Remove PYOPTIMIZE_TINYIPA capability

Oslo.Privsep requries pycparser, which does not support being loaded
into python programs where the source is not available for doc string
references. This is because one of the things that happens with
an optomized python, is the files are "pre-compiled" and doc strings
are removed.

This is unfortunate, but just means the TinyIPA images are slightly
larger, Testing shows this is approximately 5 MB.

Change-Id: I3bdda3a8e595db8e84cd15bf083978c39514b1fa
This commit is contained in:
Julia Kreger 2021-02-16 09:45:24 -08:00
parent 23fe9741d2
commit c66244ff55
6 changed files with 11 additions and 69 deletions

View File

@ -100,28 +100,6 @@ or:
Advanced options Advanced options
---------------- ----------------
(De)Optimizing the image
~~~~~~~~~~~~~~~~~~~~~~~~
If you do not want the build script to preinstall everything into the ramdisk,
and instead load some things at runtime (this results in a slightly smaller
ramdisk), before running ``make`` or ``finalise-tinyipa.sh`` set:
.. code-block:: bash
export BUILD_AND_INSTALL_TINYIPA=false
By default, building tinyIPA will compile most of the Python code to
optimized ``*.pyo`` files, completely remove most of ``*.py`` and ``*.pyc``
files, and run ironic-python-agent with ``PYTHONOPTIMIZE=1``
to save space on the ramdisk. If instead you want a normal Python experience
inside the image, for example for debugging/hacking on IPA in a running
ramdisk, before running ``make`` or ``build-tinyipa.sh`` set:
.. code-block:: bash
export PYOPTIMIZE_TINYIPA=false
Enabling/disabling SSH access to the ramdisk Enabling/disabling SSH access to the ramdisk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@ -0,0 +1,8 @@
---
fixes:
- |
Removes support for ``PYOPTIMIZE_TINYIPA``, which now casues the TinyIPA
image to be approximately 5 MB larger. This was due to an incompatability
with the ``oslo.privsep`` library dependency on ``pycparser`` which cannot
load into precompiled python programs where the original source embedded
documentation is not present.

View File

@ -1,7 +1,7 @@
.PHONY: default all dependencies build finalise addssh iso clean clean_build clean_iso .PHONY: default all dependencies build finalise addssh iso clean clean_build clean_iso
default: dependencies build finalise instance-images default: dependencies build finalise instance-images
all: dependencies build finalise iso instance-images all: build finalise iso instance-images
dependencies: dependencies:
./install-deps.sh ./install-deps.sh

View File

@ -104,15 +104,6 @@ function install_ssh {
$TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys $TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys
} }
function fix_python_optimize {
if grep -q "PYTHONOPTIMIZE=1" "$REBUILDDIR/opt/bootlocal.sh"; then
# tinyipa was built with optimized Python environment, apply fixes
echo "PYTHONOPTIMIZE=1" | $TC_CHROOT_CMD tee -a /home/tc/.ssh/environment
echo "PermitUserEnvironment yes" | $CHROOT_CMD tee -a $SSHD_CONFIG_PATH
echo 'Defaults env_keep += "PYTHONOPTIMIZE"' | $CHROOT_CMD tee -a /etc/sudoers
fi
}
function rebuild_ramdisk { function rebuild_ramdisk {
# Rebuild build directory into gz file # Rebuild build directory into gz file
@ -134,11 +125,6 @@ setup_tce "$DST_DIR"
# NOTE (pas-ha) default tinyipa is built without SSH access, enable it here # NOTE (pas-ha) default tinyipa is built without SSH access, enable it here
install_ssh install_ssh
# NOTE(pas-ha) default tinyipa is built with PYOPTIMIZE_TINYIPA=true and
# for Ansible+python to work we need to ensure that PYTHONOPTIMIZE=1 is
# set for all sessions from 'tc' user including those that are escalated
# with 'sudo' afterwards
fix_python_optimize
