Using Omnibus Installer
53 views
Skip to first unread message
Ian Dash
May 2, 2013, 7:19:14 AM5/2/13
to littl...@googlegroups.com
Hi all,
I'd like to use the omnibus installer to install chef rather than rely on the the system ruby + gems / package repos - I'm happy to fork and do the work, just wanted to canvas some opinions about the way to go in the hope could merge this back in :)
Deploy Targets
1) deploy_chef updated to be a bit more flexible e.g
fix node:MYNODE deploy_chef:installer=omnibus,version=XXX
installer would then take one of: gems, package, omnibus.
2) new deploy_chef_omnibus target, so the previous behaviour stays as is for compatibility's sake.
Omnibus Installer
I'm not a big fan of the trend of echoing shell scripts from teh interwebz to an elevated privilege bash and even less a fan of the fact that the omnibus install
script does no checksum checks before installing a package.
I'm thinking the way to go at the moment would be to reimplement the shell scripts platform detection in python, then use opscode metadata api to get the url for the relevant package along with some checksums we can check against before we think about installing.
e.g
https://www.opscode.com/chef/metadata?p=el&pv=6&m=x86_64&v=11.4.4 gives us:
url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.4.4-1.el6.x86_64.rpm md5 2b3405d6919320a6340760158e919712 sha256 2f28fedee04f6e5b315fb12ef98c944c79c611b44e1a92b1e5858ae4d7057c14
Could then check the downloaded file using hashlib (assuming our system python >= python 2.5, otherwise could fall back to trying to find a md5sum binary or an 'are you sure' prompt)
Let me know what you think,
Ian.
I'd like to use the omnibus installer to install chef rather than rely on the the system ruby + gems / package repos - I'm happy to fork and do the work, just wanted to canvas some opinions about the way to go in the hope could merge this back in :)
Deploy Targets
1) deploy_chef updated to be a bit more flexible e.g
fix node:MYNODE deploy_chef:installer=omnibus,version=XXX
installer would then take one of: gems, package, omnibus.
2) new deploy_chef_omnibus target, so the previous behaviour stays as is for compatibility's sake.
Omnibus Installer
I'm not a big fan of the trend of echoing shell scripts from teh interwebz to an elevated privilege bash and even less a fan of the fact that the omnibus install
script does no checksum checks before installing a package.
I'm thinking the way to go at the moment would be to reimplement the shell scripts platform detection in python, then use opscode metadata api to get the url for the relevant package along with some checksums we can check against before we think about installing.
e.g
https://www.opscode.com/chef/metadata?p=el&pv=6&m=x86_64&v=11.4.4 gives us:
url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.4.4-1.el6.x86_64.rpm md5 2b3405d6919320a6340760158e919712 sha256 2f28fedee04f6e5b315fb12ef98c944c79c611b44e1a92b1e5858ae4d7057c14
Could then check the downloaded file using hashlib (assuming our system python >= python 2.5, otherwise could fall back to trying to find a md5sum binary or an 'are you sure' prompt)
Let me know what you think,
Ian.
Miquel Torres
Feb 11, 2014, 10:55:21 AM2/11/14
to littl...@googlegroups.com
Hi Ian,
sorry for not answering last year. I was not in the least up-to-date regarding omnibus and didn't feel like I could say something meaningful. Thanks a lot for bringing this up.
We have now implemented Chef 11 and omnibus installs in master. A release of LittleChef 1.6 with it is imminent.
2.0 will surely drop part of the custom logic, as deb or rpm repository installs are now deprecated, and stuck on older versions of Chef 10.
The thing is, the concern you raise regarding "shell scripts from teh interwebz" is a valid one. Did you check the latest version of the omnibus script?
I would much prefer the API call you describe. However, while calling the api and doing the checksum are easy to implement, it would be outright duplication of all the platform specific logic in the script. Down the road that is a bit of a pain, as for example sometimes newer distro versions have to be added manually.
Do you still have this subject in your sights? What are your thoughts on this?
sorry for not answering last year. I was not in the least up-to-date regarding omnibus and didn't feel like I could say something meaningful. Thanks a lot for bringing this up.
We have now implemented Chef 11 and omnibus installs in master. A release of LittleChef 1.6 with it is imminent.
2.0 will surely drop part of the custom logic, as deb or rpm repository installs are now deprecated, and stuck on older versions of Chef 10.
The thing is, the concern you raise regarding "shell scripts from teh interwebz" is a valid one. Did you check the latest version of the omnibus script?
I would much prefer the API call you describe. However, while calling the api and doing the checksum are easy to implement, it would be outright duplication of all the platform specific logic in the script. Down the road that is a bit of a pain, as for example sometimes newer distro versions have to be added manually.
Do you still have this subject in your sights? What are your thoughts on this?
Reply all
Reply to author
Forward
0 new messages