From cb7084ed1868a29795364a83999842d8e671f4d0 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Tue, 31 Jan 2023 12:03:05 -0500 Subject: Fix gnocchi install from git Recent changes to git prevent git repos from being parsed if they are not owned by the current user as part of a CVE fix. Some project use stevedore to load plugins and this is broken if gnocchi is installed from git via "sudo pip install". This change uses devstacks git_clone to ensure that the gnocchi repos is clonned under $DEST aka /opt/stack as the current user not root. It then uses pip install -e to install the precloned repo. To enable this GNOCCHI_REPO and GNOCCHI_BRANCH are intoduced and the non standard GNOCCHI_GIT_PATH is removed. A long standing comment to stop installing from git after Gnocchi 4.0 is adressed by only installing from git if gnocchi is listed in LIBS_FROM_GIT. However since 4.4.2 is currently incompatible with openstacks upper-constraits file the ci will continue to git however the git repo will now be prepared by zuul using required-projects. This will have the side effect of allowing Depends on to work for PRs to gnocchi however testing that is out of scope of this patch. This patch adds a sample local.conf that can be used to deploy locally for devopment. Depends-On: https://review.opendev.org/c/openstack/telemetry-tempest-plugin/+/872350 Change-Id: I833ea3bffb18bec063423450be0f3b8ff92f9a5a --- devstack/README.rst | 3 +++ devstack/local.conf.sample | 45 +++++++++++++++++++++++++++++++++++++++++++++ devstack/plugin.sh | 8 ++++++-- devstack/settings | 6 ++++-- 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 devstack/local.conf.sample (limited to 'devstack') diff --git a/devstack/README.rst b/devstack/README.rst index 38aa78c2..ee71f43e 100644 --- a/devstack/README.rst +++ b/devstack/README.rst @@ -22,4 +22,7 @@ Enabling Ceilometer in DevStack installation of Ceilometer. If you don't want to use their default value, you can set a new one in ``local.conf``. + Alternitvely you can modify copy and modify the sample ``local.conf`` + located at ``ceilometer/devstack/local.conf.sample`` + 3. Run ``stack.sh``. diff --git a/devstack/local.conf.sample b/devstack/local.conf.sample new file mode 100644 index 00000000..f35aca41 --- /dev/null +++ b/devstack/local.conf.sample @@ -0,0 +1,45 @@ +[[local|localrc]] +# Common options +# -------------- +#RECLONE=True +#FORCE=True +#OFFLINE=True +#USE_PYTHON3=True +#PYTHON3_VERSION=3.8 +# HOST_IP shoudl be set to an ip that is present on the host +# e.g. the ip of eth0. This will be used to bind api endpoints and horizon. +HOST_IP= + +# Minimal Contents +# ---------------- + +# While ``stack.sh`` is happy to run without ``localrc``, devlife is better when +# there are a few minimal variables set: + +# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter +# values for them by ``stack.sh``and they will be added to ``local.conf``. +ADMIN_PASSWORD=password +DATABASE_PASSWORD=$ADMIN_PASSWORD +RABBIT_PASSWORD=$ADMIN_PASSWORD +SERVICE_PASSWORD=$ADMIN_PASSWORD + +LOGFILE=$DEST/logs/stack.sh.log +LOGDAYS=2 + +# the plugin line order matters but the placment in the file does not +enable_plugin aodh https://opendev.org/openstack/aodh +enable_plugin ceilometer https://opendev.org/openstack/ceilometer.git + +# Gnocchi settings +# Gnocchi is optional but can be enbaled by uncommenting CEILOMETER_BACKEND +CEILOMETER_BACKEND=gnocchi + +# if gnocchi is not in LIBS_FROM_GIT it will install from pypi. +# Currently this is broken with the latest gnocchi release 4.4.2 +# so we need to install from git until +# https://github.com/gnocchixyz/gnocchi/issues/1290 is resolved +LIBS_FROM_GIT+=gnocchi + +# to control the version of gnocchi installed from git uncomment these options +#GNOCCHI_BRANCH="master" +#GNOCCHI_REPO=https://github.com/gnocchixyz/gnocchi diff --git a/devstack/plugin.sh b/devstack/plugin.sh index c475be44..62e79c6c 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -137,8 +137,12 @@ function ceilometer_create_accounts { function install_gnocchi { echo_summary "Installing Gnocchi" - if [ $GNOCCHI_GIT_PATH ]; then - pip_install -e $GNOCCHI_GIT_PATH[redis,${DATABASE_TYPE},keystone] uwsgi + if use_library_from_git "gnocchi"; then + # we need to git clone manually to ensure that the git repo is added + # to the global git repo list and ensure its cloned as the current user + # not as root. + git_clone ${GNOCCHI_REPO} ${GNOCCHI_DIR} ${GNOCCHI_BRANCH} + pip_install -e ${GNOCCHI_DIR}[redis,${DATABASE_TYPE},keystone] uwsgi else pip_install gnocchi[redis,${DATABASE_TYPE},keystone] uwsgi fi diff --git a/devstack/settings b/devstack/settings index 142ecf7b..1e503344 100644 --- a/devstack/settings +++ b/devstack/settings @@ -16,9 +16,11 @@ if [ "$CEILOMETER_BACKEND" = "gnocchi" ]; then enable_service gnocchi-api gnocchi-metricd fi + +GNOCCHI_DIR=${GNOCCHI_DIR:-${DEST}/gnocchi} +GNOCCHI_BRANCH=${GNOCCHI_BRANCH:-"master"} +GNOCCHI_REPO=${GNOCCHI_REPO:-https://github.com/gnocchixyz/gnocchi} # Gnocchi default archive_policy for Ceilometer -# TODO(sileht): when Gnocchi 4.0 is out use the tarball instead -GNOCCHI_GIT_PATH=${GNOCCHI_GIT_PATH:-git+https://github.com/gnocchixyz/gnocchi#egg=gnocchi} if [ -n "$GNOCCHI_ARCHIVE_POLICY_TEMPEST" ]; then GNOCCHI_ARCHIVE_POLICY=$GNOCCHI_ARCHIVE_POLICY_TEMPEST else -- cgit v1.2.1