on-build python venvs (#1199)

Author: jackivanov

.gitignore

@@ -5,3 +5,5 @@ inventory_users
 *.kate-swp
 env
 .DS_Store
+venvs/*
+!venvs/.gitinit

Dockerfile

@@ -26,7 +26,7 @@ COPY . .
 RUN chmod 0755 /algo/algo-docker.sh
 
 # Because of the bind mounting of `configs/`, we need to run as the `root` user
-# This may break in cases where user namespacing is enabled, so hopefully Docker 
+# This may break in cases where user namespacing is enabled, so hopefully Docker
 # sorts out a way to set permissions on bind-mounted volumes (`docker run -v`)
 # before userns becomes default
 # Note that not running as root will break if we don't have a matching userid

README.md

@@ -58,7 +58,7 @@ The easiest way to get an Algo server running is to let it set up a _new_ virtua
     ```bash
     $ python -m virtualenv --python=`which python2` env &&
         source env/bin/activate &&
-        python -m pip install -U pip &&
+        python -m pip install -U pip virtualenv &&
         python -m pip install -r requirements.txt
     ```
     On macOS, you may be prompted to install `cc`. You should press accept if so.

config.cfg

@@ -13,6 +13,9 @@ users:
 # If True re-init all existing certificates. Boolean
 keys_clean_all: False
 
+# Clean up cloud python environments
+clean_environment: false
+
 vpn_network: 10.19.48.0/24
 vpn_network_ipv6: 'fd9d:bc11:4020::/48'
 wireguard_enabled: true

playbooks/cloud-pre.yml

@@ -14,6 +14,16 @@
         'dns_encryption "{{ dns_encryption }}"' \
         > /dev/tty
 
+- name: Install the requirements
+  local_action:
+    module: pip
+    state: latest
+    name:
+      - pyOpenSSL
+      - jinja2==2.8
+      - segno
+  tags: always
+
 - name: Generate the SSH private key
   openssl_privatekey:
     path: "{{ SSH_keys.private }}"

requirements.txt

@@ -1,13 +1 @@
-setuptools>=11.3
-SecretStorage < 3
-ansible[azure]==2.5.2
-dopy==0.3.5
-boto>=2.5
-boto3
-apache-libcloud
-six
-pyopenssl
-jinja2==2.8
-shade
-pycrypto
-segno
+ansible==2.5.2

roles/cloud-azure/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+azure_venv: "{{ playbook_dir }}/configs/.venvs/azure"
 _azure_regions: >
   [
     {

roles/cloud-azure/tasks/main.yml

@@ -1,43 +1,48 @@
 ---
 - block:
-    - name: Include prompts
-      import_tasks: prompts.yml
+    - name: Build python virtual environment
+      import_tasks: venv.yml
 
-    - set_fact:
-        algo_region: >-
-          {% if region is defined %}{{ region }}
-          {%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
-          {%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
+    - block:
+      - name: Include prompts
+        import_tasks: prompts.yml
 
-    - name: Create AlgoVPN Server
-      azure_rm_deployment:
-        state: present
-        deployment_name: "AlgoVPN-{{ algo_server_name }}"
-        template: "{{ lookup('file', 'deployment.json') }}"
-        secret: "{{ secret }}"
-        tenant: "{{ tenant }}"
-        client_id: "{{ client_id }}"
-        subscription_id: "{{ subscription_id }}"
-        resource_group_name: "AlgoVPN-{{ algo_server_name }}"
-        parameters:
-          AlgoServerName:
-            value: "{{ algo_server_name }}"
-          sshKeyData:
-            value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
-          location:
-            value: "{{ algo_region }}"
-          WireGuardPort:
-            value: "{{ wireguard_port }}"
-          vmSize:
-            value: "{{ cloud_providers.azure.size }}"
-          imageReferenceSku:
-            value: "{{ cloud_providers.azure.image }}"
-      register: azure_rm_deployment
+      - set_fact:
+          algo_region: >-
+            {% if region is defined %}{{ region }}
+            {%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
+            {%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
 
-    - set_fact:
-        cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
-        ansible_ssh_user: ubuntu
+      - name: Create AlgoVPN Server
+        azure_rm_deployment:
+          state: present
+          deployment_name: "AlgoVPN-{{ algo_server_name }}"
+          template: "{{ lookup('file', 'deployment.json') }}"
+          secret: "{{ secret }}"
+          tenant: "{{ tenant }}"
+          client_id: "{{ client_id }}"
+          subscription_id: "{{ subscription_id }}"
+          resource_group_name: "AlgoVPN-{{ algo_server_name }}"
+          parameters:
+            AlgoServerName:
+              value: "{{ algo_server_name }}"
+            sshKeyData:
+              value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
+            location:
+              value: "{{ algo_region }}"
+            WireGuardPort:
+              value: "{{ wireguard_port }}"
+            vmSize:
+              value: "{{ cloud_providers.azure.size }}"
+            imageReferenceSku:
+              value: "{{ cloud_providers.azure.image }}"
+        register: azure_rm_deployment
 
+      - set_fact:
+          cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
+          ansible_ssh_user: ubuntu
+      environment:
+        PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/"
   rescue:
     - debug: var=fail_hint
       tags: always

roles/cloud-azure/tasks/venv.yml

@@ -0,0 +1,32 @@
+---
+- name: Clean up the environment
+  file:
+    dest: "{{ azure_venv }}"
+    state: absent
+  when: clean_environment
+
+- name: Install requirements
+  pip:
+    name:
+      - packaging
+      - requests[security]
+      - azure-mgmt-compute>=2.0.0,<3
+      - azure-mgmt-network>=1.3.0,<2
+      - azure-mgmt-storage>=1.5.0,<2
+      - azure-mgmt-resource>=1.1.0,<2
+      - azure-storage>=0.35.1,<0.36
+      - azure-cli-core>=2.0.12,<3
+      - msrest==0.4.29
+      - msrestazure==0.4.31
+      - azure-mgmt-dns>=1.0.1,<2
+      - azure-mgmt-keyvault>=0.40.0,<0.41
+      - azure-mgmt-batch>=4.1.0,<5
+      - azure-mgmt-sql>=0.7.1,<0.8
+      - azure-mgmt-web>=0.32.0,<0.33
+      - azure-mgmt-containerservice>=2.0.0,<3.0.0
+      - azure-mgmt-containerregistry>=1.0.1
+      - azure-mgmt-rdbms==1.2.0
+      - azure-mgmt-containerinstance==0.4.0
+    state: latest
+    virtualenv: "{{ azure_venv }}"
+    virtualenv_python: python2.7

roles/cloud-digitalocean/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+digitalocean_venv: "{{ playbook_dir }}/configs/.venvs/digitalocean"

roles/cloud-digitalocean/tasks/main.yml

@@ -1,102 +1,108 @@
 - block:
-    - name: Include prompts
-      import_tasks: prompts.yml
-
-    - name: Set additional facts
-      set_fact:
-        algo_do_region: >-
-          {% if region is defined %}{{ region }}
-          {%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ do_regions[_algo_region.user_input | int -1 ]['slug'] }}
-          {%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
-        public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
+    - name: Build python virtual environment
+      import_tasks: venv.yml
 
     - block:
-        - name: "Delete the existing Algo SSH keys"
-          digital_ocean:
-            state: absent
-            command: ssh
-            api_token: "{{ algo_do_token }}"
-            name: "{{ SSH_keys.comment }}"
-          register: ssh_keys
-          until: ssh_keys.changed != true
-          retries: 10
-          delay: 1
+      - name: Include prompts
+        import_tasks: prompts.yml
 
-      rescue:
-        - name: Collect the fail error
-          digital_ocean:
-            state: absent
-            command: ssh
-            api_token: "{{ algo_do_token }}"
-            name: "{{ SSH_keys.comment }}"
-          register: ssh_keys
-          ignore_errors: yes
+      - name: Set additional facts
+        set_fact:
+          algo_do_region: >-
+            {% if region is defined %}{{ region }}
+            {%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ do_regions[_algo_region.user_input | int -1 ]['slug'] }}
+            {%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
+          public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
 
-        - debug: var=ssh_keys
+      - block:
+          - name: "Delete the existing Algo SSH keys"
+            digital_ocean:
+              state: absent
+              command: ssh
+              api_token: "{{ algo_do_token }}"
+              name: "{{ SSH_keys.comment }}"
+            register: ssh_keys
+            until: ssh_keys.changed != true
+            retries: 10
+            delay: 1
 
-        - fail:
-            msg: "Please, ensure that your API token is not read-only."
+        rescue:
+          - name: Collect the fail error
+            digital_ocean:
+              state: absent
+              command: ssh
+              api_token: "{{ algo_do_token }}"
+              name: "{{ SSH_keys.comment }}"
+            register: ssh_keys
+            ignore_errors: yes
 
-    - name: "Upload the SSH key"
-      digital_ocean:
-        state: present
-        command: ssh
-        ssh_pub_key: "{{ public_key }}"
-        api_token: "{{ algo_do_token }}"
-        name: "{{ SSH_keys.comment }}"
-      register: do_ssh_key
+          - debug: var=ssh_keys
 
-    - name: "Creating a droplet..."
-      digital_ocean:
-        state: present
-        command: droplet
-        name: "{{ algo_server_name }}"
-        region_id: "{{ algo_do_region }}"
-        size_id: "{{ cloud_providers.digitalocean.size }}"
-        image_id: "{{ cloud_providers.digitalocean.image }}"
-        ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
-        unique_name: yes
-        api_token: "{{ algo_do_token }}"
-        ipv6: yes
-      register: do
+          - fail:
+              msg: "Please, ensure that your API token is not read-only."
 
-    - set_fact:
-        cloud_instance_ip: "{{ do.droplet.ip_address }}"
-        ansible_ssh_user: root
+      - name: "Upload the SSH key"
+        digital_ocean:
+          state: present
+          command: ssh
+          ssh_pub_key: "{{ public_key }}"
+          api_token: "{{ algo_do_token }}"
+          name: "{{ SSH_keys.comment }}"
+        register: do_ssh_key
 
-    - name: Tag the droplet
-      digital_ocean_tag:
-        name: "Environment:Algo"
-        resource_id: "{{ do.droplet.id }}"
-        api_token: "{{ algo_do_token }}"
-        state: present
+      - name: "Creating a droplet..."
+        digital_ocean:
+          state: present
+          command: droplet
+          name: "{{ algo_server_name }}"
+          region_id: "{{ algo_do_region }}"
+          size_id: "{{ cloud_providers.digitalocean.size }}"
+          image_id: "{{ cloud_providers.digitalocean.image }}"
+          ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
+          unique_name: yes
+          api_token: "{{ algo_do_token }}"
+          ipv6: yes
+        register: do
 
-    - block:
-        - name: "Delete the new Algo SSH key"
-          digital_ocean:
-            state: absent
-            command: ssh
-            api_token: "{{ algo_do_token }}"
-            name: "{{ SSH_keys.comment }}"
-          register: ssh_keys
-          until: ssh_keys.changed != true
-          retries: 10
-          delay: 1
+      - set_fact:
+          cloud_instance_ip: "{{ do.droplet.ip_address }}"
+          ansible_ssh_user: root
+
+      - name: Tag the droplet
+        digital_ocean_tag:
+          name: "Environment:Algo"
+          resource_id: "{{ do.droplet.id }}"
+          api_token: "{{ algo_do_token }}"
+          state: present
+
+      - block:
+          - name: "Delete the new Algo SSH key"
+            digital_ocean:
+              state: absent
+              command: ssh
+              api_token: "{{ algo_do_token }}"
+              name: "{{ SSH_keys.comment }}"
+            register: ssh_keys
+            until: ssh_keys.changed != true
+            retries: 10
+            delay: 1
 
-      rescue:
-        - name: Collect the fail error
-          digital_ocean:
-            state: absent
-            command: ssh
-            api_token: "{{ algo_do_token }}"
-            name: "{{ SSH_keys.comment }}"
-          register: ssh_keys
-          ignore_errors: yes
+        rescue:
+          - name: Collect the fail error
+            digital_ocean:
+              state: absent
+              command: ssh
+              api_token: "{{ algo_do_token }}"
+              name: "{{ SSH_keys.comment }}"
+            register: ssh_keys
+            ignore_errors: yes
 
-        - debug: var=ssh_keys
+          - debug: var=ssh_keys
 
-        - fail:
-            msg: "Please, ensure that your API token is not read-only."
+          - fail:
+              msg: "Please, ensure that your API token is not read-only."
+      environment:
+        PYTHONPATH: "{{ digitalocean_venv }}/lib/python2.7/site-packages/"
   rescue:
     - debug: var=fail_hint
       tags: always

roles/cloud-digitalocean/tasks/venv.yml

@@ -0,0 +1,13 @@
+---
+- name: Clean up the environment
+  file:
+    dest: "{{ digitalocean_venv }}"
+    state: absent
+  when: clean_environment
+
+- name: Install requirements
+  pip:
+    name: dopy
+    version: 0.3.5
+    virtualenv: "{{ digitalocean_venv }}"
+    virtualenv_python: python2.7