oSC23 - (open)SUSE ALP prototype on AWS, experimental, but fun!

Transcript

1. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   openSUSE ALP prototype on AWS
   Dominik Wombacher
   Sr. Partner Solutions Architect
   [email protected]
   Experimental, but fun!
   

   View Slide

2. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Session Agenda
   openSUSE ALP
   Building an AWS EC2 image on OBS
   From OBS to AWS AMI
   openSUSE ALP on AWS
   Q&A
   2
   

   View Slide

3. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Disclaimer
   U N O F F I C I A L A N D U N S U P P O R T E D P R O T O T Y P E
   3
   

   View Slide

4. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   openSUSE ALP
   4
   

   View Slide

5. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Overview
   Lightweight base operating system
   Host OS and Application layer separated
   Immutable operating system
   Transactional updates
   Security focused
   W H A T I S T H E A D A P T A B L E L I N U X P L A T F O R M ?
   5
   

   View Slide

6. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Technical highlights
   Read-only root filesystem
   BTRFS Snapshots
   Zero touch configuration
   W H A T M A K E S A L P D I F F E R E N T ?
   6
   

   View Slide

7. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Transactional updates demystified
   U P D A T E A I M M U T A B L E O P E R A T I N G S Y S T E M
   7
   transactional-update up
   new snapshot
   zypper up
   reboot
   snapshot #1
   boot snapshot #2
   snapshot #2
   boot snapshot #1
   On failure, reboot into snapshot #1
   

   View Slide

8. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Challenges
   Breaking changes
   Probably no In-place migration
   Applications as container instead rpm
   C L I M B I N G T H E A L P ( S ) I S N ’ T A L W A Y S E A S Y
   8
   

   View Slide

9. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
   Building an AWS EC2 Image
   on Open Build Service
   9
   

   View Slide

10. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Amazon Machine Image
    Required to launch an Amazon EC2 Instance
    Contains one or more Amazon EBS snapshots
    Provided by AWS and 3rd parties
    Customize or build from scratch
    W H A T I S A N A M I ?
    10
    Amazon EC2 Image Builder
    Amazon Elastic Compute
    Cloud (Amazon EC2)
    

    View Slide

11. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Amazon Machine Image
    A M I L I F E C Y C L E
    11
    Snapshot AMI
    AMI
    Instance
    create
    register
    deregister
    launch
    copy
    

    View Slide

12. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Open Build Service
    O B S P A C K A G E L I F E C Y C L E
    12
    commit
    build
    change
    publish
    checkout
    Workers Repository
    

    View Slide

13. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    OBS Package AWS EC2 AMI
    Based on SUSE ALP Bedrock 0.1
    Inspired by openSUSE Leap Cloud Images
    P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K
    13
    Branched packages
    cloud-init
    amazon-ssm-agent
    flatpak
    Additional packages
    aws-cli
    cloud-netconfig-ec2
    dhcp-client
    

    View Slide

14. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    OBS Package AWS EC2 AMI
    Overlay ec2-root
    cloud-init config
    chrony timeserver
    kernel modules
    udev rules
    motd
    Overlay repos
    branched packages
    ALP Bedrock media
    Workaround for bug bsc#1211405
    $arch (x86_64_v4)
    $basearch (x86_64)
    P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K
    14
    

    View Slide

15. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    From OBS to AWS AMI
    15
    

    View Slide

16. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    From OBS to AWS AMI
    W O R K F L O W
    16
    commit
    build publish
    Workers Repository
    1) Download
    2) Decompress
    3) Upload to S3
    4) Import
    5) Register
    6) Launch
    Snapshot AMI Instance
    import register launch
    S3 Bucket
    download
    upload
    decompress
    

    View Slide

17. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    From OBS to AWS AMI
    A U T O M A T I O N
    17
    

    View Slide

18. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    From OBS to AWS AMI
    AWS CodePipeline >
    AWS CodeBuild >
    Ansible
    Deploy
    Check
    Clean-up
    T E S T I N G
    18
    

    View Slide

19. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    openSUSE ALP on AWS
    19
    

    View Slide

20. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    State of integration
    Customizing on boot via cloud-init
    Accessing metadata (IMDSv2)
    NTP 169.254.169.123
    DNS 169.254.169.253
    AWS CLI
    AWS Systems Manager
    Run Command
    Fleet Manager
    Session Manager
    H O W D O E S O P E N S U S E A L P I N T E R A C T W I T H A W S S E R V I C E S
    20
    

    View Slide

21. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Comparison to openSUSE Leap
    Not supported by AWS SSM
    SELinux in enforced mode
    wicked replaced by NetworkManager
    Toolbox Container for debugging
    Pre-installed Salt minion and Cockpit
    BTRFS root filesystem
    Transactional updates
    NeuVector security scanning
    O P E N S U S E A L P D I F F E R E N C E S , N O T J U S T O N A W S
    21
    

    View Slide

22. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Comparison to openSUSE Leap
    S U S E N E U V E C T O R
    22
    

    View Slide

23. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
    Thank you!
    Dominik Wombacher
    Sr. Partner Solutions Architect
    [email protected]
    https://pulse.buildon.aws/survey/4L6DKGJG
    Please provide Feedback
    

    View Slide