Last Tuesday, one of the SUSE Linux Expert Days 2018 events was taking place in Frankfurt. Every year, SUSE arranges plenty of those events in order to update customers with talks and demonstrations about new products and updates. Instead of less events with bigger audience, 80 regional events are arranged to keep attendance manageable and promote individual discussions. To answer questions, experts were available anytime. This year, the event's topic was "Open. Redefined. Open is more than just code.".

Back in 2015, I visited such an event for the last time - so there was a need for me to update. 🙂

Agenda

The agenda consisted of plenty interesting talks:

• Keynote - Open. Redefined. Open is more than just code - Michael Jores, Regional Director Central Europe
• Container as a Service - Carsten Duch, Sales Engineer
• SUSE OpenStack Cloud - Carsten Duch, Sales Engineer
• SUSE Enterprise Storage - Ulrich Rüße, Sales Engineer
• SUSE Manager - Jörg Bunse, Sales Engineer
• SUSE Enterprise Linux / Mission Critical Computing, Jörg Bunse, Sales Engineer

SUSE CaaS

With SUSE CaaS (Container as a Service), a new product for entering the cloud-native market was introduced last October. As you might guess, this product mainly focusses on containers and microservices - and how to deploy and scale them efficiently. In this scenario, Kubernetes and additional management tools such as Helm are used. Helm is considered as a kind of package manager for Kubernetes that can be used to install and manage extensions (also called Helm charts). Helm is a server-client application - the appropriate server component is called Tiller.

From a technical perspective, version 2.0 released in November 2017 is based on Kubernetes 1.8.7 (current version: 1.9.3) and also comes with a container registry and offers SUSE-customised container templates for applications such as MariaDB.

One of the central product components is SUSE MicroOS which is considered as minimalistic operating system for containers and microservices. It has a very low footprint and was optimized for mass deployments. In comparison with fully-featured SUSE Linux Enterprise Server installations there are a lot of differences:

• Mininmal software set
• Instead of cron, systemd timers are used
• Btrfs is the only file system
• AppArmor is fully supported while SELinux is still under consideration

It is installed on a physical or virtual host to run containers. Operating system updates are maintained in an atomic manner - it is a kind of incremental update. Im comparison with conventional RPM or Delta-RPM updates, OSTree is used. Using this mechanism, maintenance time is reduced massively by synchronising versioned and immutable file system trees. After an update, a pointer is changed to enable loading the new file system tree during the next container boot. This also simplifies rollbacks as only a pointer needs to be changed.

Currently, SUSE CaaS supports up to 250 cluster nodes. Configuration cluster nodes is automated using Salt and cloud-init - enabling larger system landscape deployments within minutes. cloud-init is a Canonical utility that configures new systems during the first boot - it configures SSH, mount points and the network. For system management, a dashboard is installed on an admin node - it is used for managing Kubernetes masters and workers.

For the upcoming version 3.0, smaller container images, and HA setups and single-node installations are planned. Newer product versions are considered to be based on SUSE Linux Enterprise Server 15 and offer an optimised dashboard. The support cycle is planned for at least 3 years.

SUSE OpenStack Cloud

As SUSE CaaS focussed cloud-native designs, it is not suitable for conventional (s_ilo_) workloads. For this purpose, OpenStack represents the appropriate cloud computing architecture. Using this, highly-available private clouds with mixed hypervisors are deployed in an automated manner. From a technical perspective, an OpenStack landscape consists of:

• Admin Server
  • Offers web interface for system management
  • Servers DHCP, TFTP and Chef
  • OpenStack nodes are deployed automatically using Crowbar
• Control Nodes
  • Executes management tasks
  • Servers dashboard, templates, message queue and identity information
• Compute Nodes
  • Runs virtual machines, XEN and KVM are supported
• Swift Storage Nodes
  • Servers object storage via Swift, e.g. using SUSE Linux Enterprise Storage

OpenStack can be configured for high availability. In this case, appropriate VMs are fault tolerant using Pacemaker and Corosync. In comparison with manual OpenStack installations, SUSE OpenStack Cloud offers automated configuration. In addition to that, the product also comes with handy management and monitoring options. For example, a fully-featured ELK-Stack (Elasticsearch, Logstash, Kibana) and Grafana can be installed on a dedicated node.

