Is there a forum or community for microOS specifically? I’m not finding this here or elsewhere. I’m trying to learn more about it but the wiki and documentation is lacking.
Have you seen https://microos.opensuse.org/?
MicroOS is reusing existing technologies, I do not see why one would duplicate existing documentation. My impression is that wiki gives decent overview of technologies used to build MicroOS images, with links to individual descriptions. May be if you have more specific questions someone could answer them.
I use it, not tried Leap yet, but run containers with tumbleweed and SLES brought up via vagrant. Or you looking and real hardware, that’s on my plan with Leap on two intel systems, just need some nvmes for the motherboards.
Yes I’ve seen that …that’s where I downloaded it. The technology isn’t exactly “existing tech” being repurposed, microOS is different in the fact it’s an immutable OS with transactional updates. While it’s based on TW it is different in scope and practice. It would be nice to have a forum where people who use it can talk about it specifically instead of a generic approach.
I’m running it on proxmox. I’m just testing it and it’s new to me but I was planning on running some docker containers via podman since I hear docker and podman are compatible. I’m kinda confused about the transactional update approach. I ran a update on it and it forced me to reboot and from what I’m reading, unless I’m wrong, every update requires this and the system does this automatically. Even installing a package like htop required a reboot. What’s the advantage of this sort of tech if you have to reboot so often which takes down the containers or any other service? I’m curious how this is being used in the corporate world like this where we have to get a schedule approved to patch and reboot and service uptime for containers is highly important. Also, I don’t see a /etc/sshd config to enable “password auth” so are we just suppose to put a key in roots ssh dir? Those are just two things I’m curious about. This is what I was saying it would be nice to have a place to converse about how people are using it.
I’m running k3s, with vagrant boxes I add ignition for some configuration (eg ssh config, passowrds etc), then install anything specific when bring up the node in the vagrant file. For management I use Rancher which does the monitoring as well as plethora of other tasks.
For quick testing I use Rancher-Desktop and containerd, but can switch over to moby. https://rancherdesktop.io/
I have a few articles on MicroOS over at https://community.suse.com/
Nice, I’m just using one intel nuc I5 so I’d think podman would be better since kubernetes is mostly for “multiple” clustered machines…correct? I’m really still curious from a admin side…how often do you update and I’d assume you reboot after every update or package install. How does workout in a production environment. For some reason I had a false assumption about microOS that you would continually update without reboots …except maybe kernel updates. I’m trying to see what the positives are per say running a leap or tw server other than tighter security from running immutable.
That’s why I like the cluster, move the workloads, add, destroy or update, bring up a new updated node etc. To be honest, there is nothing I install on the OS, In my vagrant install, it installs k3s it’s associated token and mc (minio client for S3 backup) on the master and cluster nodes, then have additional worker nodes. These are all vm’s on one machine (HP Z440 24 threads, 64GB RAM) most of the time. I use helm charts to deploy.
Different from what exactly? You can select transactional server role during standard openSUSE installation (https://doc.opensuse.org/documentation/leap/startup/html/book-startup/cha-install.html#sec-yast-install-system-role). MicroOS is mostly different in a) packaging (single image vs. collection of packages), b) installation method (image deployment vs. running installer) and c) integrated engine to perform first boot setup that allows to reuse single image for mass deployment. In principle you could use AutoYaST to achieve the same result and actually this is exactly what is used by DVD image - it contains AutoYaST control file to perform silent installation with predefined parameters.
Correct. This is even described on wiki.
and the system does this automatically.
It is not my experience. But until you reboot you won’t have updates.
I’m curious how this is being used in the corporate world
Probably corporates do not spend their time installing packages but deploy image to run production workload?
like this where we have to get a schedule approved to patch and reboot
And how is it different from any other container update where you pull new image and restart container with it?
and service uptime for containers is highly important.
No. Uptime for workload is highly important. Every single system/container is just one part of overall infrastructure to ensure application availability. For this reason containers are dispensable and you need to architect your solution to not depend on availability of any single system/container.
I don’t see a /etc/sshd config to enable “password auth”
There is no /etc/sshd_config at all. But you better start new thread with clear subject if you have questions about sshd.
I was wrong, it was used in Leap Micro, current MicroOS DVD just deploys image.
This is common misconception.
To actually apply update you need to restart any program that is using updated binaries (or sometimes even configuration files). Without it you have a false sense of security - update is “installed” but you continue to run old, presumably vulnerable, code. Restarting program already means downtime for application. And if you update some shared library used by (almost) every running program, like glibc or openssl, you need to restart everything, at which point it is much easier to reboot than to try whack-a-mole.
