Upgrade to Pro — share decks privately, control downloads, hide ads and more …

openSUSE MicroOS - the OS that does "just one job"

openSUSE MicroOS - the OS that does "just one job"

As operating systems get used in more and more places, from VMs and Cloud to IoT and Edge and everything in between, there is a simple problem - no one wants to deal with maintaining all of this new stuff.

And yet, most distributions today are expected to be maintained the same way as they were a decade ago. Sure there are nicer tools to automate things, but that's still a lot of work that someone, be a sysadmin or a tool developer, has to take care of.

Given many of these newer use cases involve an operating system being deployed to do 'just one job', do we always need to deploy distros that could be a swiss-army knife capable of doing anything?

openSUSE MicroOS answers this with a clear 'no', providing a 'general purpose but single service' distribution.

Deploy it, set it up to do what you need, and then forget about it while it will patch, reboot, and repair itself.

Richard Brown

May 01, 2020

More Decks by Richard Brown

Other Decks in Programming


  1. MicroOS
    The OS that does “just one job”
    openSUSE contributor
    Richard Brown
    [email protected]
    sysrich on Freenode.net

    View Slide

  2. About Me

    ~15 years with openSUSE & other FOSS

    >5 years with SUSE

    Future Technologies Team Member

    openSUSE MicroOS & Kubic

    View Slide

  3. Agenda

    What MicroOS isn’t

    What MicroOS is

    What MicroOS could be next

    View Slide

  4. View Slide

  5. Not a Container OS

    MicroOS is not designed to be used as the
    base OS inside containers

    View Slide

  6. Tumbleweed is our Container OS
    latest 73ef0c72c385 2 days ago 90.4 MB
    latest 188f8aaa3c14 2 days ago 9.4 MB

    Use these images for all of your container
    building with podman build, docker
    build, buildah and kiwi

    View Slide

  7. Not ‘tiny at all costs’

    Size matters
    – Easier to Deploy
    – Fewer Updates, Less Risk

    MicroOS is designed to be as small as
    possible, while fulfilling it’s job without

    View Slide

  8. Still Pretty Small

    619MB Bare Metal Install
    – 165 MB kernel-default
    – 152 MB kernel-firmware
    – 68 MB grub2

    382MB VM Image
    – 68 MB grub2
    – 35 MB kernel-default-base
    – 10 MB systemd
    – 288 RPMs, 210 Source Packages

    View Slide

  9. Not the same as ‘JeOS’ or ‘Transactional Server’

    JeOS – regular openSUSE, deployed from a
    very small image, expected to grow as a
    typical multi-purpose system.

    Transactional Server – regular openSUSE
    with a read only root-filesystem, with
    atomic updates, expected to be used as a
    typical multi-purpose system.

    View Slide

  10. What is MicroOS?

    View Slide

  11. Why is MicroOS?

    View Slide

  12. Why is MicroOS?

    Computer’s are not just laptops, desktops,
    and servers any more.

    People don’t even use laptops, desktops
    and servers the same way any more.

    View Slide

  13. 100101010101000101010101111000

    View Slide

  14. IP Webcam
    Do you have an IP Webcam
    or similar IoT Device?
    Ever updated it?

    View Slide

  15. IP Webcam
    There are millions of these devices

    78% of total detected malware activity
    is due to IoT botnets (2018)

    Failed update → Many, many unhappy

    View Slide

  16. O2 UK Network Outage 2019

    Reliable Updates

    Automatic Recovery

    Outage can be very expensive

    Repair can be very time consuming

    View Slide

  17. View Slide

  18. The New World
    More Services = More VMs,
    not more physical
    Limits incompatibilities,
    isolates service problems
    More Hardware is always
    just a Credit Card away
    Single-purpose devices
    are increasingly prolific
    eg. Raspberry Pis

    View Slide

  19. Regular Linux Isn’t Good Enough

    Regular Distros are all like Swiss Army

    Lots of Services & Features
    – Increased chance of incompatibilities
    between services
    – A problem with service A can impact B, C, D,

    View Slide

  20. Single Purpose Systems

    VM/Cloud Instance/IoT device
    deployed to do “just one job”

    Installation contains a minimal
    number of services

    Patching often ignored (Rip n’

    More services to use? Just add more
    VM/Cloud/IoT Devices

    View Slide

  21. Hand Crafted isn’t Good Enough

    Building custom Single Purpose systems
    by hand is a lot of work

    Still often have issues with Configuration

    Still need effort to keep patched

    Optimising for RAM/CPU/Disk is HARD

    View Slide

  22. Nobody is perfect

    Even the best designed & maintained systems
    have flaws

    Those flaws need to be prevented from
    getting in the way of what the system is
    meant to do