The current version 7.0 is based on OpenStack Newton (2016.2). There are always two OpenStack versions between two SUSE OpenStack Cloud releases.

In 2018, the next version 8.0 based on OpenStack Pike (2017.2) is planned. This version might be based on SLES 12 SP3 and supports SDN (software-defined networking) along with NSX-V, NSX-T and Cisco ACI. In addition to that, capacity, performance and tenant monitoring are planned. The support lifecycle should be at least 3 years.

OpenStack Cloud 9.0 based on OpenStack Rocky is planned for 2019. For this release, SLES 15 is used as base offering more scalability.

SUSE Enterprise Storage

With SUSE Enterprise Storage, a SDN product (Software-defined Storage) has been offered for a couple of years. This product is supposed to enable faster scalability and reduce average storage costs heavily by utilising state-of-the-art hardware rather than conventional storage systems. Is is based on the distributed storage solution Ceph and therefore offers iSCSI, NFS and AWS-compatible S3 object storage. A typical Ceph installation consists of different server types:

• Storage / Infrastructure Nodes
  • Serve state-of-the-art storage devices (hard drives, SSDs) as object storage (OSD)
  • Separate 10G/40G networks recommended
• Monitor Nodes
  • Monitor integrity and ensure high availability
• Administration Node
  • Server for cluster management

The advantage of SUSE Enterprise Storage in comparison with manual installations is that complexity is reduced heavily by automated configuration. For this purpose, the DeepSea framework was developed. It fully configures appropriate servers and product components (Prometheus, Grafana, openATTIC) using Salt. With openATTIC a graphical configuration utility is served that can be also used to monitoring performance per node.

The current version 5 was released on 11/24/2017.

The upcoming version 6 should be based on Ceph Mimic, SLES 15 and CaaS. Beside asynchronous iSCSI replication, also SNMP, snapshot management and a CIFS/Samba gateway is planned. For the first time, non-SUSE RBDs (RADOS Block Device) and RBD client cache are considered to be supported.

Version 7.0 might be based on Ceph Nautilus and integrate into Kubernetes. Beside IPv6, also CephFS  directory quotas should be supported. As highlights, data deduplication and cluster-wide dashboards are planned.

SUSE Cloud Application Platform

With Cloud Application Platform, SUSE enters the Cloud Foundry market. The multi-cloud PaaS solution (Platform as a Service) is mainly used in agilen software development and operations teams in order to develop cloud native applications in a standardised and automated manner.

Cloud Foundry offers a beautiful multi-tenant dashboard that can be used to request resources of any kind (applications, load-balancers, containers,...). For this, fast deployment, scalability and hiding complexity is key. The platform focusses cloud-native applications and therefore offers plenty optimised runtimes for numerous programming languages, e.g. Java, Node, Go and Python. Beside bare metal machines and well-known hypervisors (XEN, KVM, vSphere, Hyper-V) also OpenStack private clouds and some public clouds (AWS, Azure, Google Cloud Platform) are supported.

From a technical perspective, SUSE Cloud Application Platform also makes use of Kubernetes in order to automate and standardise container deployment.

The advantage of using SUSE Cloud Application Platform rather than manual Cloud Foundry installations is that system landscapes can be implemented very fast. The appropriate components are deployed in an automated manner dropping the need of getting into all the details. If you're already using SUSE CaaS and/or SUSE Enterprise Storage and want to go for Cloud Foundry, SUSE Cloud Application Platform might be a good solution.