Also containers are usually deployed to run a single application, so reboot after patch is simply more efficient and easier to implement - you have common operation and do not need to know details how to restart individual application(s).
And if you care about availability you need to handle outage of your container anyway, at which point it does not matter whether outage is planned or unplanned.
Everything you just said proves my point…microOS is different in principal and scope. And, not everybody runs containers; I work with clients that have fleets of servers that span several data centers and yes they have to patch ever single one; while they use tools to do this they still have to get schedules and do them in batches. These are servers that might not have any containers on them but rather standard Debian / Redhat boxes that are running mysql or postgres etc. Personally, I’m interested in it for running / learning containers as I believe I can squeeze extra resources out of my single NUC. But I’ll run other services that are not containers. I see MicroOS has a Desktop version and wonder what benefit people are getting from this vs Just a standard TW install. I don’t always have to reboot my TW install if I don’t install a new kernel or something requiring a reboot and I don’t reboot for something simple like installing vim. Again, as pointed out in my previous post I was looking for a place to converse with others using it for perspective. I might just misunderstand the purpose and usage of micro! Thanks for your post.
For example, I’d like to run “https://js.wiki/” in a container. They have a docker image but podman should be able to run it from what I’ve read. This would be a wiki for a few people so in this case I’d assume the service would be unavailable at times when the system auto reboots? I don’t see this being a major issues with clusters but I’m sure not everybody is running clusters.
Have a look here: https://docs.requarks.io/install/kubernetes I would suggest playing with Rancher-Desktop on a machine to have a play…
How many cores/ram does the NUC have?
It has a 2 core and 4 threads cpu. https://ark.intel.com/content/www/us/en/ark/products/84984/intel-core-i55250u-processor-3m-cache-up-to-2-70-ghz.html
It has 16G of ram. OS is proxmox and it runs off a nvme and then I have a 2TB ssd for vm/s etc.
So create a 3 node cluster with 1 core and 1GB ram and see how that goes?
Three commands to get this up and running…
helm repo add requarks https://charts.js.wiki helm repo update helm install test-wiki requarks/wiki
Forward the ports in RD and done…
Greetings, thanks for this and I’ll play with this in the lab but I’m really not interested in running clusters. I’m not sure why or how clustering came into this thread. I have a simple nuc that runs multiple vm/s via proxmox. My goal was to start moving everything I could to containers and get rid of vm/s to free up resources. I ran across microOS and thought here’s a OS that auto updates and is inherently more secure due to it being immutable. I think I misunderstood atomic updates vs transactions ones? For some reason I thought I could have a host OS updates itself and not require reboots “often”…then podman or docker could update the containers automatically. The fact it could roll back on it’s own was also awesome …self healing. It seemed like it would free up admin time. I was just interested in a standalone host not clusters…is microOS more geared towards clusters as that seems to be the theme here? I was also curious how people are using it as a desktop vs standard TW or leap…do they use snap packages or flat packages so they don’t have to reboot for just installing a package?
Well you could always look at SLES and Live patching module? I think it moved to clustering because that would negate the need for application downtime while a node is updated/rebooted irrespective of underlying OS. Got any other hardware around you could use as a node, eg RPi’s?
If you have not already joined the SUSE & Rancher Community, I think you would benefit a lot from the information there and many free courses they run?
I already am very familiar with TW so I’d probably just use that. This maybe in the docs…just curious if you know. How often does microOS auto update? Can the scheduled be changed to what I want or turned off all together so I can update it manually so I’m prepared for a reboot. I’d still get the auto rollback and immutable system but have more control. I plan on joining the rancher community as that is something I’m interested in.
Never seen it auto update, but my containers aren’t running all the time… but again it’s the container/application/workload that would need updating/rebooting, so underlying operating system doesn’t need a reboot.
How often does proxmox (I’ve not used it) update and require a reboot?
The underlying OS does need to be rebooted if a update requires it …otherwise it would not be applied. I assume on reboot it merges the changes into the immutable filesystem then marks it immutable again. Have you ever tried to run manually “transactional-update”? If there’s a update that requires reboot it tells you that you must reboot the OS or data might be compromised. I manually did this last night after a fresh install and it told me to reboot. Or install a package “transactional-update pkg install nano” …it has me reboot or otherwise nano isn’t installed. FYI…I found this which says you can control the updates on your schedule. As far as the containers podman or docker should update and that’s outside of the OS and I can control that as well.