group_vars: repo_all: Always build cryptography from source
cryptography may bundle openssl in the wheel and that causes symbol conflicts if a different openssl is provided by the distribution. As such, it's probably safer to re-build cryptography ourselves just to be sure that the correct distro libraries are used. This has been addressed in openstack-ansible-tests/test-vars.yaml (https://review.openstack.org/#/c/486580/) to fix the CI tests but the problem is also present on regular deployments so we set it in the group_variables for the repo_all group of hosts so it's built from source in the wheel repository. Related-Bug: 1705521 Link: https://github.com/pyca/cryptography/issues/3804 Change-Id: I54ba3c1fa48a2f4c633930bc7e8cc65397f86659
This commit is contained in:
Markos Chandras
Jesse Pretorius (odyssey4me)
parent
af5c873af4
commit
9220732958
|
|
@ -52,8 +52,16 @@ pip_lock_to_internal_repo: False
|
|||
# A pre-built wheel can be missing libvirt capabilities from the installed
|
||||
# version of libvirt-bin, leading to nova-compute failing to start.
|
||||
#
|
||||
# NOTE(hwoarang) cryptography may bundle openssl in the wheel and that
|
||||
# causes symbol conflicts if a different openssl is provided by the
|
||||
# distribution. As such, it's probably safer to re-build cryptography
|
||||
# ourselves just to be sure that the correct distro libraries are used
|
||||
# see https://github.com/pyca/cryptography/issues/3804
|
||||
# This keeps popping up every now and then so it might worth keeping this
|
||||
# around even if the upstream issue is resolved
|
||||
repo_build_pip_no_binary:
|
||||
- libvirt-python
|
||||
- cryptography
|
||||
|
||||
# Set the build tag and the repo version
|
||||
repo_build_release_tag: "{{ openstack_release }}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue