SUSECON 2023
From 20.06 to 22.06 the SUSECON took place in Munich. This was the first time since 2020 that the manufacturer's own conference was held in presence again. For well-known reasons, the last three conferences were held as pure online events. Since 28.06, the keynotes as well as many other exclusive presentations that did not make it into the main program for logistical reasons can be viewed as part of SUSECON Digital.
On the occasion of SUSECON 2023, a special was published in the FOCUS ON: Linux podcast. Besides a wrap-up there is also an interview with the SUSE Manager Team - it's worth listening in!
Location
The event took place at The Westin Grand Munich. After having participated in the online event the last years, this was the first time I participated on-site.
Approximately 500 attendees had a choice of 83 presentations and workshops, as well as the opportunity to take free exams. The online event complemented another 67 sessions. There was no app to orient the individual venues, an individual agenda could be compiled via the SUSECON portal. For logistical reasons, it made sense to book interesting sessions in advance - otherwise they were fully booked. Unfortunately, the timeout of the portal was quite low and it did not save any access data - at least on my smartphone: frequent entering of access data was the result. Here, a native app or more user-friendly website would have been beneficial.
In a small store on site the usual merchandise could be bought. So there were shirts, polo shirts, jackets, stickers, socks and other swag. In the exhibition area there were booths of the respective products (among others SUSE Manager, MicroOS, ALP), which were supervised by experts, in addition to manufacturers and partners. Here one could submit direct technical feedback and have interesting discussions.
Keynotes
Usually the keynotes are preceded by new music parodies by the SUSE Band - and that was also the case this time. If you don't know the Playlist of all parodies yet, you should definitely play them (especially Uptime Funk, Paint it Green and Kubernetes are highly recommended!). As many as 5 new songs were featured, 4 of which made it into the playlist:
- Are You Ready for Rancher ("Volbeat - A Warrior's Call")
- Free Software ("Tom Petty and the Heartbreakers - Free Fallin'")
- Where Open Source Grows ("Led Zeppelin - The Immigrant Song")
- SUSE Safe and Sound - ("Taylor Swift - Safe and Sound")
At the evening event of the second evening the SUSE band also live could be seen.
SUSE can't escape the omnipresent AI hype either, but is pursuing it less aggressively than other vendors. So CEO Dirk-Peter 'DP' Van Leeuwen spoke in the first keynote, "The power of open collaboration," primarily about customer-centric innovation and the strong partner ecosystem that must continue to be nurtured. AI would be in focus, avoiding vendor lock-in is also one of the main goals. Three Customer Success Stories from BMW, Orange and SAP were outlined.
According to Van Leeuwen, customers particularly appreciate the high configurability and the integration of third-party products. In order to be even closer to customers in the future, SUSE is planning a restructuring. In the process, open source communities are also of enormous value in shaping valuable enterprise products.
The second keynote, "Offense and Defense: playing to win in open-source innovation", focused primarily on SUSE's current and upcoming product portfolio. Thus Ivo Totev (Chief Innovation Officer) and Dr. Thomas Di Giacomi (Chief Technology and Product Officer) talked about a second wave of digital transformation that is currently taking place, which requires both defensive and offensive strategies of innovation. With SLES 15, SUSE Manager, Trento, NeuVector, Edge 2.0 and Rancher AI Insights, tools were presented that can support this. With ALP (Adaptable Linux Platform), a preview of the next generation of Linux distributions was given (more on this later!).
A cooperation with Orange, various telco companies and the Linux Foundation Europe resulted in the Open Source Project Sylva. This promotes the collaborative development of a modern telco stack consisting of Automation, ServiceMesh, OpenRAN and Edge. Rancher, NeuVector, and immutable operating systems are among the technologies used.
Vojtech Pavlik (GM Business-Critical Linux) reiterated the product portfolio for particularly critical workloads, such as SAP, in another keynote "Business-Critical Linux - Limitless Innovation". SUSE Manager, for example, supports a wide range of non-SUSE distributions. Starting with SLES 15 SP5, there is full support for Confidential Computing, which is particularly interesting for shared infrastructure such as clouds. Kernel Live Patching and HA cluster capabilities round out the offering. A brief outlook was given on upcoming collaborations with Microsoft and DELL, which are intended to advance the topics of automation and AI.
