Module Installation on Linux via terminal

Hello - I’m testing out using Ignition on Linux in AWS. I’ve had issues in the past uploading 3rd-party modules from my laptop to an Ignition gateway, and have only been successful by remoting in and uploading through localhost page with local files. I don’t know how to do that via terminal… any suggestions?

You can “install” a module by putting it into /var/lib/ignition/user-lib/modules and restarting the gateway service; so you could wget the files directly from our website or simply copy them from your local machine, then drop them into the appropriate directory.

You might also want to script the injection of your module certificate’s public key thumbprint. Something like so:

# Add Automation Professionals to the list of pre-approved certificates
sqlite3 ${tgt}/data/db/config.idb <<-cert-EOF
    Insert Into certificates (certificates_id, thumbprint, subjectname)
    Values (1, X'0C3A3D8E103AF9F790DECFEF717090C8DC9754E7', 'Automation Professionals, LLC');
cert-EOF

The above assumes the cert is the first third-party cert to be installed. Adjust the certificates_id value if that’s not true.

2 Likes

Good point on the certificate piece - I didn’t think about that.

I’ll admit to some more ignorance here - where do I obtain these certificates from? I don’t see this listed anywhere in the downloads sections.

You purchase them. It's a code signing certificate. Mine is from DigiCert, fwiw.

If you are installing a module from a third party, and are not compiling on your own, you do not need to buy a certificate. They will be signed as part of the module.

Thanks Kyle - that was my confusion. I thought Phil was referring to scripting the license acceptance/certificate installation piece.

FWIW, I was able to place the module into the directory /var/lib/ignition/user-lib/modules via wget, reboot the gateway via gwcmd, and then accept the license/certificate for the third party through the Module Configuration webpage. This was for the third-party AWS injector module; other modules may not require that step.

I was. To see what you need for the script above, use sqlite3 or Ignition's advanced configuration interface to read out that thumbprint on a system where you've manually accepted the cert.

The sqlite3 cli renders the blob as raw text by default. Use this to read it out:

sqlite3 ${tgt}/data/db/config.idb 'select certificates_id, hex(thumbprint), subjectname from certificates;'

Thank you for the information provided in this post. I am curious if 3 years later there happens to be a native way in ignition to install modules unattended (we are looking to use Ansible to install Ignition) and accept the certificate? or is the sql insert still the only unattended method? (I admit to a lot of ignorance here with sql)

Thanks in advance for your input!

1 Like

Nothing has really changed first-party, though we’re hoping to make some changes for this kind of use case in 8.2.

If you’re looking at automatic system orchestration, you might get some utility out of Kevin Collins’ Ignition images:
https://hub.docker.com/r/kcollins/ignition

… and more specifically register-modules.sh which I split out from the main entry point earlier this year. This script looks at a separate path for additional modules (currently hard-coded as /modules) and performs:

  1. sym-linking into place within the Ignition user-lib/modules folder.
  2. retrieval of the embedded license for a given module and inserting the appropriate record into the EULAS table.
  3. retrieval of the embedded certificate for a given module and inserting the appropriate record into the CERTIFICATES table.

Note: you will need to have IGNITION_INSTALL_LOCATION set as an environment variable if you’re using the script on its own. It should point to the root of the Ignition installation.

1 Like

Is this usable in a standard install? Mainly looking for a way to automate the installation of MQTT-Transmission, but there could be other modules needed later.

Yes, with how this script is setup, you can use it stand-alone without much trouble. I've got "compile my various Ansible efforts against Ignition over the past few years into something useful and public" on my holiday hacking list, so I may integrate this into that example..

2 Likes

Nice, I like your holiday hacking list! Think you will publish it to Ansible Galaxy?

Yes, the thought is a public GH repo and GH Actions to push to Ansible Galaxy. :sunglasses:

1 Like