Re: [I] Cannot create virtualenv for PythonVirtualenvOperator [airflow]

Fri, 31 May 2024 21:32:17 -0700 


potiuk commented on issue #39953:
URL: https://github.com/apache/airflow/issues/39953#issuecomment-2143285798

   Yep. Looks like indeed bug in viritualenv - and as they noticed - PR with a 
fix there would solve the problem.
   
   For now this is a very quick workaround to bypass virtualenv limitation:
   
   ```
   env PATH 
/home/airflow/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
   ```
   
   BTW. The reason we have `/root/bin` in a path and we have `pip` there is 
because we want to protect against `/root/bin` user being able to run `pip` 
accidentally (because this will break things if you install packages as root 
user when you extend the image after switching to root user.
   
   For example when you do this in your image, this will break things (packages 
will be installed by root user but not available to airflow user:
   
   ```
   USER root
   RUN pip install something
   USER airflow
   ```
   
   This happened often in the past that people made this mistake, so the 
`/root/bin/pip` available on path is precisely a way to get an error if somone 
tries to run pip as root. The `/root/bin/pip` script is this:
   
   ```
   COLOR_RED=$'\e[31m'
   COLOR_RESET=$'\e[0m'
   COLOR_YELLOW=$'\e[33m'
   
   if [[ $(id -u) == "0" ]]; then
       echo
       echo "${COLOR_RED}You are running pip as root. Please use 'airflow' user 
to run pip!${COLOR_RESET}"
       echo
       echo "${COLOR_YELLOW}See: 
https://airflow.apache.org/docs/docker-stack/build.html#adding-a-new-pypi-package${COLOR_RESET}";
       echo
       exit 1
   fi
   exec "${HOME}"/.local/bin/pip "${@}"
   ```
   
   So another option to workaround this virtualenv could be (and you can also 
attempt to make PR and test it) - is to make this script available on PATH 
somewhere outside of /root/bin and remove `/root/bin` from the path. It would 
be additional overhead if it is available to everyone -not only root (default 
behaviour of the OS is to skip paths that are not accessible) - but for your 
convenience you could give permissions to the directory/path where the script 
is to all users, this will add extra overhead on starting bash interpreter for 
any `pip` command but would likely work as a workaround.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to