[all][infra] Upcoming removal of preinstalled pip and virtualenv from base images
Sorin Sbarnea
ssbarnea at redhat.com
Sat May 30 12:00:04 UTC 2020
That is indeed a really good move which can be summarized as moving towards unadulterated system images, or at least not modified in a way that would bring them to a state where they are "unsupported".
Preinstalling already existing system packages or setting up mirrors is ok, but other than this probably not.
virtualenv/pip/setuptools prooved to be a very good source of issues.
Thanks
Sorin
> On 30 May 2020, at 01:43, Ian Wienand <iwienand at redhat.com> wrote:
>
> Hello,
>
> This is to notify the community of the planned upcoming removal of the
> "pip-and-virtualenv" element from our infra image builds.
>
> This is part of the "cleanup test node python" spec documented at [1].
>
> tl;dr
> -----
>
> - pip and virtualenv tools will no longer be pre-installed on the base
> images we use for testing, but will be installed by jobs themselves.
> - most current jobs will depend on common Zuul base jobs that have
> been updated to install these tools already *i.e. in most cases
> there should be nothing to do*
> - in general, jobs should ensure they depend on roles that install
> these tools if they require them
> - if you do find your job failing due to the lack of either of these
> tools, use the ensure-pip or ensure-virtualenv roles provided in
> zuul-jobs
> - we have "-plain" node types that implement this now. If you think
> there might be a problem, switch the job to run run against one of
> these node types described below for testing.
>
> History
> -------
>
> The "pip-and-virtualenv" element is part of diskimage-builder [2] and
> installs the latest version of pip and virtualenv, and related tools
> like setuptools, into the system environment for the daily builds.
> This has a long history of working around various issues, but has
> become increasingly problematic to maintain.
>
> One of the more noticable effects is that to prevent the distribution
> packages overwriting the upstream installs, we put various pip,
> setuptools and virtualenv packages on "hold" in CI images. This
> prevents tests resinstalling packaged tools which can create, in
> short, a big mess. Both destroying the extant environment and having
> the tools on hold have been problems for various projects at various
> times.
>
> Another other problem is what happens when you call "pip" or
> "virtualenv" has diverged. It used to be that "pip" would install the
> package under Python2, while pip3 would install under python3.
> However, modern distributions now have "pip" installing under Python
> 3. To keep having "pip" install Python 2 packages on these platforms
> is not just wrong, but drags in Python 2 dependences to our images
> that aren't required.
>
> The addition of Python 3's venv and the split with virtualenv makes
> things even more confusing again.
>
> Future
> ------
>
> As famously said "the only winning move is not to play". [3]
>
> By dropping this element, images will not have non-packaged
> pip/virtualenv/setuptools/etc. pre-installed. No packages will be on
> hold.
>
> The "ensure-pip" role [4] will ensure that dependencies for "pip:"
> commands will work. Because of the way base jobs are setup, it is
> most likely that this role has already run. If you wish to use a
> virtual environment to install a tool, I would suggest using the
> "ensure_pip_virtualenv_cmd" this role exports. This will default to
> "python3 -m venv". An example is [5].
>
> In a Python 3 word, you probably do not *need* virtualenv; "python3 -m
> venv" is available and works after the "ensure-pip" role is run.
> However, if you require some of the features that virtualenv provides
> that venv does not (explained at [6]) there is a role
> "ensure-virtualenv" [7]. For example, we do this on the devstack
> branches because it is common to use "virtualenv" there due to the
> long history [8].
>
> If you need specific versions of pip or virtualenv, etc. beyond the
> system-packaged versions installed with the above, you should have
> your job configure these. There is absolutely no problem with jobs
> installing differing versions of pip/virtuatlenv/etc in any way they
> want -- we just don't want the base images to have any of that by
> default. Of course, you should consider if you're building/testing
> something that is actually useful outside the gate, but that is a
> global concern.
>
> Testing
> -------
>
> We have built parallel nodes with the suffix "-plain" where you can
> test any jobs in the new environment. For example [9] speculatively
> tests devstack. The node types available are
>
> centos-7-plain
> centos-8-plain
> ubuntu-xenial-plain
> ubuntu-bionic-plain
>
> The newer focal images do not have pip pre-installed, neither do the
> faster moving Fedora images, any SUSE images, or any ARM64 images.
>
> Rollout
> -------
>
> We would like to make the switch soon, to shake out any issues early
> in the cycle. This would mean on or about the 8th June.
>
> Thanks,
>
> -i
>
> [1] https://docs.opendev.org/opendev/infra-specs/latest/specs/cleanup-test-node-python.html
> [2] https://opendev.org/openstack/diskimage-builder/src/branch/master/diskimage_builder/elements/pip-and-virtualenv
> [3] https://en.wikipedia.org/wiki/WarGames
> [4] https://zuul-ci.org/docs/zuul-jobs/python-roles.html#role-ensure-pip
> [5] https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/bindep/tasks/install.yaml#L9
> [6] https://virtualenv.pypa.io/en/latest/
> [7] https://zuul-ci.org/docs/zuul-jobs/python-roles.html#role-ensure-virtualenv
> [8] https://opendev.org/openstack/devstack/commit/23cfb9e6ebc63a4da4577c0ef9e3450b9c946fa7
> [9] https://review.opendev.org/#/c/712211/11/.zuul.yaml
>
>
More information about the openstack-discuss
mailing list