Baremetal role installs python docker package on host via pip
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Undecided
|
Unassigned | ||
Queens |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The baremetal role installs the docker python package directly to the system python packages via pip [1]. This is necessary for interacting with the docker engine via the kolla_docker ansible module. However, using pip to install packages directly to the host can have negative consequences:
* It will overwrite any existing packages installed via a system package manager (yum, apt) or pip with new versions.
* The new version may not be compatible with other existing packages that depend on it.
* A system package update will overwrite the version installed by the baremetal role.
We hit the last issue recently, following a yum nightly update which installed a new version of python-urllib3 (1.10.2), which was incompatible with the version of requests (2.18.4) installed by the baremetal role as a dependency of the docker package. This broke the kolla_docker module with this output:
fatal: [MY_NODE]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Shared connection to MY_IP closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/
The following workaround allowed kolla_docker to work:
pip uninstall requests
pip uninstall urllib3
yum remove python-requests python-urllib3
yum install python-requests python-urllib3
I suspect that only requests had any effect.
There's a little more context in the original kayobe issue [2].
Ideally, kolla-ansible would support installing the docker python package in a virtualenv, and using it when required.
There may be issues with always using a virtualenv on the remote hosts, for example the yum python package cannot be installed via pip. This would need investigation.
[1] https:/
[2] https:/
Changed in kolla-ansible: | |
status: | New → Fix Released |
I have successfully tested the use of a virtualenv on the remote target hosts to work around this issue. This can be achieved by setting a host variable, ansible_ python_ interpreter, to a python interpreter installed in a virtualenv. Because kolla-ansible uses some python modules which are not available via PyPI, such as apt, yum, and selinux, it is typically necessary to create the virtualenv with --system- site-packages.
Ideally some support is required for installing this virtualenv, and the logical place for that is the kolla-ansible bootstrap-servers command and the baremetal role. I will propose a change which I used to test this.