openSUSE project developers presented release of an atomically updated distribution openSUSE Leap Micro 6.0, designed for creating microservices and for use as a base system for virtualization and container isolation platforms. For downloads installation assemblies are available for x86_64 and ARM64 (Aarch64) architectures, as well as ready-made system images for virtualization systems and raw images for copying to media.
The openSUSE Leap Micro distribution is based on the project's technologies MicroOS and is positioned as a community version of a commercial product SUSE Linux Enterprise Micro, characterized by the absence of a graphical interface. You can use the web interface to configure Cockpitallowing you to control the system through a browser, tools cloud-init with settings transferred at every boot or Combustion to set the settings during the first boot. The user is provided with tools for quickly switching from Leap Micro to SUSE SLE Micro – it is understood that you can first implement a solution based on Leap Micro for free, and if you need extended support or certification, transfer your existing configuration to the SUSE SLE Micro product.
A key feature of Leap Micro is its atomic installation of updates, which are downloaded and applied automatically. Unlike atomic updates based on ostree and snap used in Fedora and Ubuntu, openSUSE Leap Micro uses standard package management tools (the transactional-update utility) in combination with the snapshot mechanism in the Btrfs file system instead of building separate atomic images and deploying additional delivery infrastructure (snapshots are used to atomically switch between the system state before and after installing updates). If problems arise after applying updates, you can roll back the system to a previous state. To update the Linux kernel without restarting and pausing live patches.
The root partition is mounted in read-only mode and does not change during operation. To run isolated containers, the toolkit is integrated with support for runtime Podman/CRI-O and Docker. The micro edition of the distribution is used in the ALP (Adaptable Linux Platform) project to ensure the operation of the “host OS” environment. In ALP, it is proposed to use a stripped-down “host OS” to work on top of equipment, and run all applications and user space components not in a mixed environment, but in separate containers or in virtual machines running on top of the “host OS” and isolated from each other.
IN new issue:
- System components have been updated to the package base SUSE Linux Enterprise (SLE) Micro 6.0based on SUSE SLE 15 Service Pack 6.
- A system image has been generated that uses full-disk encryption (FDE, Full Disk Encryption) with key storage in TPMv2, which does not require entering a passphrase during boot. To use this image, you must have a TPMv2 chip in the system or run on a virtualization system that emulates TPMv2.
- The assembly with the traditional installer has been discontinued, replaced by a self-installing system image (installation is carried out by copying the finished image). Manual (with parameter settings) and automatic (unattended) installation modes are supported.
- Added support for confidential virtual machines (CVM, Confidential Virtual Machine), the memory contents of which are encrypted using AMD SEV-SNP and Intel TDX technologies to isolate data in the virtual machine and prevent access to it by the host system.
- The SELinux access control system is set to “enforcing” mode by default (openSUSE Leap Micro uses SELinux instead of AppArmor for enhanced container isolation).
- On x86_64 architecture systems, support for running on systems with BIOS has been deprecated and will be removed in a future release.
- Support for the LTTng (Linux Trace Toolkit: next generation) toolkit has been declared obsolete, instead of which it is recommended to use bpftrace for application tracing.
- Assemblies for the AArch64 architecture provide SoC support:
Ampere X-Gene, eMAG, Altra, Altra MaxAmpereOne
AWS Graviton, Graviton2, Graviton3
Broadcom BCM2837/BCM2710, BCM2711
Fujitsu A64FX
Huawei Kunpeng 916, Kunpeng 920
Marvell ThunderX, ThunderX2; OCTEON TX; Armada 7040, Armada 8040
NVIDIA Grace; Tegra X1, Tegra X2, Xavier, Orin; BlueField, BlueField-2
NXP i.MX 8M, 8M Mini; Layerscape LS1012A, LS1027A/LS1017A, LS1028A/LS1018A, LS1043A, LS1046A, LS1088A, LS2080A/LS2040A, LS2088A, LX2160A
Rockchip RK3399
Socionext SynQuacer SC2A11
Xilinx Zynq UltraScale+ MPSoC
Thanks for reading: