WIP: OKD-322: Update install.sh to work on CentOS/RHEL 10

[jatinsu]

Description of the change:
Appending --ignore-installed to the PIP_OPTS variable in install.sh so pip will install packages without attempting to uninstall RPM-provided packages

Motivation for the change:
In CentOS/RHEL 10 the package python3-six is already provided. Pip attempts to uninstall it but it can't as it's a rpm package and it causes a build failure. The way I am testing this is by replacing the base image found here with a CentOS 10 image.

Summary by CodeRabbit

• Chores
  • Updated pip installation configuration to include the ignore-installed flag for improved dependency resolution during the installation process.

[openshift-ci-robot]

@jatinsu: This pull request references OKD-322 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Description of the change:
Appending --ignore-installed to the PIP_OPTS variable in install.sh so pip will install the requested versions without attempting to uninstall RPM-provided packages

Motivation for the change:
In CentOS/RHEL 10 the package python3-six is already provided. Pip attempts to uninstall it but it can't as it's a rpm package and it causes a build failure. The way I am testing this is by replacing the base image found here with a CentOS 10 image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Updated the PIP_OPTS configuration in the Ansible installation script to include the --ignore-installed flag alongside the existing --no-cache-dir option. This affects how pip handles package installation dependencies during the Ansible setup process.

Changes

Cohort / File(s)	Summary
Pip Installation Options openshift/install-ansible.sh	Added --ignore-installed flag to PIP_OPTS, changing from "--no-cache-dir" to "--no-cache-dir --ignore-installed"

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title references OKD-322 and CentOS/RHEL 10 compatibility, but the actual change modifies a PIP_OPTS flag in install-ansible.sh, not install.sh, and targets Python package installation rather than OS-level compatibility.	Update the title to accurately reflect the change, such as 'Update PIP_OPTS to ignore installed packages for CentOS/RHEL 10 compatibility' or 'Add --ignore-installed flag to pip install options'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	The custom check for 'Stable and Deterministic Test Names' is not applicable to this pull request as it contains no test files or test definitions using frameworks like Ginkgo.
Test Structure And Quality	✅ Passed	PR only modifies openshift/install-ansible.sh shell script; no test code is affected, making the custom check for test quality not applicable.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@jatinsu: This pull request references OKD-322 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Description of the change:
Appending --ignore-installed to the PIP_OPTS variable in install.sh so pip will install the requested versions without attempting to uninstall RPM-provided packages

Motivation for the change:
In CentOS/RHEL 10 the package python3-six is already provided. Pip attempts to uninstall it but it can't as it's a rpm package and it causes a build failure. The way I am testing this is by replacing the base image found here with a CentOS 10 image.

Summary by CodeRabbit

• Chores
• Updated pip installation configuration to include the ignore-installed flag for improved dependency resolution during the installation process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jatinsu
Once this PR has been reviewed and has the lgtm label, please assign oceanc80 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@jatinsu: This pull request references OKD-322 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Description of the change:
Appending --ignore-installed to the PIP_OPTS variable in install.sh so pip will install packages without attempting to uninstall RPM-provided packages

Motivation for the change:
In CentOS/RHEL 10 the package python3-six is already provided. Pip attempts to uninstall it but it can't as it's a rpm package and it causes a build failure. The way I am testing this is by replacing the base image found here with a CentOS 10 image.

Summary by CodeRabbit

• Chores
• Updated pip installation configuration to include the ignore-installed flag for improved dependency resolution during the installation process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

openshift/install-ansible.sh (1)

15-15: ⚠️ Potential issue | 🟡 Minor

pip --upgrade pip on line 15 doesn't use PIP_OPTS

If the same RHEL 10 constraint applies to pip itself (RPM-managed or PEP 668-flagged), this invocation will fail before PIP_OPTS is ever used. If --ignore-installed (and potentially --break-system-packages) are necessary for subsequent installs, they're likely needed here too.

🔧 Proposed fix

-python3 -m pip install --upgrade pip
+python3 -m pip install ${PIP_OPTS} --upgrade pip

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@openshift/install-ansible.sh` at line 15, Replace the plain upgrade command
"python3 -m pip install --upgrade pip" with a call that honors PIP_OPTS and
includes the same installer flags used later (e.g., --ignore-installed and, if
required for RHEL/PEP 668 cases, --break-system-packages) so pip itself can be
upgraded under the same constraints; in other words, invoke pip as "python3 -m
pip install --upgrade pip $PIP_OPTS" and add the same
--ignore-installed/--break-system-packages options as used for subsequent
installs to ensure the upgrade won't fail in RPM/PEP 668 environments.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@openshift/install-ansible.sh`:
- Line 5: The script's PIP_OPTS only contains --ignore-installed which doesn't
address PEP 668 errors on RHEL 10; update the PIP_OPTS variable (symbol:
PIP_OPTS) to include --break-system-packages (or change to using a virtual
environment) and ensure every pip invocation uses PIP_OPTS (including the pip
upgrade call invoked with python3 -m pip install --upgrade pip) so pip won't
fail with error: externally-managed-environment.

---

Outside diff comments:
In `@openshift/install-ansible.sh`:
- Line 15: Replace the plain upgrade command "python3 -m pip install --upgrade
pip" with a call that honors PIP_OPTS and includes the same installer flags used
later (e.g., --ignore-installed and, if required for RHEL/PEP 668 cases,
--break-system-packages) so pip itself can be upgraded under the same
constraints; in other words, invoke pip as "python3 -m pip install --upgrade pip
$PIP_OPTS" and add the same --ignore-installed/--break-system-packages options
as used for subsequent installs to ensure the upgrade won't fail in RPM/PEP 668
environments.

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between d85e7f6 and c9d396d.

