search

opendatahub-io / odh-images

Source files for building container images that have been customized for Open Data Hub deployment
GNU General Public License v3.0
2 stars 15 forks source link

Upgrade superset to 1.3.2 #9

Closed shawnzhu closed 2 years ago

shawnzhu commented 3 years ago

It also installs required pip package prophet (MIT license) to support predictive analysis feature of time-series charts.

The key motivitation of this upgrade is picking up fixes of security vulnerabilities.

anishasthana commented 3 years ago

@maulikjs @rimolive ptal! jira: https://issues.redhat.com/browse/ODH-507

rimolive commented 3 years ago

Sorry, I think Github mobile app made me press the wrong button.

I'm reviewing this PR.

rimolive commented 3 years ago

/lgtm

shawnzhu commented 3 years ago

May I ask any progress? Notice that because of https://github.com/apache/superset/issues/16492 it can load not add any databases in superset 1.3.0 because it used a broken dialect for clickhouse. Which means I can not connect to any database in superset installed within ODH.

Expected pip3 package: clickhouse-sqlalchemy>=0.1.4, <0.2 Actual package installed in quay.io/opendatahub/superset:1.3.0: sqlalchemy-clickhouse==0.1.5.post0 (broken one)

Update: I saw https://issues.redhat.com/browse/ODH-541 was created for the exact same issue.

shawnzhu commented 2 years ago

@rimolive @maulikjs This is the reason I want this upgrade: CVE-2021-41972

nakfour commented 2 years ago

@shawnzhu tried to build this and got this error for prophet

Running setup.py install for prophet: finished with status 'error'
    ERROR: Command errored out with exit status 1:
     command: /opt/app-root/bin/python3.8 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-7fk6u_6f/prophet_c38a55570a90458f98af62b78159ad82/setup.py'"'"'; __file__='"'"'/tmp/pip-install-7fk6u_6f/prophet_c38a55570a90458f98af62b78159ad82/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-vag49cc7/install-record.txt --single-version-externally-managed --compile --install-headers /opt/app-root/include/site/python3.8/prophet
         cwd: /tmp/pip-install-7fk6u_6f/prophet_c38a55570a90458f98af62b78159ad82/
    Complete output (10 lines):
    running install
    running build
    running build_py
    creating build
    creating build/lib
    creating build/lib/prophet
    creating build/lib/prophet/stan_model
    Importing plotly failed. Interactive plots will not work.
    INFO:pystan:COMPILING THE C++ CODE FOR MODEL anon_model_dfdaf2b8ece8a02eb11f050ec701c0ec NOW.
    error: command 'gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /opt/app-root/bin/python3.8 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-7fk6u_6f/prophet_c38a55570a90458f98af62b78159ad82/setup.py'"'"'; __file__='"'"'/tmp/pip-install-7fk6u_6f/prophet_c38a55570a90458f98af62b78159ad82/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-vag49cc7/install-record.txt --single-version-externally-managed --compile --install-headers /opt/app-root/include/site/python3.8/prophet Check the logs for full command output.
shawnzhu commented 2 years ago

@nakfour thanks for pointing out the problem! this is what I found: https://github.com/facebook/prophet/issues/1057#issuecomment-508858121

The reason it isn't working is because CentOS 7 does not support C++14, which is a new requirement for the latest version of PyStan. The solution is to downgrade to PyStan 2.18: https://github.com/stan-dev/pystan/issues/583 , or upgrade from CentOS 7 to a newer OS.

I've tried downgrading pystan to 2.18 but it will uninstall pystan==2.18.0.0 when installing prophet which will fail on python38-centos7.

PS: I use python38 with rhel8 where prophet installation works well.

if it can not use centos8 based python image, I will remove prophet installation from this PR.

nakfour commented 2 years ago

@shawnzhu I was able to build this image successfully. However, when I installed it on OCP the container was just crashing, with this error. 

sh: /opt/app-root/src/bin/superset-init: Permission denied

Were you able to install it on OCP?

LaVLaS commented 2 years ago

@shawnzhu I was able to build this image successfully. However, when I installed it on OCP the container was just crashing, with this error.

sh: /opt/app-root/src/bin/superset-init: Permission denied

This is resolved by running fix-permissions /opt/app-root as the final s2i assemble command and making bin/superset-init executable.

There is an issue with the superset-init script where it errors out when writing to /etc/password. I don't know if this step is necessary when running on openshift since CRI-O updates /etc/passwd for the random uid running inside the container.

accorvin commented 2 years ago

We now have version 1.4.1 and 1.5.0 of superset available at quay.io/opendatahub/superset, so I think we can likely abandon this. @shawnzhu is there a specific reason that you need version 1.3.2, or can we close this?