oSC23 - (open)SUSE ALP prototype on AWS, experimental, but fun!

Transcript

1. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP prototype on AWS Dominik Wombacher Sr. Partner Solutions Architect [email protected] Experimental, but fun!

2. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Session Agenda openSUSE ALP Building an AWS EC2 image on OBS From OBS to AWS AMI openSUSE ALP on AWS Q&A 2

3. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Disclaimer U N O F F I C I A L A N D U N S U P P O R T E D P R O T O T Y P E 3

4. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP 4

5. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Overview Lightweight base operating system Host OS and Application layer separated Immutable operating system Transactional updates Security focused W H A T I S T H E A D A P T A B L E L I N U X P L A T F O R M ? 5

6. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Technical highlights Read-only root filesystem BTRFS Snapshots Zero touch configuration W H A T M A K E S A L P D I F F E R E N T ? 6

7. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Transactional updates demystified U P D A T E A I M M U T A B L E O P E R A T I N G S Y S T E M 7 transactional-update up new snapshot zypper up reboot snapshot #1 boot snapshot #2 snapshot #2 boot snapshot #1 On failure, reboot into snapshot #1

8. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. Challenges Breaking changes Probably no In-place migration Applications as container instead rpm C L I M B I N G T H E A L P ( S ) I S N ’ T A L W A Y S E A S Y 8

9. © 2023, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Building an AWS EC2 Image on Open Build Service 9

10. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Amazon Machine Image Required to launch an Amazon EC2 Instance Contains one or more Amazon EBS snapshots Provided by AWS and 3rd parties Customize or build from scratch W H A T I S A N A M I ? 10 Amazon EC2 Image Builder Amazon Elastic Compute Cloud (Amazon EC2)

11. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Amazon Machine Image A M I L I F E C Y C L E 11 Snapshot AMI AMI Instance create register deregister launch copy

12. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Open Build Service O B S P A C K A G E L I F E C Y C L E 12 commit build change publish checkout Workers Repository

13. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Based on SUSE ALP Bedrock 0.1 Inspired by openSUSE Leap Cloud Images P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 13 Branched packages cloud-init amazon-ssm-agent flatpak Additional packages aws-cli cloud-netconfig-ec2 dhcp-client

14. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Overlay ec2-root cloud-init config chrony timeserver kernel modules udev rules motd Overlay repos branched packages ALP Bedrock media Workaround for bug bsc#1211405 $arch (x86_64_v4) $basearch (x86_64) P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 14

15. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI 15

16. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI W O R K F L O W 16 commit build publish Workers Repository 1) Download 2) Decompress 3) Upload to S3 4) Import 5) Register 6) Launch Snapshot AMI Instance import register launch S3 Bucket download upload decompress

17. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI A U T O M A T I O N 17

18. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI AWS CodePipeline > AWS CodeBuild > Ansible Deploy Check Clean-up T E S T I N G 18

19. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP on AWS 19

20. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. State of integration Customizing on boot via cloud-init Accessing metadata (IMDSv2) NTP 169.254.169.123 DNS 169.254.169.253 AWS CLI AWS Systems Manager Run Command Fleet Manager Session Manager H O W D O E S O P E N S U S E A L P I N T E R A C T W I T H A W S S E R V I C E S 20

21. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Comparison to openSUSE Leap Not supported by AWS SSM SELinux in enforced mode wicked replaced by NetworkManager Toolbox Container for debugging Pre-installed Salt minion and Cockpit BTRFS root filesystem Transactional updates NeuVector security scanning O P E N S U S E A L P D I F F E R E N C E S , N O T J U S T O N A W S 21

22. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Comparison to openSUSE Leap S U S E N E U V E C T O R 22

23. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you! Dominik Wombacher Sr. Partner Solutions Architect [email protected] https://pulse.buildon.aws/survey/4L6DKGJG Please provide Feedback