-
-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: system packages for Linux servers, CI and workstations #654
Comments
I could use this in a number of places. Using linux package managers is ok but not all the tools we use are available or they are in a different repo or an older version. Having something to download the binary would be great. |
This would be definitely helpful! I was checking if My only concern is about the secureness of this procedure. Pulling random stuff from the Internet becomes more and more dangerous these days :) So, maybe having some trusted registry with package signatures is a good idea. But this might defeat the sole purpose of having a lightweight and up-to-date installation mechanism. |
@iximiuz "pulling stuffed from some random place on the internet" Explain how you got that from the proposal? This is designed to be no different to arkade get, or the way that many people already install Go, containerd, etc. |
@alexellis Sure! When we do things like Validating the source of the artifact is an important step during an installation of a package, but having a checksum verification is probably an even more important step. But all these things must be transparent. When I use a package manager like
And yes, |
Whilst I agree that apt and pacman etc use GPG or other signing keys, I wouldn't have considered Google's download server to be untrusted or random. I checked, and the installation guide for Go follows the same pattern, they don't even supply a command to verify some checksum. https://go.dev/doc/install, I can't even find checksums on their download page: https://go.dev/dl/ Given that you use |
When we talk about Prometheus in this case, are we talking about prometheus itself only or with "standard" exporters like |
@alexellis may I suggest adding buildkit to the list? |
Part of #654, tested on an Intel x86_64 machine. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Part of #654, tested on an Intel x86_64 machine. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
@Shikachuu prometheus = the download called prometheus buildkit - potentially. I haven't had a need to add it stand-alone on a machine, and doesn't installing Docker add it? Keep suggesting things that you personally install on Linux servers/workstations/CI hosts. |
buildkit itself doesn't require Docker, only I acutally use buildkit with containerd and nerdctl to substitue docker on my workstation, my laptop and on my "build" server as well. |
Completed:
|
Really good idea, but I may suggest to start directly with cosign signed packages and show that its signed (or not signed). Think that would help tremendously! |
These tools are not signed with Cosign, so I'm not sure what you're suggesting? |
Uhh just saw that you are right. Maybe for the future! |
@dirien thanks for the PR for Prometheus, could you or @Shikachuu please send in a PR where you make the "arch" value come from a flag if .Changed is true - default it to ""? See how we for it for the |
@Shikachuu for the containerd app, please make sure you install the systemd service as per the code I DM'd you on Discord. Then put the systemd behaviour behind a flag like |
@alexellis Like this #673? |
That is exactly what I had in mind, could you cover the other apps too? |
Part of the changes in: #654 Tested on a Linux AMD64 host, downloaded as expected. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Part of the changes in: #654 Tested on a Linux AMD64 host, downloaded as expected. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Hi @alexellis, added the node support and I saw you added the the CNI. 👍 |
Part of #654, tested on an Intel x86_64 machine. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Part of the changes in: #654 Tested on a Linux AMD64 host, downloaded as expected. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
We now have all the original apps requested along with |
Feature
Feature: system packages for Linux servers and workstations
There are so many times that I log into a server and install server software using a combination of curl and tar.
This provides the fastest way to install software, ensures the latest versions are available, something that package managers struggle to keep up with.
Generally, during scripting and automation, you'll find this kind of pattern. The popularity of
arkade get
has shown that people are comfortable installing software in this way, and it makes CI - trivial - https://github.com/hopefulramen/k3sup-tester/blob/master/.github/workflows/build.ymlFor example:
This is present in openfaas/faasd, and on every Linux workstation I use, I tend to need these tools.
When a tool is already present, installation will be skipped, unless
--force
is passed.The version will be detected the same way as
arkade get
without using the GitHub API, but using a HTTP HEAD request to the releases page, where no version is given that is.A Go template will be used to form the URL, which will have a unit test for ARM32, ARM64 and AMD64.
Sometimes there are additional steps to run like systemd enable, or making a directory in a known location.
This would be a new command aimed at ARM32, ARM64 and AMD/Intel workstations and servers, and would save a lot of time for CI and setting up workstations.
I'd suggest we create a basic fluid SDK when adding the first app for Golang, for instance:
Would become:
Each command file would be added and populatet the Arch / Version etc in a similar way to how we do this for
arkade get
Containerd is more involved:
Therefore we'd want some additional SDK methods, as per the method we use for faasd: https://github.com/openfaas/faasd/blob/2885bb0c514a403d317b93e6d8add1ad52239a13/pkg/systemd/systemd.go
I'm looking for someone to volunteer to add the first app, it needn't use an SDK for the first pass, we can extract this as we add apps.
An initial list of apps:
I do not see this list becoming much larger than the above, but am open to suggestions from the community.
The text was updated successfully, but these errors were encountered: