I think adopting a similar strategy will help to reduce confusion and complexity around how to securely install Sensu packages using yum or apt. On RedHat derivative platforms the repository setup would be reduced to something like rpm -Uvh https://repositories.sensuapp.org/yum/sensu-release-el-7.noarch.rpm.
It seems to me that this also helps us in the future when we may need to rotate GPG keys or change recommended package repository configurations.
Finally, if we want to implement a curlbash installation method, such a script could be made rather trivial by retrieving and installing these packages.
P.S. I think these packages would probably be simple enough to be automated via Makefile or similar, instead of setting up a full-blown Omnibus software project to create them.
In working on documentation and training materials I've found myself wishing that the installation for Sensu Core were a bit more streamlined.
Current process:
rpm --import
orapt-key add
)/etc/yum.repos.d/sensu.repo
or/etc/apt/sources.list.d/sensu.list
apt-get update
)sensu
packageI've observed that other vendors, e.g. Puppet Labs, provide a platform-version specific package which installs both the trusted GPG key and the package repository definition. See https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm or https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb .
I think adopting a similar strategy will help to reduce confusion and complexity around how to securely install Sensu packages using yum or apt. On RedHat derivative platforms the repository setup would be reduced to something like
rpm -Uvh https://repositories.sensuapp.org/yum/sensu-release-el-7.noarch.rpm
.It seems to me that this also helps us in the future when we may need to rotate GPG keys or change recommended package repository configurations.
Finally, if we want to implement a curlbash installation method, such a script could be made rather trivial by retrieving and installing these packages.
P.S. I think these packages would probably be simple enough to be automated via Makefile or similar, instead of setting up a full-blown Omnibus software project to create them.