SUSE Formalizes Container Strategy with a New Linux Distro, MicroOS
Arguably, CoreOS Linux could be called the first Linux-based operating system designed for cluster computing, containers/microservices. Even if CoreOS Linux (since renamed “Container Linux“) had its roots in the traditional Linux OS, it offered a new approach towards operating systems: One of the most significant features of Container Linux is transitional upgrades that keep the system up-to-date without user intervention.
Red Hat responded with Project Atomic, and Canonical came out with Snappy Core. That left one of the trinities of the Linux world, SUSE, behind. While the industry was transforming, SUSE was going through a transitional time as its parent company Novell was purchased by the Attachmate Group and was spun out as its own business unit in 2011. And in 2014 Attachmate itself was purchased by Micro Focus.
While observers noted that Attachmate provided SUSE with the much-needed leadership that the German company lacked under Novell, the Micro Focus merger/acquisition gave SUSE the freedom and financial support it needed to spread its wings again. The company started investing heavily in hiring engineers and spreading its technology and product portfolio. SUSE was ready to respond to new demands.
The company has been working on a platform called SUSE Container as a Service Platform. SUSE CaaSP puts together SUSE Linux Enterprise MicroOS, a variant of SUSE Linux Enterprise Server optimized for running Linux containers (also in development), and container orchestration software based on Kubernetes.
In an interview, SUSE’s new CTO, Dr. Thomas Di Giacomo told us that there are many customers who are running legacy systems but they want to migrate to modern technologies over time. Today, if you want to start from scratch, you will start with containers. “We want to make sure that companies that have legacy infrastructure and legacy applications can move to modern technologies, where container as a service is offered through that OS itself,” said “Dr. T” (as he is known in SUSE circles). That’s what CaaSP with MicroOS is being designed to do.
The World is Not Enough
Those who are aware of SUSE’s history and technology portfolio may have heard of JeOS (Just Enough Operating System) by SUSE. Why didn’t SUSE use JeOS instead of inventing a new operating system? Simona Arsene, SUSE product manager explained that just like SUSE Linux Enterprise Server, JeOS is actually a multipurpose operating system. “That means it’s not only focused on containers. It can be used in any other virtual environment. It can be used by embedded system. It can be used in any other VM environment.”
And what’s the problem with using a multi-purpose operating system like SUSE Linux Enterprise Server or JeOS? “Right now when you try to build your containerized solution on SUSE technology there are some challenges and we are trying to solve those problems with MicroOS platform,” Arsene explained. “Yes, you have SUSE Linux Enterprise Server which as a multipurpose operating system that can do a lot of things but it’s not really optimized for containers.”
“We started JeOS in 2015 and we tried to position it as a container host operating system as one. We realized down the road that this is not enough, and we have to take a decision: either we adjust JeOS or we look for something else,” said Arsene. “JeOS was received very well in the embedded systems space so we needed to keep it for a particular part of the market, but those are not the container users. Over the last couple of months we have been discussing to develop something specialized for container, something that focuses only on this area. We decided to keep JeOS as a multiple purpose operating system because it makes perfect sense in its own market.”
“Our goal, with the CaaS Platform and MicroOS, is to offer customers an easy to use solution that is going to fulfill their need to run applications in a container,” she added. “However, just the way SUSE Linux Enterprise Server and JeOS are not ideal as a container OS, MicroOS is not ideal for other cases. It’s not the successor of SUSE Linux Enterprise Server.”
“If customers still run mixed environments, if customers are not necessarily looking at containers then MicroOS is not the answer for them. Which is fine with us because we have something for everyone: we have SUSE Linux Enterprise Server and JeOS,” Arsene said.
MicroOS is not going to cannibalize JeOS or SUSE Linux Enterprise Server. Andreas Jaeger, Product Manager at SUSE, is of the opinion that “MicroOS expands SUSE’s market. Right now you can set up a cluster with SUSE Linux Enterprise Server, Kubernetes and some toolsets in a hard way, but we want to make it easier. And by creating MicroOS for that job we are opening more doors for SUSE Linux Enterprise Server. Now you can be a complete SUSE shop using different technologies for different workloads.”
“What we are introducing now in the market is actually a solution for containers where none of the two solutions were fulfilling all the needs that the new world is building around containers,” said Arsene.
