fedcloud stays on its own venv

EGI-Federation · Jan 15, 2025 · 506e1b6 · 506e1b6
1 parent 77d7aa4
commit 506e1b6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/cloud-info/Dockerfile b/cloud-info/Dockerfile
@@ -10,13 +10,18 @@ RUN curl -s https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGrid
     && apt-get install -y ca-policy-egi-core \
     && rm -rf /var/lib/apt/lists/*
 
+# Fedcloud client is pinning dependencies strictly so it does not play
+# very well with the rest of the available venv. Installing on its own
+RUN python -m venv /fedcloud && \
+    /fedcloud/bin/pip install --no-cache-dir fedcloudclient
+
 WORKDIR /cloud-info
 
+COPY requirements.txt .
+
 RUN python -m venv /cloud-info/venv
 ENV PATH="/cloud-info/venv/bin:$PATH"
 
-COPY requirements.txt .
-
 RUN pip install --no-cache-dir -r requirements.txt \
     && cat /etc/grid-security/certificates/*.pem >> "$(python -m requests.certs)"
 
@@ -37,7 +42,6 @@ RUN apt-get update \
        jq rclone \
     && rm -rf /var/lib/apt/lists/*
 
-
 RUN mkdir /cloud-info \
     && groupadd -g 1999 python \
     && useradd -r -u 1999 -g python python \
@@ -47,6 +51,7 @@ WORKDIR /cloud-info
 
 # All the python code from the build image above
 COPY --chown=python:python --from=build /cloud-info/venv ./venv
+COPY --chown=python:python --from=build /fedcloud /fedcloud
 # Add the scripts that call the cloud-info-provider as needed for the site
 # these create the configuration for the site by discovering the available
 # projects for the credentials and will send the output to the AMS queue and

diff --git a/cloud-info/ams-wrapper.sh b/cloud-info/ams-wrapper.sh
@@ -96,16 +96,17 @@ if test -s cloud-info.json; then
 		OIDC_ACCESS_TOKEN=$(yq -r '.checkin.access_token' <"$ACCESS_TOKEN_FILE")
 		export OIDC_ACCESS_TOKEN
 		export EGI_VO="$SWIFT_VO_NAME"
-		SWIFT_URL=$(fedcloud openstack \
+		SWIFT_URL=$(/fedcloud/bin/fedcloud openstack \
 			--site "$SWIFT_SITE_NAME" \
 			catalog show swift -f json |
 			jq -r '(.endpoints[] | select(.interface=="public")).url')
 		export RCLONE_CONFIG_REMOTE_TYPE="swift"
 		export RCLONE_CONFIG_REMOTE_ENV_AUTH="false"
 		export RCLONE_CONFIG_REMOTE_STORAGE_URL="$SWIFT_URL"
-		eval "$(fedcloud site env --site "$SWIFT_SITE_NAME")"
+		eval "$(/fedcloud/bin/fedcloud site env --site "$SWIFT_SITE_NAME")"
 		export RCLONE_CONFIG_REMOTE_AUTH_URL="$OS_AUTH_URL"
-		OS_AUTH_TOKEN=$(fedcloud openstack --site "$SWIFT_SITE_NAME" token issue -c id -f value)
+		OS_AUTH_TOKEN=$(/fedcloud/bin/fedcloud openstack \
+			--site "$SWIFT_SITE_NAME" token issue -c id -f value)
 		export RCLONE_CONFIG_REMOTE_AUTH_TOKEN="$OS_AUTH_TOKEN"
 		rclone mkdir "remote:$SWIFT_CONTAINER_NAME"
 		rclone copy cloud-info.json "remote:$SWIFT_CONTAINER_NAME/$SITE_NAME"