[GitHub] [airflow] potiuk commented on a change in pull request #19189: Swtich both PROD and CI images to use virtual environments

Thu, 28 Oct 2021 04:11:29 -0700 


potiuk commented on a change in pull request #19189:
URL: https://github.com/apache/airflow/pull/19189#discussion_r738284162



##########
File path: Dockerfile
##########
@@ -441,25 +443,53 @@ RUN chmod a+x /scripts/docker/install_mysql.sh && \
     find "${AIRFLOW_HOME}" -executable -print0 | xargs --null chmod g+x && \
         find "${AIRFLOW_HOME}" -print0 | xargs --null chmod g+rw
 
-COPY --chown=airflow:root --from=airflow-build-image /root/.local 
"${AIRFLOW_USER_HOME_DIR}/.local"
+COPY --chown=airflow:root --from=airflow-build-image /.venv /.venv
 COPY --chown=airflow:root scripts/in_container/prod/entrypoint_prod.sh 
/entrypoint
 COPY --chown=airflow:root scripts/in_container/prod/clean-logs.sh /clean-logs
 
 # Make /etc/passwd root-group-writeable so that user can be dynamically added 
by OpenShift
 # See https://github.com/apache/airflow/issues/9248
 
 RUN chmod a+x /entrypoint /clean-logs && \
-    chmod g=u /etc/passwd && \
-    bash /scripts/docker/install_pip_version.sh
+    chmod g=u /etc/passwd
+
+# Set default groups for airflow and root user
+RUN usermod -g 0 airflow -G 0
+
+# make sure that the venv is activated for all users
+# interactive, non-interactive shells and plain sudo, sudo with --interactive 
flag
+RUN echo ". /.venv/bin/activate" >> "${AIRFLOW_USER_HOME_DIR}/.bashrc" && \
+    echo ". /.venv/bin/activate" >> /root/.bashrc && \
+    sed --in-place=.bak "s/secure_path=\"/secure_path=\"\/.venv\/bin:/" 
/etc/sudoers

Review comment:
       Update. @mik-laj pointed me to the current activate function and i think 
we can indeed emulate what virtualenv activation does without risking future 
incompatibilities:
   
   * Setting VIRTUAL_ENV 
   * Seting PYTHONHOME
   * Setting PATH
   * Setting PS1 (but that's nice to have)
   
   This is all that virtualenv activation does - and those are the only 
variables any custom scripts might potentially rely on so I think if we 
manually modify those variables we are good WDYT @uranusjr . I will have to 
also make sure `sudo` also have those variables set as well - especially PATH 
which is used from 'safePath" in sudoers.
   
   I think this is highly unlikely anyting else will change in the "activate" 
command.
   
   WDYT?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to