting in the .so pip installs being in the arch
>         neutral path
>         rather than lib64, and this would work except that devstack also
>         installs python-cffi, which then masks the pip updated one. I don't
>         know why devstack is installing the binary package :/. This is a
>         Fedora platform specific bug - it doesn't show up on Ubuntu - either
>         because devstack doesn't install the ubuntu python-cffi package, or
>         because pip/setuptools on ubuntu don't have the same disconnect with
>         system packages in the same way. I'm not sure which.
> 
>         Secondly, until we have a gate on openstack/requirements that checks
>         devstack-on-fedora, fedora developers will be exposed to this
>         sort of
>         thing from time to time :/.
> 
>         -Rob
> 
>         --
>         Robert Collins <rbtcollins at hp.com <mailto:rbtcollins at hp.com>>
>         Distinguished Technologist
>         HP Converged Cloud
> 
>         __________________________________________________________________________
>         OpenStack Development Mailing List (not for usage questions)
>         Unsubscribe:
>         OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>         <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
>     ​Catching up on this thread, looks like the referenced devstk change
>     above (987dc6453e8e3a8a46d748059378564c42bafc5c) merged and broke
>     things.  Seems we don't install opt/stack/requirements so stack.sh
>     is failing for third party CI's that don't use node-pool (suspect
>     they'll fail when they're nodes are rebuilt similar to last weeks
>     issue with keystone).
> 
>     Went ahead and confirmed that a fresh download and stack.sh locally
>     fails, going to have a look after dinner but thought maybe somebody
>     already knows what's up with this.
> 
>     Thanks,
>     John
> 
> ​For those that are interested, Clark pointed me to this patch [1] which
> in fact the addresses the issue I was running in to. 
> 
> [1]: https://review.openstack.org/#/c/214409/

Sorry about jumping the gun there. We thought, incorrectly, we had the
right fix. And it's a conference week so access to my local test env
wasn't easy.

I've got a few ideas on how to robustify this whole path to make issues
like this less likely to happen in the future.

My bad.

	-Sean

-- 
Sean Dague
http://dague.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150819/34534aa0/attachment.pgp>


More information about the OpenStack-dev mailing list