openSUSE MicroOS - the OS that does "just one job"

Transcript

1. MicroOS The OS that does “just one job” openSUSE contributor

   Richard Brown [email protected] sysrich on Freenode.net @sysrich

2. About Me • ~15 years with openSUSE & other FOSS

   communities • >5 years with SUSE • Future Technologies Team Member • openSUSE MicroOS & Kubic

3. Agenda • What MicroOS isn’t • What MicroOS is •

   What MicroOS could be next
4. None

5. Not a Container OS • MicroOS is not designed to

   be used as the base OS inside containers

6. Tumbleweed is our Container OS registry.opensuse.org/opensuse/tumbleweed latest 73ef0c72c385 2 days

   ago 90.4 MB registry.opensuse.org/opensuse/busybox latest 188f8aaa3c14 2 days ago 9.4 MB • Use these images for all of your container building with podman build, docker build, buildah and kiwi

7. Not ‘tiny at all costs’ • Size matters – Easier

   to Deploy – Fewer Updates, Less Risk • MicroOS is designed to be as small as possible, while fulfilling it’s job without compromises.

8. Still Pretty Small • 619MB Bare Metal Install – 165

   MB kernel-default – 152 MB kernel-firmware – 68 MB grub2 • 382MB VM Image – 68 MB grub2 – 35 MB kernel-default-base – 10 MB systemd – 288 RPMs, 210 Source Packages

9. Not the same as ‘JeOS’ or ‘Transactional Server’ • JeOS

   – regular openSUSE, deployed from a very small image, expected to grow as a typical multi-purpose system. • Transactional Server – regular openSUSE with a read only root-filesystem, with atomic updates, expected to be used as a typical multi-purpose system.

10. What is MicroOS?

11. Why is MicroOS?

12. Why is MicroOS? • Computer’s are not just laptops, desktops,

    and servers any more. • People don’t even use laptops, desktops and servers the same way any more.

13. 100101010101000101010101111000 0101010101110101010001010101010 01010101110101010101001010101010 01010000101010101010101110101010 00100101010101010101010001010101 00101010101011110101010101010101 11101010101010101010101010101010

14. IP Webcam Do you have an IP Webcam or similar

    IoT Device? Ever updated it?

15. IP Webcam There are millions of these devices • 78%

    of total detected malware activity is due to IoT botnets (2018) • Failed update → Many, many unhappy customers

16. O2 UK Network Outage 2019 • Reliable Updates • Automatic

    Recovery • Outage can be very expensive • Repair can be very time consuming
17. None

18. The New World Virtualisation More Services = More VMs, not

    more physical hardware Containers Limits incompatibilities, isolates service problems Cloud More Hardware is always just a Credit Card away IoT Single-purpose devices are increasingly prolific eg. Raspberry Pis

19. Regular Linux Isn’t Good Enough • Regular Distros are all

    like Swiss Army Knives • Lots of Services & Features – Increased chance of incompatibilities between services – A problem with service A can impact B, C, D, etc

20. Single Purpose Systems • VM/Cloud Instance/IoT device deployed to do

    “just one job” • Installation contains a minimal number of services • Patching often ignored (Rip n’ replace) • More services to use? Just add more VM/Cloud/IoT Devices

21. Hand Crafted isn’t Good Enough • Building custom Single Purpose

    systems by hand is a lot of work • Still often have issues with Configuration Management • Still need effort to keep patched • Optimising for RAM/CPU/Disk is HARD

22. Nobody is perfect • Even the best designed & maintained

    systems have flaws • Those flaws need to be prevented from getting in the way of what the system is meant to do • Anything worth doing, is worth being able to undo

23. “I NEVER want to touch a running system” - Every

    SysAdmin, ever

24. Transactional Updates • Any change to a system should be

    applied reliably, reproducably, and reversibly • Transactional Updates are: – Atomic – Either fully applied, or not at all – Applied without impacting the running system

25. Health Check • Checks for errors during boot phase –

    Error with new snapshot: • Rollback to last known working snapshot – Error with already successful booted snapshot: • Try reboot • Shutdown services, inform admin • Needs access to harddisk

26. openSUSE MicroOS openSUSE MicroOS The perfect single-service Linux-based Operating System

    Salt & Read-Only Root Filesystem Fully automated Transactional Updates Optimised footprint

27. MicroOS Architecture openSUSE MicroOS is a rolling release based on

    openSUSE Tumbleweed. MicroOS is wholly built, developed, and tested as part of the Tumbleweed release process. Any test failure detected before the release of either Tumbleweed & MicroOS can prevent the release of both distributions.

28. Hardware Requirements ARM: – EFI, either firmware or u-boot X86-64:

    – UEFI (secure boot) – Legacy Bios Memory (Virtualised): – 512 MB + Workload – 4 GB + Workload

29. Deployment Options DVD/NET ISO w. YaST Customisable, streamlined, installer VM/Vagrant/Cloud/Pi

    Images Preconfigured, ready to use disk images Yomi Installing directly using Saltstack Ignition For use to configure images/systems on first boot

30. More about Yomi? YouTube openSUSE Conference 2019 Alberto Planas Installing

    openSUSE only with SaltStack

31. Automatic initial configuration: Ignition • https://github.com/coreos/ignition • Partly replacement of

    cloud-init – Features: • Partitioning disks • Formatting partitions • Writing files, enable systemd services • Configure users – Runs out of initramfs during first boot – Does not touch sub-systems not mentioned in user supplied config

32. Example Use Cases IoT Single-Service VM Container Host Cluster Node

    Appliances

33. MicroOS – The Perfect Container Host OS Containers make it

    very easy to separate the Service/Application from the operating system. Users care about the Service, they shouldn’t care about the OS. MicroOS with it’s ‘self caring’ rolling OS means users just need to worry about picking and updating the containers they choose.

34. We ❤️ Podman Alternative to for standalone container hosts/developer machines

    No Daemon Supports OCI-containers & Pods Familiar commands eg. – podman pull – podman run

35. registry.opensuse.org We have our own container registry! Built direct from

    packages in OBS Rebuilt automatically – Always Fresh Signed/Notorised Images • podman pull registry.opensuse.org/opensuse/tumbleweed • podman pull registry.opensuse.org/opensuse/leap

36. My MicroOS Life

37. Debugging - Toolbox Read-only root filesystem: – Reboot needed to

    install additional tools – Situation after reboot is different then before Toolbox: – Launches small, privileged container – Root filesystem available below /media/root – zypper to install the necessary tools – Persistent between usages

38. Bye bye Leap..

39. openSUSE Kubic openSUSE Kubic is now a MicroOS Derivative, focused

    specifically on Containers and Kubernetes. Like MicroOS, it is wholly built, developed, and tested as part of the Tumbleweed release process.

40. Kubernetes is special Lots of Moving Parts Containers, Kubernetes, Container

    Runtime, and base Operating System all need to be updated regularly Containers at Scale Kubernetes is designed to run 100s-1000s of containers at once Large Clusters Kubernetes clusters can span dozens or hundreds of physical machines or VMs

41. Kubic – The perfect Kubernetes OS Inheriting all the usual

    benefits of openSUSE MicroOS, with optimisations for Containers and Kubernetes, including – Fully Integrated kubeadm – CRI-O Container Runtime – Kured for automating reboots across the cluster – Kubic-Control – alternative cluster bootstrapping tool

42. MicroOS Desktop • All of this makes perfect sense for

    ‘servers’, why not desktops? • Auto updated base OS plus Desktop Environment • Apps from Flatpak • Currently in [ALPHA]
43. None

44. MicroOS Leap 15.2 • All the benefits of MicrOS but

    based on the Leap 15.2 codebase • COMING SOON
45. None