diff options
| author | Sean Mooney <work@seanmooney.info> | 2023-01-31 12:03:05 -0500 |
|---|---|---|
| committer | Sean Mooney <work@seanmooney.info> | 2023-02-03 07:59:20 -0500 |
| commit | cb7084ed1868a29795364a83999842d8e671f4d0 (patch) | |
| tree | be27d5b6779788abaf91064b99fc95bc2910dbb1 | |
| parent | e83a6802ca7b88f874e7476d5a46decaa74f0359 (diff) | |
| download | ceilometer-cb7084ed1868a29795364a83999842d8e671f4d0.tar.gz | |
Fix gnocchi install from git
Recent changes to git prevent git repos from being parsed if they
are not owned by the current user as part of a CVE fix. Some
project use stevedore to load plugins and this is broken if
gnocchi is installed from git via "sudo pip install".
This change uses devstacks git_clone to ensure that the gnocchi
repos is clonned under $DEST aka /opt/stack as the current user not
root. It then uses pip install -e to install the precloned repo.
To enable this GNOCCHI_REPO and GNOCCHI_BRANCH are intoduced
and the non standard GNOCCHI_GIT_PATH is removed.
A long standing comment to stop installing from git after
Gnocchi 4.0 is adressed by only installing from git if
gnocchi is listed in LIBS_FROM_GIT. However since
4.4.2 is currently incompatible with openstacks upper-constraits
file the ci will continue to git however the git repo will
now be prepared by zuul using required-projects.
This will have the side effect of allowing
Depends on to work for PRs to gnocchi however testing that
is out of scope of this patch.
This patch adds a sample local.conf that can be used to deploy
locally for devopment.
Depends-On: https://review.opendev.org/c/openstack/telemetry-tempest-plugin/+/872350
Change-Id: I833ea3bffb18bec063423450be0f3b8ff92f9a5a
| -rw-r--r-- | .zuul.yaml | 1 | ||||
| -rw-r--r-- | devstack/README.rst | 3 | ||||
| -rw-r--r-- | devstack/local.conf.sample | 45 | ||||
| -rw-r--r-- | devstack/plugin.sh | 8 | ||||
| -rw-r--r-- | devstack/settings | 6 |
5 files changed, 59 insertions, 4 deletions
@@ -5,6 +5,7 @@ required-projects: - opendev.org/openstack/grenade - opendev.org/openstack/ceilometer + - gnocchixyz/gnocchi vars: configure_swap_size: 8192 grenade_devstack_localrc: diff --git a/devstack/README.rst b/devstack/README.rst index 38aa78c2..ee71f43e 100644 --- a/devstack/README.rst +++ b/devstack/README.rst @@ -22,4 +22,7 @@ Enabling Ceilometer in DevStack installation of Ceilometer. If you don't want to use their default value, you can set a new one in ``local.conf``. + Alternitvely you can modify copy and modify the sample ``local.conf`` + located at ``ceilometer/devstack/local.conf.sample`` + 3. Run ``stack.sh``. diff --git a/devstack/local.conf.sample b/devstack/local.conf.sample new file mode 100644 index 00000000..f35aca41 --- /dev/null +++ b/devstack/local.conf.sample @@ -0,0 +1,45 @@ +[[local|localrc]] +# Common options +# -------------- +#RECLONE=True +#FORCE=True +#OFFLINE=True +#USE_PYTHON3=True +#PYTHON3_VERSION=3.8 +# HOST_IP shoudl be set to an ip that is present on the host +# e.g. the ip of eth0. This will be used to bind api endpoints and horizon. +HOST_IP=<hostip> + +# Minimal Contents +# ---------------- + +# While ``stack.sh`` is happy to run without ``localrc``, devlife is better when +# there are a few minimal variables set: + +# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter +# values for them by ``stack.sh``and they will be added to ``local.conf``. +ADMIN_PASSWORD=password +DATABASE_PASSWORD=$ADMIN_PASSWORD +RABBIT_PASSWORD=$ADMIN_PASSWORD +SERVICE_PASSWORD=$ADMIN_PASSWORD + +LOGFILE=$DEST/logs/stack.sh.log +LOGDAYS=2 + +# the plugin line order matters but the placment in the file does not +enable_plugin aodh https://opendev.org/openstack/aodh +enable_plugin ceilometer https://opendev.org/openstack/ceilometer.git + +# Gnocchi settings +# Gnocchi is optional but can be enbaled by uncommenting CEILOMETER_BACKEND +CEILOMETER_BACKEND=gnocchi + +# if gnocchi is not in LIBS_FROM_GIT it will install from pypi. +# Currently this is broken with the latest gnocchi release 4.4.2 +# so we need to install from git until +# https://github.com/gnocchixyz/gnocchi/issues/1290 is resolved +LIBS_FROM_GIT+=gnocchi + +# to control the version of gnocchi installed from git uncomment these options +#GNOCCHI_BRANCH="master" +#GNOCCHI_REPO=https://github.com/gnocchixyz/gnocchi diff --git a/devstack/plugin.sh b/devstack/plugin.sh index c475be44..62e79c6c 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -137,8 +137,12 @@ function ceilometer_create_accounts { function install_gnocchi { echo_summary "Installing Gnocchi" - if [ $GNOCCHI_GIT_PATH ]; then - pip_install -e $GNOCCHI_GIT_PATH[redis,${DATABASE_TYPE},keystone] uwsgi + if use_library_from_git "gnocchi"; then + # we need to git clone manually to ensure that the git repo is added + # to the global git repo list and ensure its cloned as the current user + # not as root. + git_clone ${GNOCCHI_REPO} ${GNOCCHI_DIR} ${GNOCCHI_BRANCH} + pip_install -e ${GNOCCHI_DIR}[redis,${DATABASE_TYPE},keystone] uwsgi else pip_install gnocchi[redis,${DATABASE_TYPE},keystone] uwsgi fi diff --git a/devstack/settings b/devstack/settings index 142ecf7b..1e503344 100644 --- a/devstack/settings +++ b/devstack/settings @@ -16,9 +16,11 @@ if [ "$CEILOMETER_BACKEND" = "gnocchi" ]; then enable_service gnocchi-api gnocchi-metricd fi + +GNOCCHI_DIR=${GNOCCHI_DIR:-${DEST}/gnocchi} +GNOCCHI_BRANCH=${GNOCCHI_BRANCH:-"master"} +GNOCCHI_REPO=${GNOCCHI_REPO:-https://github.com/gnocchixyz/gnocchi} # Gnocchi default archive_policy for Ceilometer -# TODO(sileht): when Gnocchi 4.0 is out use the tarball instead -GNOCCHI_GIT_PATH=${GNOCCHI_GIT_PATH:-git+https://github.com/gnocchixyz/gnocchi#egg=gnocchi} if [ -n "$GNOCCHI_ARCHIVE_POLICY_TEMPEST" ]; then GNOCCHI_ARCHIVE_POLICY=$GNOCCHI_ARCHIVE_POLICY_TEMPEST else |