The problem is, the version number changes in the URL. If I hard code the URL, I will fall behind. I need to be able to download from the URL and auto install without having to check the versions all the time.
$ curl -L https://omnitruck.chef.io/install.sh | bash -s -- -P inspec
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0el 7 x86_64
100 23075 100 23075 0 0 66952 0 --:--:-- --:--:-- --:--:-- 67078
Getting information for inspec stable for el...
downloading https://omnitruck.chef.io/stable/inspec/metadata?v=&p=el&pv=7&m=x86_64
to file /tmp/install.sh.194/metadata.txt
trying curl...
sha1 fa0e9ce70671a0f744f178ece9d42f437cca2f0d
sha256 f6e2965d28d9cd84f586c7b7d478543613014db98dc866d164665bb09ceefe15
url https://packages.chef.io/files/stable/inspec/2.3.4/el/7/inspec-2.3.4-1.el7.x86_64.rpm
version 2.3.4
downloaded metadata file looks valid...
downloading https://packages.chef.io/files/stable/inspec/2.3.4/el/7/inspec-2.3.4-1.el7.x86_64.rpm
to file /tmp/install.sh.194/inspec-2.3.4-1.el7.x86_64.rpm
trying curl...
Comparing checksum with sha256sum...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing inspec
installing with rpm...
warning: /tmp/install.sh.194/inspec-2.3.4-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
You're about to install InSpec!
Updating / installing...
1:inspec-2.3.4-1.el7 ################################# [100%]
Thank you for installing InSpec!
I'm currently discussing it with our team. We're building an immutable infrastructure managed by Terraform. I think the knee jerk reaction when building our pipeline is the general rule of thumb, don't install more resources than necessary. So we're trying keep our instances resource light by just having Inspec and no other Chef resources until needed.
If you guys made it more obvious on inspec.io that would be great. I think in the future, others still learning and trying to build this infrastructure might do the same. Thank you for the advice!