    Anything worth doing, is worth being able to

    View Slide

  23. “I NEVER want to touch a running system”
    - Every SysAdmin, ever

    View Slide

  24. Transactional Updates

    Any change to a system should be applied
    reliably, reproducably, and reversibly

    Transactional Updates are:
    – Atomic
    – Either fully applied, or not at all
    – Applied without impacting the running

    View Slide

  25. Health Check

    Checks for errors during boot phase
    – Error with new snapshot:

    Rollback to last known working snapshot
    – Error with already successful booted snapshot:

    Try reboot

    Shutdown services, inform admin

    Needs access to harddisk

    View Slide

  26. openSUSE MicroOS
    openSUSE MicroOS
    The perfect single-service
    Linux-based Operating System
    Salt & Read-Only Root
    Fully automated
    Transactional Updates
    Optimised footprint

    View Slide

  27. MicroOS Architecture
    openSUSE MicroOS is a rolling release
    based on openSUSE Tumbleweed.
    MicroOS is wholly built, developed, and
    tested as part of the Tumbleweed release
    Any test failure detected before the release
    of either Tumbleweed & MicroOS can
    prevent the release of both distributions.

    View Slide

  28. Hardware Requirements
    – EFI, either firmware or u-boot
    – UEFI (secure boot)
    – Legacy Bios
    Memory (Virtualised):
    – 512 MB + Workload
    – 4 GB + Workload

    View Slide

  29. Deployment Options
    streamlined, installer
    Preconfigured, ready to
    use disk images
    Installing directly
    using Saltstack
    For use to configure
    images/systems on first

    View Slide

  30. More about Yomi?
    openSUSE Conference 2019
    Alberto Planas
    Installing openSUSE only
    with SaltStack

    View Slide

  31. Automatic initial configuration: Ignition


    Partly replacement of cloud-init
    – Features:

    Partitioning disks

    Formatting partitions

    Writing files, enable systemd services

    Configure users
    – Runs out of initramfs during first boot
    – Does not touch sub-systems not mentioned in user supplied config

    View Slide

  32. Example Use Cases
    IoT Single-Service VM Container Host Cluster Node Appliances

    View Slide

  33. MicroOS – The Perfect Container Host OS
    Containers make it very easy to separate the
    Service/Application from the operating system.
    Users care about the Service, they shouldn’t care about the
    MicroOS with it’s ‘self caring’ rolling OS means users just
    need to worry about picking and updating the containers
    they choose.

    View Slide

  34. We ❤️ Podman
    Alternative to for standalone container
    hosts/developer machines
    No Daemon
    Supports OCI-containers & Pods
    Familiar commands eg.
    – podman pull
    – podman run

    View Slide

  35. registry.opensuse.org
    We have our own container registry!
    Built direct from packages in OBS
    Rebuilt automatically – Always Fresh
    Signed/Notorised Images

    podman pull registry.opensuse.org/opensuse/tumbleweed

    podman pull registry.opensuse.org/opensuse/leap

    View Slide

  36. My MicroOS Life

    View Slide

  37. Debugging - Toolbox
    Read-only root filesystem:
    – Reboot needed to install additional tools
    – Situation after reboot is different then before
    – Launches small, privileged container
    – Root filesystem available below /media/root
    – zypper to install the necessary tools
    – Persistent between usages

    View Slide

  38. Bye bye Leap..

    View Slide

  39. openSUSE Kubic
    openSUSE Kubic is now a MicroOS
    Derivative, focused specifically on
    Containers and Kubernetes.
    Like MicroOS, it is wholly built,
    developed, and tested as part of the
    Tumbleweed release process.

    View Slide

  40. Kubernetes is special
    Lots of Moving Parts
    Containers, Kubernetes,
    Container Runtime, and
    base Operating System
    all need to be updated
    Containers at Scale
    Kubernetes is designed
    to run 100s-1000s of
    containers at once
    Large Clusters
    Kubernetes clusters can
    span dozens or
    hundreds of physical
    machines or VMs

    View Slide

  41. Kubic – The perfect Kubernetes OS
    Inheriting all the usual benefits of
    openSUSE MicroOS, with optimisations
    for Containers and Kubernetes, including
    – Fully Integrated kubeadm
    – CRI-O Container Runtime
    – Kured for automating reboots across
    the cluster
    – Kubic-Control – alternative cluster
    bootstrapping tool

    View Slide

  42. MicroOS Desktop

    All of this makes perfect sense for ‘servers’,
    why not desktops?

    Auto updated base OS plus Desktop

    Apps from Flatpak

    Currently in [ALPHA]

    View Slide

  43. View Slide

  44. MicroOS Leap 15.2

    All the benefits of MicrOS but based on the
    Leap 15.2 codebase


    View Slide

  45. View Slide