Upgrade to Pro — share decks privately, control downloads, hide ads and more …

oSC23 - (open)SUSE ALP prototype on AWS, experi...

oSC23 - (open)SUSE ALP prototype on AWS, experimental, but fun!

How does the latest prototype of the Adaptable Linux Platform behave on AWS? What is required to build a EC2 compatible image via OBS? How does the workflow look like to go from OBS to an available and deployable AMI? What is the state of integration with AWS compared to openSUSE Leap? And what has SUSE NeuVector todo with all that? Let me take you on my journey and share my experiences, thoughts and results with you.

Presented at openSUSE Conference 2023:
https://events.opensuse.org/conferences/oSC23/program/proposals/4163

Dominik Wombacher

May 26, 2023
Tweet

More Decks by Dominik Wombacher

Other Decks in Technology

Transcript

  1. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP prototype on AWS Dominik Wombacher Sr. Partner Solutions Architect [email protected] Experimental, but fun!
  2. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Session Agenda openSUSE ALP Building an AWS EC2 image on OBS From OBS to AWS AMI openSUSE ALP on AWS Q&A 2
  3. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Disclaimer U N O F F I C I A L A N D U N S U P P O R T E D P R O T O T Y P E 3
  4. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP 4
  5. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Overview Lightweight base operating system Host OS and Application layer separated Immutable operating system Transactional updates Security focused W H A T I S T H E A D A P T A B L E L I N U X P L A T F O R M ? 5
  6. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Technical highlights Read-only root filesystem BTRFS Snapshots Zero touch configuration W H A T M A K E S A L P D I F F E R E N T ? 6
  7. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Transactional updates demystified U P D A T E A I M M U T A B L E O P E R A T I N G S Y S T E M 7 transactional-update up new snapshot zypper up reboot snapshot #1 boot snapshot #2 snapshot #2 boot snapshot #1 On failure, reboot into snapshot #1
  8. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Challenges Breaking changes Probably no In-place migration Applications as container instead rpm C L I M B I N G T H E A L P ( S ) I S N ’ T A L W A Y S E A S Y 8
  9. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Building an AWS EC2 Image on Open Build Service 9
  10. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Amazon Machine Image Required to launch an Amazon EC2 Instance Contains one or more Amazon EBS snapshots Provided by AWS and 3rd parties Customize or build from scratch W H A T I S A N A M I ? 10 Amazon EC2 Image Builder Amazon Elastic Compute Cloud (Amazon EC2)
  11. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Amazon Machine Image A M I L I F E C Y C L E 11 Snapshot AMI AMI Instance create register deregister launch copy
  12. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Open Build Service O B S P A C K A G E L I F E C Y C L E 12 commit build change publish checkout Workers Repository
  13. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Based on SUSE ALP Bedrock 0.1 Inspired by openSUSE Leap Cloud Images P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 13 Branched packages cloud-init amazon-ssm-agent flatpak Additional packages aws-cli cloud-netconfig-ec2 dhcp-client
  14. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. OBS Package AWS EC2 AMI Overlay ec2-root cloud-init config chrony timeserver kernel modules udev rules motd Overlay repos branched packages ALP Bedrock media Workaround for bug bsc#1211405 $arch (x86_64_v4) $basearch (x86_64) P R O J E C T : H O M E : W O M B E L I X : I M A G E S : A L P : B E D R O C K 14
  15. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI 15
  16. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI W O R K F L O W 16 commit build publish Workers Repository 1) Download 2) Decompress 3) Upload to S3 4) Import 5) Register 6) Launch Snapshot AMI Instance import register launch S3 Bucket download upload decompress
  17. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI A U T O M A T I O N 17
  18. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. From OBS to AWS AMI AWS CodePipeline > AWS CodeBuild > Ansible Deploy Check Clean-up T E S T I N G 18
  19. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. openSUSE ALP on AWS 19
  20. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. State of integration Customizing on boot via cloud-init Accessing metadata (IMDSv2) NTP 169.254.169.123 DNS 169.254.169.253 AWS CLI AWS Systems Manager Run Command Fleet Manager Session Manager H O W D O E S O P E N S U S E A L P I N T E R A C T W I T H A W S S E R V I C E S 20
  21. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Comparison to openSUSE Leap Not supported by AWS SSM SELinux in enforced mode wicked replaced by NetworkManager Toolbox Container for debugging Pre-installed Salt minion and Cockpit BTRFS root filesystem Transactional updates NeuVector security scanning O P E N S U S E A L P D I F F E R E N C E S , N O T J U S T O N A W S 21
  22. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Comparison to openSUSE Leap S U S E N E U V E C T O R 22
  23. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you! Dominik Wombacher Sr. Partner Solutions Architect [email protected] https://pulse.buildon.aws/survey/4L6DKGJG Please provide Feedback