📒 Files selected for processing (1)

• openshift/install-ansible.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

RHEL 10 CentOS 10 Python version 3.11 PEP 668 EXTERNALLY-MANAGED

💡 Result:

• RHEL 10 / CentOS Stream 10 “Python version”: the system/default python3 is Python 3.12 (RHEL 10 docs explicitly say 3.12 is the default; CentOS Stream 10’s python3 RPMs are 3.12.x). [1], [2]

• Python 3.11 availability on RHEL 10: RHEL 10 supports installing additional parallel Python versions from AppStream in minor releases, and RHEL 10 package listings include many python3.11-* packages (indicating a Python 3.11 stack exists alongside 3.12). [1], [3]

• PEP 668 / EXTERNALLY-MANAGED and pip: PEP 668 standardizes an EXTERNALLY-MANAGED marker file in the stdlib directory. When present, pip should refuse to install into the system environment outside a venv and instead push you to venv/pipx (unless you override). [4], [5]

  • Practical outcome: on distros that ship this marker, pip install ... against the system /usr/bin/python3 commonly errors with externally-managed-environment; the intended fixes are:
    • use a virtual environment: python3 -m venv .venv && . .venv/bin/activate && pip install ...
    • or use pipx for apps
    • or install distro RPMs via dnf when available
    • last resort: pip install --break-system-packages ... (explicitly “risky” per the spec). [4], [5]

Sources:
[1] RHEL 10 docs: default Python is 3.12; additional parallel versions via AppStream. (docs.redhat.com)
[2] CentOS Stream 10 python3 RPM provides python3.12 / versioned 3.12.x packages. (rpmfind.net)
[3] RHEL 10 package-change appendix lists many python3.11-* packages. (docs.redhat.com)
[4] PEP 668 definition/behavior of EXTERNALLY-MANAGED and --break-system-packages. (peps.python.org)
[5] PyPA spec for “Externally Managed Environments” (PEP 668 marker file behavior). (packaging.python.org)

Citations:

• 1: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/installing_and_using_dynamic_programming_languages/installing-and-using-python?utm_source=openai
• 2: https://rpmfind.net/linux/RPM/centos-stream/10/baseos/x86_64/python3-3.12.5-2.el10.x86_64.html?utm_source=openai
• 3: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/considerations_in_adopting_rhel_10/changes-to-packages?utm_source=openai
• 4: https://peps.python.org/pep-0668/?utm_source=openai
• 5: https://packaging.python.org/en/latest/specifications/externally-managed-environments.html?utm_source=openai

---

🏁 Script executed:

# Let's also check if there's any context in the repository about the actual failure or RHEL 10 requirements
cd /root && git ls-files | grep -E "(install-ansible|Dockerfile|RHEL|CentOS)" | head -20

Repository: openshift/ansible-operator-plugins

Length of output: 133

---

🏁 Script executed:

find . -name "install-ansible.sh" -o -name "*install*ansible*" | head -10

Repository: openshift/ansible-operator-plugins

Length of output: 108

---

🏁 Script executed:

# Search for the file in the repository
fd "install-ansible" --type f

Repository: openshift/ansible-operator-plugins

Length of output: 106

---

🏁 Script executed:

# Try to locate and examine the full context of install-ansible.sh
git ls-files | grep -i ansible | head -20

Repository: openshift/ansible-operator-plugins

Length of output: 1246

---

🏁 Script executed:

cat -n ./openshift/install-ansible.sh

Repository: openshift/ansible-operator-plugins

Length of output: 1201

---

🏁 Script executed:

# Check for any Dockerfile or build context that uses this script
git log --oneline -- openshift/install-ansible.sh | head -5

Repository: openshift/ansible-operator-plugins

Length of output: 129

---

🏁 Script executed:

# Check the actual commit to see what changed and what problem it was solving
git show c9d396d --stat

Repository: openshift/ansible-operator-plugins

Length of output: 50391

---

🏁 Script executed:

# Get more details about what changed in the commit
git show c9d396d

Repository: openshift/ansible-operator-plugins

Length of output: 50393

---

--ignore-installed is insufficient for RHEL 10 with PEP 668-compliant Python 3.12

On RHEL 10, the default Python is 3.12 (and Python 3.11 is available via AppStream). Both versions enforce PEP 668, which marks the system environment as EXTERNALLY-MANAGED. This creates two distinct pip failure modes, requiring different solutions:

Problem	Failure	Fix
pip attempts to uninstall an RPM-managed package	Package removal fails before reinstall	--ignore-installed
PEP 668 blocks pip installs to system environment	error: externally-managed-environment	--break-system-packages

Adding --ignore-installed alone addresses the first failure mode but does not resolve PEP 668 enforcement. If the original build failure on RHEL 10 was externally-managed-environment, the script will still fail even with this change. Either add --break-system-packages to PIP_OPTS or pivot to a virtual environment for a more robust solution.

Additionally, line 15 (python3 -m pip install --upgrade pip) does not use PIP_OPTS and could also fail on PEP 668-compliant systems if pip itself is system-managed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@openshift/install-ansible.sh` at line 5, The script's PIP_OPTS only contains
--ignore-installed which doesn't address PEP 668 errors on RHEL 10; update the
PIP_OPTS variable (symbol: PIP_OPTS) to include --break-system-packages (or
change to using a virtual environment) and ensure every pip invocation uses
PIP_OPTS (including the pip upgrade call invoked with python3 -m pip install
--upgrade pip) so pip won't fail with error: externally-managed-environment.

[openshift-ci]

@jatinsu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-requirements	c9d396d	link	true	/test verify-requirements
ci/prow/e2e-ansible	c9d396d	link	true	/test e2e-ansible

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.