Asadm pex install and openssl

Asadm pex install and openssl

Problem Description

Starting with the Aerospike Tools package version aerospike-tools-3.15.3.8, asadm and its dependencies are bundled into a single pex file executable. Starting with Aerospike Tools package version aerospike-tools-3.15.3.10, the bundled dependencies are downloaded as manylinux wheels from pip in order to fix/improve compatibility with many linux variants.

These changes simplify the installation process, while also removing any requirement to install over an outgoing network connection via pip.

The installation experience should be better for most users, but some may prefer to install asadm using the old method. For example, some users may wish to build a version of asadm to use a specific openssl installed on their system instead of the version that we bundle in via the cryptography package.

Explanation

Here’s an example pex installation with cryptography wheel bundled into the pex file on docker ubuntu image:

$ docker run --rm -it ubuntu:18.04 bash
...
$ apt update -y
...
$ apt install python wget -y
...
$ wget https://www.aerospike.com/download/tools/3.23.0/artifact/ubuntu18
...
$ tar -xvf ubuntu18 && cd aerospike-tools-3.23.0-ubuntu18.04
...
$ wget https://bootstrap.pypa.io/get-pip.py
...
$ python get-pip.py
...
$ pip install crytography --verbose
...
$ openssl version  
OpenSSL 1.1.1  11 Sep 2018

$ python -c "from cryptography.hazmat.backends.openssl import backend; print(backend.openssl_version_text())"
OpenSSL 1.1.1d  10 Sep 2019

$ PEX_INTERPRETER=1 asadm -c "from cryptography.hazmat.backends.openssl import backend; print(backend.openssl_version_text())"
OpenSSL 1.1.0j  20 Nov 2018

There are 3 versions of openssl that can potentially be used in some context in the above example:

  1. The system openssl (OpenSSL 1.1.1 11 Sep 2018)

  2. The openssl bundled in with the cryptography manylinux wheel install (OpenSSL 1.1.1d 10 Sep 2019)

  3. The openssl bundled in with the cryptography manylinux wheel that was packaged with the asadm pex install (OpenSSL 1.1.0j 20 Nov 2018)

Asadm will use (3) in this example.

In order to force asadm to use the system openssl, we can run a manual non-pex install of asadm, and install dependencies manually using the no-binary pip option for cryptography via pyOpenSSL.

$ docker run --rm -it ubuntu:18.04 bash
...
$ apt update -y
...
$ apt install python wget rsync zip -y
...
$ wget https://bootstrap.pypa.io/get-pip.py
...
$ python get-pip.py
...
$ apt install build-essential libssl-dev libffi-dev python-dev -y
...
$ pip install pyOpenSSL --no-binary :all:
...
$ pip install argparse bcrypt pexpect toml jsonschema pyasn1
...
$ wget https://github.com/aerospike/aerospike-admin/archive/0.3.3.tar.gz
...
$ tar -xf 0.3.3.tar.gz 
...
$ cd aerospike-admin-0.3.3 
...
$ useradd aerospike
...
$ make no_pex
...
$ make install
...
$ openssl version
OpenSSL 1.1.1  11 Sep 2018
$ python -c "from cryptography.hazmat.backends.openssl import backend; print(backend.openssl_version_text())"
OpenSSL 1.1.1  11 Sep 2018

In this case, with no bundled wheel and no pex file, asadm will use the cryptography installed manually, which, through the use of no-binary option, will use system openssl.

Solution

If you want to use system openssl instead of bundled openssl with asadm, build asadm manually using no_pex target, and build cryptography using the no-binary option.

See the previous explanation section for sample commands.

Keywords

MANYLINUX WHEEL PYTHON ASADM TOOLS PEX CRYPTOGRAPHY OPENSSL

Timestamp

January 2020

© 2015 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.