cryptography NAPALM dependancy needs rust and newer pip on python36
mtinberg opened this issue · comments
Netbox doesn't deploy on RHEL/CentOS 7 python36 with pip3 v9.0.3 due to current release of cryptography depended on by NAPALM depending on rust during the build/install process, pip3 v9.0.3 setuptools doesn't have modules to build rust, but running pip3 install pip --upgrade
in the venv then installing napalm works, as long as rust (1.47.0) is installed from EPEL.
We may need to add rust as a package dependancy then upgrade pip in the venv during deployment, maybe have the first pip/venv task be to set up an empty venv and upgrade pip, then install requirements/constraints then optional modules.
This may affect other platforms as well
This has affected a lot of packages/apps in the Python ecosystem.
I'm not crazy about blindly upgrading pip to the latest version - as there have been breaking pip
changes in the past. IMO, we should select a known working version (whatever is released right now) and pin that as part of the pip constraints perhaps?
The latest version of pip has a pre-compiled wheel of the cryptography package so there's no need to install rust
on the target system. So the pre-install steps should be pip install pip==X.Y.Z wheel=X.Y.Z
to ensure the following tasks can complete.
It's worth noting that the NetBox upgrade.sh
is doing a 'blind' pip
upgrade now netbox-community/netbox#5776 but I still think a pinned pip
is the better approach.
I'm on board with pinned pip
via the constraints role variable. Although pinning to a minor version (x.y) instead of a patch version (x.y.z) seems like it'd be appropriate to keep the maintenance overhead low.