Package our GPG key and package repository definition

[cwjohnston]

In working on documentation and training materials I've found myself wishing that the installation for Sensu Core were a bit more streamlined.

Current process:

1. Retrieve pubkey.gpg and install as trusted (e.g. rpm --import or apt-key add)
2. Create repository definition (e.g. /etc/yum.repos.d/sensu.repo or /etc/apt/sources.list.d/sensu.list
3. Update repository metadata (if needed, i.e. apt-get update)
4. Install sensu package

I've observed that other vendors, e.g. Puppet Labs, provide a platform-version specific package which installs both the trusted GPG key and the package repository definition. See https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm or https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb .

I think adopting a similar strategy will help to reduce confusion and complexity around how to securely install Sensu packages using yum or apt. On RedHat derivative platforms the repository setup would be reduced to something like rpm -Uvh https://repositories.sensuapp.org/yum/sensu-release-el-7.noarch.rpm.

It seems to me that this also helps us in the future when we may need to rotate GPG keys or change recommended package repository configurations.

Finally, if we want to implement a curlbash installation method, such a script could be made rather trivial by retrieving and installing these packages.

P.S. I think these packages would probably be simple enough to be automated via Makefile or similar, instead of setting up a full-blown Omnibus software project to create them.

[amdprophet]

Closing as Sensu Classic has reached EOL.