On 01/15/2015 06:25 PM, Joe Gordon wrote: > We can side step the dependency graphing and ordering issue by looking > at the list of curently installed packages via pip freeze and not > installing dependencies (pip install --no-deps) > > After looking into this further here are the known issues: > > * Partial capping won't work , so we need to pin all dependencies, we > can generate this list per file via "pip install -r" and "pip freeze", > but this doesn't address the issue of apt-get vs pip install. For > example in the stable gate we use suds 0.4.1 but only suds 0.4.0 is > available via pip. > * Not all packages are installed in are standard dsvm-tempest env, so > using pip-freeze from that isn't enough > * We need to run this per requirements file and move to using pip > install --no-deps everywhere. As the global-requirements sync wouldn't > work the first time since files don't list all transient dependencies yet.
So that's basically writing our own dependency system entirely, and skipping pip's (vs. fudging around pip's issues). I expect that's going to go poorly in the OpenStack ecosystem realm because a lot of very repetitive manual analysis will need to be done on each project. And if we want to bump a cap, regenerating all the graphs becomes another manual process. > * We can still break if a package version is removed from pypi > * in pip-freeze we sometimes install versions lower then our minimum > version (python-libvirt!) That's because python-libvirt is not in any requirements.txt file, so we're taking the system version. -Sean -- Sean Dague http://dague.net __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev