Home Home > Tag > MicroOS
Sign up | Login

Posts Tagged ‘MicroOS’

Kata Containers Packages are Available officially in openSUSE Tumbleweed

August 17th, 2019 by

Kata Containers is an open source container runtime that is crafted to seamlessly plug into the containers ecosystem.

We are now excited to announce that the Kata Containers packages are finally available in the official openSUSE Tumbleweed repository.

It is worthwhile to spend few words explaining why this is a great news, considering the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the containers ecosystem, and given its importance for openSUSE and Kubic.

What is Kata

As already mentioned, Kata is a container runtime focusing on security and on ease of integration with the existing containers ecosystem. If you are wondering what’s a container runtime, this blog post by Sascha will give you a clear introduction about the topic.

Kata should be used when running container images whose source is not fully trusted, or when allowing other users to run their own containers on your platform.

Traditionally, containers share the same physical and operating system (OS) resources with host processes, and specific kernel features such as namespaces are used to provide an isolation layer between host and container processes. By contrast, Kata containers run inside lightweight virtual machines, adding an extra isolation and security layer, that minimizes the host attack surface and mitigates the consequences of containers breakout. Despite this extra layer, Kata achieves impressive runtime performances thanks to KVM hardware virtualization, and when configured to use a minimalist virtual machine manager (VMM) like Firecracker, a high density of microVM can be packed on a single host.

If you want to know more about Kata features and performances:

  • katacontainers.io is a great starting point.
  • For something more SUSE oriented, Flavio gave a interesting talk about Kata at SUSECON 2019,
  • Kata folks hang out on katacontainers.slack.com, and will be happy to answer any quesitons.

Why is it important for Kubic and openSUSE

(more…)

GNOME 3.32 Arrives in Month’s First Tumbleweed Snapshot

May 9th, 2019 by

This month has produced a total of three openSUSE Tumbleweed snapshot thus far and GNOME 3.32.1 was made available to Tumbleweed users in snapshot 20190505. The key packages that arrive so far this month are a newer Linux Kernel, a minor update for python-setuptools and the text editor GNU Nano fixed the spell checker from crashing.

The latest Tumbleweed snapshot, 20190507, which delivered nano 4.2, had a large update of changes for ghostscript 9.27; the versatile processor for PostScript data extensively cleaned up the Postscript name space and will now focus on the next releases to make SAFER the default mode of operation. The Optimized inner loop Runtime Compiler, orc 0.4.29, added decorator command line argument to add function decorators in header files. The latest python-setuptools 41.0.1 version fixed issues with the PEP 517, which specifies a standard API for systems which build Python packages. Text editor vim 8.1.1282 was also released in the snapshot. The snapshot is currently trending at a 95 rating, according to the Tumbleweed snapshot reviewer.

Mozilla Firefox 66.0.4 fixed extension certificate chain in snapshot 20190506. There was an improvement to network status detection with Network Manager with the glib2 2.60.2 update. The asn1c-based parser was replaced by an openssl-based PKCS parser with the kmod 26 package. The openblas_pthreads 0.3.6 had some changes for POWER6, PowerPC 970 and ARMv7 and ARMv8. The 1.28 perl-YAML package offered a security fix and xfsprogs updated to the 5.0.0 version from 4.20.0. The snapshot is currently trending stable at a 92 rating on the Tumbleweed snapshot reviewer.

The snapshot that started out the month, snapshot 20190505, had a large amount of package updates. GNOME 3.32.1 was perhaps the most anticipated to arrive as the Taipei version offered various fixes to initial loading screens, updated the featured app ID,fixed Flatpak permissions to correctly show up for available apps and much more. The release introduced an experimental feature for Wayland desktop sessions that enables fractional scaling. Once enabled, desktops at certain resolutions can be scaled by non-integer values. The Advanced Trivial File Transfer Protocol (atftp) 0.7.2 version fixed a potential DoS bug introduced by a IPv6 patch. Compiler cache ccache 3.7.1 fixed a temporary file leak when the depend mode is enabled and the compiler produces standard error output; it also fixed crash when the debug mode is enabled and the output file is in a non-writable directory. Ceph added the lvmcache plugin and both the openSUSE Kubic and MicroOS installation images prevent MD/RAID auto-assembly if linuxrc says so. The  5.0.11 Linux Kernel added new USB Link Power Management (LPM) helpers. Other noteworthy packages updated in the snapshot were libsoup 2.66.1, libstorage-ng 4.1.119, webkit2gtk3 2.24.1 and yast2 4.2.1.  The snapshot is currently trending stable at a 96 rating on the Tumbleweed snapshot reviewer.

openSUSE Kubic Moves in a New Direction

August 9th, 2018 by

Dear Community,

It has been more than a year since the openSUSE community started the Kubic Project, and it’s worth looking back over the last months and evaluating where we’ve succeeded, where we haven’t, and share with you all our plans for the future.

A stable base for the future

Much of our success has been in the area generally referred to as **MicroOS**, the part of the Kubic stack that provides a stable operating system that is **atomicly updated** for running containers.

Not only is Kubic MicroOS now a fully integrated part of the openSUSE Tumbleweed release process, but our Transactional Update stack has also been ported to regular openSUSE Tumbleweed and Leap.

Based on the community’s feedback, the new System Role has been further refined and now includes fully automated updates out of the box.

This collaboration is continuing, with many minor changes to the regular openSUSE installation process coming soon based on lessons learned with tuning the installation process in Kubic.

Reviewing our initial premise

We haven’t just been busy on the basesystem. Our efforts with Rootless Containers continue, and you can now use the “Docker-alternative” Podman CRI-O in both Kubic and regular openSUSE. But when considering the Initial Premise of the Kubic project, it’s probably safe to say we’re not where we hoped to be by now.

(more…)