SUSE Manager

Regular readers of my blog might know that I was focussing a lot on Spacewalk and their enterprise pendants Red Hat Satellite 5 and SUSE Manager. So of course, I was very interested in updates of this product. Basically, SUSE Manager is an add-on for SLES that needs to be licensed separately. Even though the user interface is quite comparable to the upstream project, there are a lot of technical differences:

• For configuration management, Salt is used
• Oracle database support was removed, PostgreSQL is the only database provider
• The jabber server's database backend used by OSA Dispatcher (Open Source Architecture) was migrated from Oracle Berkeley DB to SQLite
• Spacewalk's monitoring was removed, SUSE offers Icinga 1.x packages enabling installing an Icinga instance on a dedicated server

Since the release of SUSE Manager 3.0 in April 2016, things have changed a lot. Some of the updates of the current version version 3.1.4, released on 01/18/2018, are:

• Support for SUSE Linux Enterprise Storage 5, SUSE OpenStack Cloud Continuous Delivery (Jenkins) and SUSE CaaS (Kubernetes)
• Managing SLES-based containers
• Migrating PostgreSQL 9.4 to 9.6
• IPMI management of Salt Minions (power management, reboot,...)
• Salt configuration management is now fully supported
• Web interface was overhauled

For the upcoming version 3.2 visualising configuration drifts is planned. Another feature might be ELK-based (Elasticsearch, Logstash, Kibana) monitoring and log management sein - I'm really interested in this. Without a doubt, the legacy Spacewalk monitoring was really inflexible and the optional Icinga alternative rather sounded like a workaround or interim solution to me. With Icinga2 it would have been possible to implement a way more flexible and feature-rich monitoring solution.

Spacewalk was the upstream project for Red Hat Satellite 5, since version 6 the product is based on the Foreman and Katello projects. Since then, developments slightly stagnates - at least it looks like this to me. SUSE has been one of the top project contributors for years - the improved web interface released in 2014 was mainly driven by SUSE. I really appreciate the integration of Salt in SUSE Manager - I'd love to also see this in the official Spacewalk project.

SUSE Linux Enterprise Server

Even though the most talks focussed on additional products, there were still some news around the operating system and main product.

The current SLES 12 service pack SP3 was released on 11/30/2017. For the third or fourth quarter of 2018, SP4 is planned. This SP should enable using new hardware and update module content in accordance with their lifecycle. In the last quarter of 2018, SP5 is planned as last service pack for SLES 12.

The next major version will be named 15. Versions 13 and 14 are skipped because they are considered as unlucky numbers in western and eastern cultures. Currently, there is a third release candidate that can be downloaded from the SUSE webseite.

SLES 15 will be released in the first or second quarter of 2018. In comparison with the predecessor, there are no dedicated images for SLES, SLES for SAP Applications and SLED (SUSE Linux Enterprise Desktop) anymore. It comes with an unified image that can used for containers, physical and virtual systems. The new version is considered as IoT-ready and offers plenty of new libraries and software versions:

• Linux kernel 4.12
• TLS 1.3
• OpenSSL 1.1
• GCC 7
• Gnome 3.26
• Python 3.x is the default (SUSE reserves removing Python 2.x from the product cycle)
• chrony replaces ntpd (as it is faster and more accurate)
• firewalld replaces SUSEFirewall2
• Wayland is the default display server on x86_64

Especially the new Linux kernel might be interesting. It offers two new IO schedulers: BFQ I/O and Kyber I/O. While BFQ I/O is considered to enhance desktop performance, Kyber I/O has a minimalistic design and focusses on multiqueue devices. Another update was applied to DRBD (Distributed Replication Block Device) which now supports three-way replications.

For the first or second quarter of 2019, the first service pack for SLES 15 is planned. This service pack will enable additional new hardware (e.g. for NVDIMMs) and also offers a FIPS 140-2 certification.

With SUSE Hawk (High Availability Web Konsole), a very useful web interface for managing Pacemaker clusters is offered. This tool is based on Twitter Bootstrap 3 and Ruby on Rails and is part of the High Availability add-on. In a demonstration, some of the features were presented; Pacemaker resources can be created, customised and removed very easily. For creating new resources, helpful assistants were implemented.

Conclusion

For me, this event was very useful to keep me informed about the latest product updates - things have changed a lot in the last three years. I also appreciate the smaller audience as it promotes interactive discussions and networking. I enjoyed the interesting talks.