Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

openSUSE Micro could be your next container OS | #linux | #linuxsecurity | #hacking | #aihp



Image: gustavofrazao/Adobe Stock

openSUSE Micro is a new Linux distribution geared toward hosting containerized workloads with automated administration and patching. With this open-source, purpose-built operating system you’ll have an environment specifically designed for workloads that would benefit from transactional updates. This rolling-release distribution could be just the thing your company needs.

openSUSE Micro aims to be predictable, scalable, reliable and flexible. With this new take on containerized deployments, you don’t have to learn a new package format (as it uses standard openSUSE RPMs), there are no size limitations and it can be rolled out easily and repeatedly.

I installed openSUSE Micro to see what was what. My impression was a mixed bag, but given this platform is fairly new, that is to be expected. Let’s dive in.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

System Roles

One of the first departures from regular openSUSE you’ll find is that of System Roles. During installation, you can choose what role the OS will serve. However, at first blush, those roles are a bit confusing.

  • MicroOS: Designed for single-purpose systems and optimized for large deployments. Provides no services by default. This will install the OS without a desktop environment.
  • MicroOS Container Host: Optimized for containers and installs Podman. This also installs without a desktop environment, but it does install everything necessary to deploy containers.
  • MicroOS Desktop (GNOME): Same as MicroOS Container Host, only with a desktop environment, automatic updates and rollbacks. This system role is beta.
  • MicroOS Desktop (KDE): Same as MicroOS Container Host, only with a desktop environment, automatic updates and rollbacks. This system role is alpha.
  • MicroOS with Remote Attestation (Agent): Same as MicroOS but with remote attestation agent. Remote Attestation is a method in which a host authenticates hardware and software configurations to a remote server. This installs the agent portion.
  • MicroOS with Remote Attestation (Verifier): Same as MicroOS but with remote attestation verifier. Remote Attestation is a method in which a host authenticates hardware and software configurations to a remote server. This installs the verifier portion.

I opted to install the MicroOS Desktop (GNOME) system role, mostly just to see how it fared. The installation was not flawless, in that I had to keep hitting Retry as several packages failed to install on the first attempt.

In the end, I did wind up with a complete and working installation with a vanilla GNOME desktop environment. Because I installed openSUSE Micro as a VirtualBox VM, I was unable to successfully get the Guest Additions installed or run the VM with a different graphics controller, which meant the desktop resolution was rather tiny. Because of this, your best bet if you’re planning on going the virtual route is to install without the desktop environment.

Another issue I discovered out of the gate is that the filesystem is mounted as read-only, so installing software is not an option. The good news, however, is that using the Podman container runtime library works exactly as expected.

Let me explain. The read-only file system is done intentionally for security purposes. You have to remember that openSUSE Micro is not intended to be used as a standard operating system but instead for containerized and similar deployments. Because of that, you should not need the file system to be mounted in read/write mode. In fact, you do not want the file system to be mounted any way but read-only. So, right off the bat, I feel safe with openSUSE Micro as a platform for containers.

But there’s a catch. I prefer to manage my containers via a GUI, but my go-to manager, Portainer, does not yet support Podman, and because the system boots in read-only mode, I couldn’t install Cockpit. There’s a way around that.

Once you have openSUSE Micro booted, edit the fstab with the command:

vi /etc/fstab

You’ll want to look for the line that ends in ro and change that to rw. Once you’ve done that, save the file, reboot the machine and install Cockpit with Podman support using the command:

sudo zypper install cockpit cockpit-podman

That should have worked. However, in similar fashion to what I experienced during the installation of the OS, the cockpit-bridge package failed to install without any indication as to why. No matter how I tried to get it to install, it was a no-go.

That’s fine because I can work with Podman from the command line. Besides, you really don’t want to install anything extra on a platform geared toward scalable container deployments. This should remain as minimal as possible. My only purpose was to see what all I could do with openSUSE Micro. So instead of depending on a GUI, I opted to test out a quick deployment. I’m not going to lie, Podman is not nearly as user-friendly as Docker. For example, I can deploy a WordPress site with ease using Docker. With Podman, not so much.

Even so, I opted to do a simple NGINX deployment with Podman with the commands:

podman pull docker.io/nginx

podman  run -d --name docker-nginx -p 8080:80 docker.io/nginx

That deployment went off without a hitch, but it’s very basic. To take this one step further, I deployed Joomla with Podman using the following commands:

podman pod create --name mypod --publish 8080:80

podman run -dit --pod mypod -e MYSQL_DATABASE=joomla -e MYSQL_USER=joomlauser -e MYSQL_PASSWORD=joomlapassword -e MYSQL_ROOT_PASSWORD=rootpw --name mariadb docker.io/library/mariadb

podman run -dit --pod mypod -e JOOMLA_DB_HOST=127.0.0.1 -e JOOMLA_DB_USER=joomlauser -e JOOMLA_DB_PASSWORD=joomlapassword -e JOOMLA_DB_NAME=joomla --name joomla docker.io/library/joomla

Joomla was ready for the GUI install and running like a champ. I was surprised at how responsive the Joomla deployment was, which is a testament as to how performant openSUSE Micro is even with a desktop installed.

In the end, I believe openSUSE Micro is an outstanding option for those looking to deploy an OS purpose-built for containerized applications. It’s small, extremely fast and secure.

Download an ISO of openSUSE Micro and give it a try. I have a feeling it could wind up your go-to platform for container deployment.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Click Here For The Original Source.


————————————————————————————-

Translate

Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish