Module Installation on Linux via terminal

Hello - I’m testing out using Ignition on Linux in AWS. I’ve had issues in the past uploading 3rd-party modules from my laptop to an Ignition gateway, and have only been successful by remoting in and uploading through localhost page with local files. I don’t know how to do that via terminal… any suggestions?

You can “install” a module by putting it into /var/lib/ignition/user-lib/modules and restarting the gateway service; so you could wget the files directly from our website or simply copy them from your local machine, then drop them into the appropriate directory.

You might also want to script the injection of your module certificate’s public key thumbprint. Something like so:

# Add Automation Professionals to the list of pre-approved certificates
sqlite3 ${tgt}/data/db/config.idb <<-cert-EOF
    Insert Into certificates (certificates_id, thumbprint, subjectname)
    Values (1, X'0C3A3D8E103AF9F790DECFEF717090C8DC9754E7', 'Automation Professionals, LLC');
cert-EOF

The above assumes the cert is the first third-party cert to be installed. Adjust the certificates_id value if that’s not true.

2 Likes

Good point on the certificate piece - I didn’t think about that.

I’ll admit to some more ignorance here - where do I obtain these certificates from? I don’t see this listed anywhere in the downloads sections.

You purchase them. It’s a code signing certificate. Mine is from DigiCert, fwiw.

If you are installing a module from a third party, and are not compiling on your own, you do not need to buy a certificate. They will be signed as part of the module.

Thanks Kyle - that was my confusion. I thought Phil was referring to scripting the license acceptance/certificate installation piece.

FWIW, I was able to place the module into the directory /var/lib/ignition/user-lib/modules via wget, reboot the gateway via gwcmd, and then accept the license/certificate for the third party through the Module Configuration webpage. This was for the third-party AWS injector module; other modules may not require that step.

I was. To see what you need for the script above, use sqlite3 or Ignition’s advanced configuration interface to read out that thumbprint on a system where you’ve manually accepted the cert.

The sqlite3 cli renders the blob as raw text by default. Use this to read it out:

sqlite3 ${tgt}/data/db/config.idb 'select certificates_id, hex(thumbprint), subjectname from certificates;'