Difference between revisions of "Python Altinstall"

From SME Server
Jump to navigationJump to search
m (Highlight security implications of installing custom applications)
m (formatting)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{Note box|SME 9 includes Python 2.6 by default. Make sure you really need a newer version before proceeding with these instructions!}}
+
{{Note box|To install or use a different version on '''SME Server 9.x''', please see '''http://wiki.contribs.org/Software_Collections'''}}
 
{{Level|Advanced}}
 
{{Level|Advanced}}
 
{{Warning box|This procedure requires installation of gcc and could significantly compromise your server's security.<br />Thorough understanding of linux system management is required.<br /><br /><b>Proceed at your own risk</b>}}
 
{{Warning box|This procedure requires installation of gcc and could significantly compromise your server's security.<br />Thorough understanding of linux system management is required.<br /><br /><b>Proceed at your own risk</b>}}

Latest revision as of 06:53, 5 December 2015

Important.png Note:
To install or use a different version on SME Server 9.x, please see http://wiki.contribs.org/Software_Collections


PythonIcon.png Skill level: Advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.


Warning.png Warning:
This procedure requires installation of gcc and could significantly compromise your server's security.
Thorough understanding of linux system management is required.

Proceed at your own risk


Some programs like NodeJS, Seafile, etc require an updated version of python. However, updating python can cause problems with yum and break other critical SME server components.

Python includes an 'altinstall' option to support multiple versions of python on one computer.

The commands below have been tested for altinstalling python 2.7.8 and 3.4.1 on a SME 9.0 server. The same commands should work on SME 8.

Prerequisites

gcc is required in order to compile python from source. openssl-devel is required so that your locally compiled python will support ssl connections.

This command will install gcc and openssl-devel

yum -y install gcc openssl-devel

Important Server Security and Administration Implications

Installing gcc takes you off of the contribs.org reservation -- you will need to pay more attention to your server security than you would with a less customized configuration.

  • Having gcc installed at all is considered a security weakness, in the sense that some attacks on your system are not possible if gcc is not installed, so with it installed there are are more possible ways that you might be attacked (I read about this in the 1990s, and have never heard that it is no longer true).
  • Having an uncommon server configuration means that bugs or vulnerabilities in your configuration must be detected by you personally - there won't be a community of other users keeping an eye on your server's exact config, as there is with a more standard SME server config.
  • You will need to personally monitor the development and security status of any custom packages or webapps that you install
  • Finally, if you compile and install a package from source that is included with SME then your server may have problems when you install regular SME updates.

Install

Find the latest version

curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" '$3 ~ "^[0-9].*"   {print $3}'
  • This command will show all available versions of python 2.7:
curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" '$3 ~ "^2\.7.*"   {print $3}'
  • This command will set the RELEASE env var to the latest 2.7 version available:
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
  • This command lets you set RELEASE manually:
echo -n "Enter the version to be installed (eg \"2.7.8\"): "; read RELEASE

Download Compile and AltInstall

Once you have set the RELEASE environment variable, the commands below will download, configure, make, and altinstall your selected version.

mkdir -p ~/addons/python
cd ~/addons/python
if [ -z $RELEASE]; then echo "You must supply a value for RELEASE before running this command"; 
else \
wget -N http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate; \
tar zxvf Python-$RELEASE.tgz; \
cd Python-$RELEASE; \
./configure; make; make altinstall; \
fi

Verification

Verify that python 2.7 installed correctly (your input shown in blue):

# python2.7 -V
Python 2.7.8

Verify that ssl is supported (your input is shown in blue):

python2.7
Python 2.7.8 (default, Aug 23 2014, 11:03:41) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.ssl
<function ssl at 0x7fed5502ca28>
>>> quit()

The return of any non-error for socket.ssl indicates that ssl is installed and working correctly.

Python Addon Package Managers

The two major python package managers are easy_install and pip.

easy_install supports some packages not supported by pip, but does not provide a mechanism to list installed packages or update all install packages. pip can be used to list installed packages. Installing both of these allows you to install packages using easy_install, then update all packages at once using pip to create a list of the installed packages that easy_install can then update.

easy_install (Python SetupTools)

Unfortunately the version of wget included with Centos 5 & 6 (and therefore SME 8 and 9) does not support SubjectAltName, so the Python Setup Tools installation instructions won't work.

In order to install Python Setup Tools, you need to add "--no-check-certificate" to the command in easy_setup.py that downloads the setuptools zip file.

This command will download the installer, modify it on the fly to correct the invocation of 'wget' to download the setup tools, then install the tools (modified from https://pypi.python.org/pypi/setuptools#unix-wget):

mkdir -p ~/addons/python/tools & cd ~/addons/python/tools
wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py
sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python2.7

pip (PyPI Python Package Index)

https://pypi.python.org/pypi

Install pip:

mkdir -p ~/addons/python/tools & cd ~/addons/python/tools
wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate
python2.7 get-pip.py

Python Packages

Some packages and addons can be installed using one of the python package managers. Other capabilities are included in python, but will not be present in your custom python executable unless you have installed the corresponding "-devel" packages prior to compiling python.

Python Addons
Package easy_install pip 3.x Support notes
simplejson easy_install simplejson pip install simplejson
pip3.4 install simplejson
Yes requires gcc
Django (latest) easy_install django pip install django
pip3.4 install django
Yes Installs dependency django-pipeline
Django (v1.5) easy_install django==1.5 pip install django==1.5
pip3.4 install django==1.5
Yes
djblets easy_install djblets -unsupported- No Installs dependencies Pillow, pillowfight, feedparser, and pytz
mercurial easy_install mercurial pip install mercurial No requires gcc

requires zlib

gunicorn easy_install gunicorn pip install gunicorn
pip3.4 install gunicorn
Yes
chardet easy_install chardet pip install chardet
pip3.4 install chardet
Yes
PIL easy_install PIL -unsupported- No
Packages Requiring "-devel" rpms
Package yum install command notes
sqlite3 yum -y install sqlite-devel
readline yum -y install readline-devel installs dependency ncurses-devel
bzip2 yum -y install bzip2-devel
tk yum -y install tk-devel dependencies:

xorg-x11-proto-devel, fontconfig, libXrender, libXft, 1:tcl, freetype-devel, fontconfig-devel,
1:tcl-devel, 1:tkm libXau-devel, libxcb-devel, libX11-devel, libXrender-devel, libXft-devel

zlib yum -y install zlib-devel dependencies:

fontconfig-devel, freetype-devel, libXft-devel, openssl-devel, tk-devel

openssl yum -y install openssl-devel Note:

openssl-devel must be installed from the smeupdates repo.
The version available from the Centos 'updates' repo is incompatible with the version of openssl used by SME 8.

IMPORTANT: After installing any of the -devel packages listed above, you need to reconfigure, recompile, and reinstall your binaries using:

RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
cd ~/addons/python/Python-$RELEASE
./configure && make && make altinstall

Updates

Python can be updated within the same major version using the same commands that were used to install it - that is, 2.7.7 can be updated to 2.7.8 using the same commands you used to install 2.7.7 originally. The new 2.7.8 binaries will overwrite the 2.7.7 binaries during 'make altinstall'.

A different major or minor version will 'altinstall' *beside* your existing python version(s) -- that is, if you had python2.6 installed or altinstalled, altinstalling python2.7 does not remove python2.6 -- you will end up with both versions installed.

Some python addons are compiled into the python binary -- updates to those addons requires that you update the addon and recompile python.

These commands will download the latest python sources and update all installed packages:

mkdir -p ~/addons/python
cd ~/addons/python
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate
tar zxvf Python-$RELEASE.tgz
cd Python-$RELEASE
./configure && make && make altinstall


All-in-One Install & Update

If you don't want to read through all the details above, these commands will install a usable version of Python 2.7 without disrupting your existing python.

Python 2.7

Install Everything

yum -y install gcc openssl-devel sqlite-devel readline-devel bzip2-devel tk-devel zlib-devel
mkdir -p ~/addons/python
cd ~/addons/python
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate
tar zxvf Python-$RELEASE.tgz
cd Python-$RELEASE
./configure && make && make altinstall

When python is done compiling, install the package managers

mkdir -p ~/addons/python/tools & cd ~/addons/python/tools
wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py
sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python2.7
wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate
python2.7 get-pip.py

Finally, let's install some packages:

easy_install simplejson django djblets mercurial gunicorn chardet PIL

Update Python and All Installed Packages

mkdir -p ~/addons/python
cd ~/addons/python
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />2.7/ {VER=$3} END {print VER}')
wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate
tar zxvf Python-$RELEASE.tgz
cd Python-$RELEASE
PACKAGES=$(pip freeze --local | grep -v '^\-e'| cut -d = -f 1)
easy_install -U $PACKAGES
./configure && make && make altinstall

Python 3.4

Install Everything

yum -y install gcc openssl-devel sqlite-devel readline-devel bzip2-devel tk-devel zlib-devel
mkdir -p ~/addons/python
cd ~/addons/python
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />3.4/ {VER=$3} END {print VER}')
wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate
tar zxvf Python-$RELEASE.tgz
cd Python-$RELEASE
./configure && make && make altinstall

When python is done compiling, install the package managers

mkdir -p ~/addons/python/tools && cd ~/addons/python/tools
wget --no-check-certificate -N --quiet https://bootstrap.pypa.io/ez_setup.py
sed s/\'--output-document\'/\'--no-check-certificate\',\ \'--output-document\'/ ez_setup.py |python3.4
cd ~/addons/python/tools
wget -N --quiet https://bootstrap.pypa.io/get-pip.py --no-check-certificate
python3.4 get-pip.py

Finally, let's install some packages:

easy_install simplejson django gunicorn chardet

Update Python and All Installed Packages

mkdir -p ~/addons/python
cd ~/addons/python
RELEASE=$(curl -s https://www.python.org/ftp/python/  |awk -F"[>/]" ' />3.4/ {VER=$3} END {print VER}')
wget http://www.python.org/ftp/python/$RELEASE/Python-$RELEASE.tgz --no-check-certificate
tar zxvf Python-$RELEASE.tgz
cd Python-$RELEASE
PACKAGES=$(pip3.4 freeze --local | grep -v '^\-e'| cut -d = -f 1)
easy_install -U $PACKAGES
./configure && make && make altinstall