I’m using the UI to deploy just 1 single file, a text file in my case. The UI lets me select the text file to deploy and the directory to which it needs to deploy. This seems to work fine UNTIL it finds out that my device will only accept signed artifacts (which is true).
My question is how do I sign a single file to upload via UI? I’ve already read the Single File module and this isn’t the same thing. The Single File module route, means I have to update the actual device first to load the module. This is not possible in the case that I have hundreds of devices I’d have to log into.
Doing this by way of UI is very nice. What are my options that DO NOT include running commands on the local device to install a module?
My guess is, doing this via the UI (selecting the file and the directory) will ONLY work for devices not needed signed artifacts.
There is not currently an option to sign the artifacts created by the server and in fact to do so would be a security issue since you would have to upload your private key to do to. Other than that it is identical to running mender-artifact locally. Even when using the UI to create the artifact, the Single File update module must already be installed on the client. If that is not an option then the best choice would be to deploy a full image update where the only difference is the addition of the new module.
On what image would I install the module? If I install it on my ‘internal golden image’ then this is no longer a pure image.
Do I install the module on my currently running mender image, then re-capture it? If that is the case, say after that module is all done and working, I do another full release of my ‘internal golden image’, does that blow away the single file module update? Seems like I would be out of sync here.
It’s probably easiest to install it as part of the rootfs overlay. That should address the issues of polluting your golden image and doesn’t require you to bootstrap through a running Mender image.
Turns out it was already part of the client image. I generated the single file artifact locally, signed it, then uploaded to server, then deployed. No issues.