Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Python 3.x virtual environment needs system-site-packages -- need to update docs #512

Open
kdelee opened this issue Dec 4, 2017 · 7 comments
Open

Python 3.x virtual environment needs system-site-packages -- need to update docs #512

kdelee opened this issue Dec 4, 2017 · 7 comments

Comments

@kdelee
Copy link

kdelee commented Dec 4, 2017

Specify type:

  • Bug

Bug severity (if applicable):

  • High

Description:

Writing the report file fails when running rho installed in python 3.6.3 virtual environment. Error message claims it is because of missing libselinux python bindings, but libselinux-python3 is installed via dnf.

Bug Report

Version of rho:

[ 1d5dfde] (master)

Expected behaviour:

If I can otherwise run rho in my python 3.6.3 virtual environment, I should be able to write a report for any successful scan.

Actual behaviour:

Rho is able to write the report for some successful scans, but breaks on the report writing for others.

Reports missing dependency on libselinxu-python3, but this is installed.

See tail of scan log, will provide verbose logs on request:

 ____________________________________________
< TASK [write : write the host vars to JSON] >
 --------------------------------------------
      \                    / \  //\
       \    |\___/|      /   \//  \\
            /0  0  \__  /    //  | \ \    
           /     /  \/_/    //   |  \  \  
           @_^_@'/   \/_   //    |   \   \ 
           //_^_/     \/_ //     |    \    \
        ( //) |        \///      |     \     \
      ( / /) _|_ /   )  //       |      \     _\
    ( // /) '/,_ _ _/  ( ; -.    |    _ _\.-~        .-~~~^-.
  (( / / )) ,-{        _      `-.|.-~-.           .~         `.
 (( // / ))  '/\      /                 ~-. _ .-~      .-~^-.  \
 (( /// ))      `.   {            }                   /      \  \
  (( / ))     .----~-.\        \-'                 .~         \  `. \^-.
             ///.----..>        \             _ -~             `.  ^-`  ^-_
               ///-._ _ _ _ _ _ _}^ - - - - ~                     ~-- ,.-~
                                                                  /.-~

fatal: [localhost]: FAILED! => {"changed": false, "checksum": "2e5aee5f1fdc638a62bbe1b4bee3dc40dd8d5582", "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
	to retry, use: --limit @/home/elijah/sfw/quipu/rho/rho_playbook.retry

Steps to reproduce:

It seems I am able to scan 1 to 3 machines successfully and then it writes the report. It seems the reproducer for me is to scan the 26 test matrix machines from my Fedora 26 workstation, the scan portion of the playbook completes and then it breaks when attempting to write the report..

Environment information:

Provide detailed information on the scanning and target systems (if applicable); see example below.

Type Operating System OS Version Python Version Virtualization
Scanning System Fedora 26 3.6.3 Bare Metal
Target System test matrix (see internal docs) vCenter
@chambridge
Copy link

@kdelee Found the following post:
https://dmsimard.com/2016/01/08/selinux-python-virtualenv-chroot-and-ansible-dont-play-nice/

Wondering if this is something you can workaround for your virtual environment based on the info there and if so can we document it.

@kdelee
Copy link
Author

kdelee commented Dec 4, 2017

Are you talking about this part of the post:

I told myself this wouldn’t work but apparently it does - I just copied /usr/lib64/python2.7/site-packages/selinux to $VIRTUAL_ENV/lib/python2.7/site-packages.

? I tried this and so far no luck, but I might muck around some more. I'm not sure if the later suggestion is an option for rho users:

So it turns out that Ansible has a built-in definition for the host localhost and it will fork from sys.executable and this is the virtualenv python if you are running from a virtualenv.

If you want to override this, you will need to declare localhost in your inventory file explicitely like so:

localhost ansible_python_interpreter=/usr/bin/python

@elyezer
Copy link

elyezer commented Dec 12, 2017

I was hitting the same issue and I figured out that something changed on Ansible that it is now requiring the libselinux to be available on the virtual environment.

To be able to generate the reports I had to remove my virtual environment and creating a new one by including the system site-packages (since we can't pip install libselinux). After that I've installed rho and checked that I was actually able to import selinux using the python from the virutal env:

$ which python
~/.virtualenvs/rho/bin/python

$ python
Python 2.7.14 (default, Nov  3 2017, 10:55:25) 
[GCC 7.2.1 20170915 (Red Hat 7.2.1-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import selinux
>>> exit()

I wasn't able to import selinux before and I wasn't able to generate the report. Also I faced that issue on both python 2 and 3.

@kdelee
Copy link
Author

kdelee commented Dec 12, 2017 via email
edited
Loading

@elyezer
Copy link

elyezer commented Dec 12, 2017

You need to do that when creating the virtualenv, something like:

virtualenv --system-site-packages virtualenvname

@noahl
Copy link

noahl commented Dec 13, 2017

@kdelee if I understand correctly, this affects Rho in a virtual environment, which means it should not affect Rho as installed via RPM. Is that right?

@kdelee
Copy link
Author

kdelee commented Dec 13, 2017 via email

@kdelee kdelee changed the title Python 3.x compatiblity seems broken Python 3.x virtual environment needs system-site-packages -- need to update docs Dec 18, 2017
@kdelee kdelee mentioned this issue Dec 18, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@noahl @elyezer @kdelee @chambridge