SUSE CaaS Platform explained: core components
CaaSP, a new platform by SUSE has three components: MicroOS, Kubernetes and the third is a configuration where users will have the Salt configuration tool and a container engine, such as Docker.
What goes into MicroOS is comparable to a minimal system of SLES. It contains everything to be able to boot on your machine, whether on bare metal or a virtual machine like KVM, Xen, VMware,” explained Thorsten Kukuk, a SUSE distinguished engineer and senior architect. “It contains the kernel, glibc, systemd, dependencies and all of that we need to boot the machine and start Docker, Kubernetes, etc., whatever we need for it.”
Then there are tools for transactional updates. The whole system is configured to boot in with cloud-init. Those who are coming from cloud experience know cloud-init and can configure it. “What’s different from SUSE Linux Enterprise Server is that with MicroOS the root filesystem is read-only, so you can’t write to it. Only etc is writable but whatever you write is deleted with next reboot so every reboot you have a clean system and then you can use cloud-init to apply the configuration you need for your system,” said Kukuk.
In a nutshell, “What we are trying to do with MicroOS is ‘extract’ a targeted system out of SUSE Linux Enterprise Server for containers,” Arsene said.
Secret Sauce: Btrfs
MicroOS will offer transactional updates so that the system is always updated, no more unpatched or insecure code running in production. That’s exactly how modern operating systems should be designed.
Greg Kroah-Hartman, one of the leading Linux kernel developers said in an interview, “You have to be able to run a system that can upgrade itself. Lots of people run systems where they don’t accept they can’t update their kernel, or they think if they stick with the kernel, and if nothing changes, it’s good. That’s not true. We’re fixing about ten bugs in the kernel every day. Not all of them are security issues, but sometimes the big problem is we don’t know if an issue is a security issue or not.”
But these systems also need to be fail safe. If an update breaks something, it should not stop services. MicroOS is relying on snapshot feature of Btrfs file system, which differentiates it from CoreOS’ Container Linux, Ubuntu Core and Project Atomic. Other systems have two partitions where one is updated while the other one runs and they switch after reboot. With Btrfs you have one partition but you can keep as many snapshots as you want and switch among them. All updates are created as a snapshot and after system runs the latest snapshot after reboot if something fails it automatically boots into the previous working snapshot. And since we are talking about clusters, there is no downtime.
MicroOS is not aiming to be yet another container OS. “While we were researching a bit on the solutions that are already out there, we realized that there is almost nothing that guides you completely through the whole process,” said Jaeger, “You still have to do lots of research. You still have to do lots of self-learning just to understand which one is the ratio between that machines that you have, the performance that you want to get out of this, and how those things should be structured, and what we’re trying to do is exactly to lower this kind of entrance level, so to have same defaults, to have proposals for a user, then basically they can take or modify, but basically you can already start with something that is ready to go even if you never touch, like you never touched it before.”
Kubernetes Is the Glue That Binds It All Together
The second pillar of CaaSP is Kubernetes, the work SUSE has done with Kubernetes to offer orchestration of containers. “We are betting on this. I call them gluing together the two technologies, so it’s not only SUSE Linux Enterprise Server. Kubernetes is a core component of it. The goal of CaaSP is to work together with Kubernetes to have a stack that is working out of the box for you and you don’t have to worry about what the OS is and how to do all of this. You just have the solution you deployed. It works for your cluster.”
We are visibly going to take everything up to the Kubernetes layer and once you are at Kubernetes layer, it really doesn’t matter what cluster it is,” said Federica Teodori, SUSE technical project manager. “If you want to hook something to the Kubernetes part, it really doesn’t matter so we will take care of making sure that you have a ready to go Kubernetes cluster. We will take care of the deployment of the stack and then it’s up to the user what they want to run on Kubernetes.
The third pillar will be Salt and a container engine, such as Docker. SUSE is a heavy user of Salt and at times people wonder if SUSE will acquire the technology.
So when can you get it? SUSE will start a public beta of CaaSP in March 2017 and the final product is expected in July 2017. SUSE has created a mailing list, the way most Linux projects operate so that customers or potential users interested in this can subscribe to mailing lists and stay informed.