yum upgrades for production use, this is the repository for you.
Active subscription is required.
It is quite unfortunate that there is very little stating on the web of the quite obvious thing to be aware of.
In plain text, with big loud characters, I’ll put it here for everyone to remember:
Do not ever run pip as root
Here, I’m going to touch on why not to run pip as root, give some examples on how it’s going to break things miserably, and what to do instead.
Let’s go.
Python and your system
Each Linux/GNU distro in unique in some wat. But their common feature is the package management system.
For Debian-based systems, that is apt. For CentOS/RHEL, it’s yum or dnf, and this is what we’ll touch in our examples.
You will find that many Python modules are available through the yum repositories as RPM packages, e.g.:
python2-requestspython2-tqdm- etc, etc.
You can simply install them as any other packages, for example:
sudo yum install python2-requests
Python modules that are available through yum (dnf) often serve as a base for the core OS functions like yum itself.
Not even that. All the packaged software that depends on Python modules in one way or the other, will depend on the system-packaged Python modules.
pip
Now, pip is the installer/manager for Python modules available via PyPi.
But it has no idea whatsoever about your package manager.
It has no idea about RPM format either, nor about what you already have installed through the system (yum) packages.
So when you invoke pip as root, it will more than likely overwrite Python modules that were installed via system packages.
The result of running pip as root, would be a dirty mix of Python modules installed via yum package management, and pip installed Python modules.
Example of breakage
For the illustration, I’m going to install the certbot package. It is a program for generating free TLS certificates:
sudo yum -y install epel-release
sudo yum install certbot
sudo certbot register # works fine
Now say you have the itch to install the latest and greatest version of a Python app that is not available via yum.
You went to its GitHub project package that wants you to install via pip.
And so you run pip install ... as root. Little did you know that the app required newer requests Python module.
The installation went through just fine, fetching and installing the newest version of requests Python library.
Which would be equivalent to (attention, do not run! example only):
sudo pip install -U requests
What now? Your great new app is working fine, but the certbot IS BROKEN with an error message:
ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.
Why that is? Because we’ve brought in newer requests library that requires newer pyOpenSSL.
We’ve created a mess of the machine by mixing Python modules from pip with Python modules/apps installed via system RPM packages.
You’ll have a hard time restoring things to a working state.
This is an easy example because there is an obvious failure in running certbot now.
But in other cases, you may not even notice the breakage, and things will just work in a weird way.
Remember. What makes the CentOS a Community Enterprise OS? It is packaging, of course!
When you install software in a way that mixes custom on top the system, you’re asking for trouble!
What to do instead
Software that is not available through the system packages (read, RPM) should either be packaged as such, or installed in a directory where it won’t tamper with the system packages function.
Python has a great concept of virtual environments. Essentially you can create a directory that holds all the Python modules for a Python app to run.
It is, however, not an easy concept for some folks. So a simple thing you can do to leverage Python virtualenvs in a user-friendly way, is to use pip-safe.
The pip-safe will allow you to install newest Python apps without damaging your system packages.
Install pip-safe
pip-safe itself is available via system packages, on CentOS/RHEL 7 and 8.
sudo yum install https://extras.getpagespeed.com/release-latest.rpm
sudo yum install pip-safe
Install a Python app
pip-safe install lastversion
We’ve just installed lastversion CLI utility from PyPi. Wen can now run it simply as lastversion linux and get the latest Linux kernel version.
How it works, behind the scenes
It installs each program into its own virtualenv at ~/.virtualenvs/<pypi-name>, and symlinks whichever executables it has over to ~/.local/bin/<cli-name>.
Simple and easy! Each program lives in its own virtual environment, so it can have whatever required Python module versions for it.
All without touching your system Python modules.
Install a Python app, for all users
You can also install a Python app from PyPi system-wide, by passing the --system switch:
pip-safe --system install lastversion
How it works, behind the scenes
Similar to user install, a program is installed into a virtualenv of its own.
The only difference is that system-wide Python apps are installed to /opt/pip-safe and their binaries are symlinked to /usr/local/bin/.
Manage Python apps, the safe way
Of course, pip-safe allows also listing and removing installed Python apps.
List installed Python packages/apps
pip-safe list
Remove a Python app
pip-safe remove <name>