cleanup_tce "$DST_DIR" cleanup_tce "$DST_DIR"
rebuild_ramdisk rebuild_ramdisk

View File

@ -36,8 +36,6 @@ fi
# Create ipa-rescue-config directory for rescue password # Create ipa-rescue-config directory for rescue password
sudo mkdir -p /etc/ipa-rescue-config sudo mkdir -p /etc/ipa-rescue-config
export PYTHONOPTIMIZE=1
# Setup DHCP network # Setup DHCP network
configure_dhcp_network() { configure_dhcp_network() {
for pidfile in `ls /var/run/udhcpc*.pid`; do for pidfile in `ls /var/run/udhcpc*.pid`; do

View File

@ -13,7 +13,7 @@ INSTALL_SSH=${INSTALL_SSH:-true}
AUTHORIZE_SSH=${AUTHORIZE_SSH:-false} AUTHORIZE_SSH=${AUTHORIZE_SSH:-false}
SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-} SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-}
PYOPTIMIZE_TINYIPA=${PYOPTIMIZE_TINYIPA:-true} PYOPTIMIZE_TINYIPA=${PYOPTIMIZE_TINYIPA:-false}
TINYIPA_REQUIRE_BIOSDEVNAME=${TINYIPA_REQUIRE_BIOSDEVNAME:-false} TINYIPA_REQUIRE_BIOSDEVNAME=${TINYIPA_REQUIRE_BIOSDEVNAME:-false}
TINYIPA_REQUIRE_IPMITOOL=${TINYIPA_REQUIRE_IPMITOOL:-true} TINYIPA_REQUIRE_IPMITOOL=${TINYIPA_REQUIRE_IPMITOOL:-true}
TINYIPA_UDEV_SETTLE_TIMEOUT=${TINYIPA_UDEV_SETTLE_TIMEOUT:-60} TINYIPA_UDEV_SETTLE_TIMEOUT=${TINYIPA_UDEV_SETTLE_TIMEOUT:-60}
@ -27,10 +27,6 @@ if [ -n "$PYTHON_EXTRA_SOURCES_DIR_LIST" ]; then
IFS="," read -ra PKGDIRS <<< "$PYTHON_EXTRA_SOURCES_DIR_LIST" IFS="," read -ra PKGDIRS <<< "$PYTHON_EXTRA_SOURCES_DIR_LIST"
for PKGDIR in "${PKGDIRS[@]}"; do for PKGDIR in "${PKGDIRS[@]}"; do
PKG=$(cd "$PKGDIR" ; python setup.py --name) PKG=$(cd "$PKGDIR" ; python setup.py --name)
if [[ "$PKG" == "hardware" ]]; then
# hardware depends upon numpy which can't be optimised
PYOPTIMIZE_TINYIPA=false
fi
done done
fi fi
@ -212,31 +208,7 @@ $CHROOT_CMD touch /var/lib/hwclock/adjtime
$CHROOT_CMD chmod 640 /var/lib/hwclock/adjtime $CHROOT_CMD chmod 640 /var/lib/hwclock/adjtime
if $PYOPTIMIZE_TINYIPA; then if $PYOPTIMIZE_TINYIPA; then
# Precompile all python echo "WARNING: Precompilation is not compatible with oslo.privsep and is being ignored."
if [[ $USE_PYTHON3 == "True" ]]; then
set +e
$CHROOT_CMD /bin/bash -c "python3 -OO -m compileall /usr/local/lib/python3.6"
set -e
find $FINALDIR/usr/local/lib/python3.6 -name "*.py" -not -path "*ironic_python_agent/api/config.py" | sudo xargs --no-run-if-empty rm
find $FINALDIR/usr/local/lib/python3.6 -name "*.pyc" ! -name "*opt-2*" | sudo xargs --no-run-if-empty rm
sudo find $FINALDIR/usr/local/lib/python3.6 -type d -name __pycache__ -exec sh -c 'cd "$1"; for f in *; do mv -i "$f" .. ; done' find-sh {} \;
find $FINALDIR/usr/local/lib/python3.6 -name "*.cpython-36.opt-2*" | sed 'p;s/\.cpython-36\.opt-2//' | sudo xargs -n2 --no-run-if-empty mv
fi
set +e
$CHROOT_CMD /bin/bash -c "python -OO -m compileall /usr/local/lib/python2.7"
set -e
find $FINALDIR/usr/local/lib/python2.7 -name "*.py" -not -path "*ironic_python_agent/api/config.py" | sudo xargs --no-run-if-empty rm
find $FINALDIR/usr/local/lib/python2.7 -name "*.pyc" | sudo xargs --no-run-if-empty rm
if $INSTALL_SSH && $AUTHORIZE_SSH ; then
# NOTE(pas-ha) for Ansible+Python to work we need to ensure that
# PYTHONOPTIMIZE=1 is set for all sessions from 'tc' user including
# those that are elevated with 'sudo' afterwards
echo "PYTHONOPTIMIZE=1" | $TC_CHROOT_CMD tee -a /home/tc/.ssh/environment
echo "PermitUserEnvironment yes" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
echo 'Defaults env_keep += "PYTHONOPTIMIZE"' | $CHROOT_CMD tee -a /etc/sudoers
fi
else
sudo sed -i "s/PYTHONOPTIMIZE=1/PYTHONOPTIMIZE=0/" "$FINALDIR/opt/bootlocal.sh"
fi fi
# Delete unnecessary Babel .dat files # Delete unnecessary Babel .dat files