In keeping with the current sustainability buzzword, there was an interesting guest article by Leilani Müller with "Shifting Gears for Life on Earth". Müller was a professional race car driver and describes herself as an environmental and animal rights activist. She used the keynote to raise awareness of environmental and species protection. She emphasized the need for a mobility turnaround and electrification - sad facts ("50% of species will be extinct in 100 years ") gave her arguments the necessary emphasis. Many participants felt that this lecture was out of place, which I cannot share. The topic is more topical than ever and must be brought to the center of attention, even if painfully so.
I found the keynotes interesting - also because SUSE knows other topics besides AI and actually had a fitting contribution to the topic of "sustainability". That is refreshing, because other manufacturers also write the topic on the flag, but obviously do not want to deal critically with the topic.
SLE Micro / ALP
Since 2021, there is with SUSE Linux Enterprise Micro already a so-called immutable operating system, which was designed primarily for running containers and is distinguished by lightweight from other distributions. The distribution is deliberately not designed for classic data center workloads (SAP, database clusters, etc.), but for workloads remote from the data center (edge, container host). In addition to embedded ARM hardware, x86 and IBM Z systems are also supported. The operating system is so lean that even old familiar tools, like YaST are missing. To simplify container networking, NetworkManager is used instead of wicked. Thanks to userland and kernel live patching, systems can be operated longer without rebooting, which should be especially valuable for critical SLAs.
Immutable also means that the file system, with the exception of /etc (here an overlay is used) and /tmp, is in principle read-only mounted. In conjunction with the Btrfs file system, updates are installed exclusively in snapshots. This has the significant advantage that previous states can be booted and bugs can be fixed faster. Updates are installed via the transactional-update command instead of zypper and are available after a reboot. In case of an error the created snapshot is simply removed again.
New SLE Micro versions are released semi-annually and supported for 4 years - except for new major versions, which are maintained for only one year. The next version 5.5 is scheduled for the second half of the year. The extension does not necessarily stand for the underlying service pack version, which might confuse especially beginners:
| SLE Micro | Release date | Based on |
|---|---|---|
| 5.0 | 30.03.2021 | SLE 15 SP2 |
| 5.1 | 26.10.2021 | SLE 15 SP3 |
| 5.2 | 14.04.2022 | SLE 15 SP3 |
| 5.3 | 25.10.2022 | SLE 15 SP4 |
| 5.4 | 20.04.2023 | SLE 15 SP4 |
| 5.5 | H2 2023 | SLE 15 SP5 |
Since September 2022, there has been a first prototype for the next generation of SUSE distributions with ALP (Adaptable Linux Platform). ALP is also designed to be immutable and is intended to form the basis for SLE Micro 6.0, which is planned for spring 2024. At this time also a successor for the classical SLES is to be announced. This successor does not yet have a concrete name.
ALP was designed with an even smaller footprint - workloads, such as YaST or web servers, are consistently executed in containers, which can then be self-updated and restored in case of failure. In addition to FDE (Full Disk Encryption*), SELinux and Confidential Computing in particular are intended to provide more security. The latter encrypts CPU register and memory contents, which seems especially useful for cloud workloads. Instead of YaST, Cockpit is used by default, and the Agama Web Interface, which is based on Cockpit, is used for installation (formerly SUSE D-Installer).
In the meantime, there is already one more prototype (0.7 and 0.8) and another one is about to be released. I recently participated in a hackathon to get a first impression of the product. Unsurprisingly for an alpha software, a lot of things are not round yet, but the concept is interesting and I am curious to see what will become of it in the future.
SUSE Manager / Uyuni
Since I work very intensively with SUSE Manager and am also part of the Uyuni community, the roadmap were most exciting for me. Contrary to initial expectations, there will likely not be a 4.4 version of the system management software. The effort was scrapped in favor of a new major release 5.0. Instead, version 4.3.6 was released on the first day of the conference.
In this Salt was updated to version 3006.0 - the first LTS version after restructuring of the project. This coincides with the plan to support SUSE Manager 4.3.x until July 2025. The version will still remain on SLES 15 SP4, even though SP5 has already been released. Later updates (e.g. 4.3.7) could change this. In addition to SLES 15 SP5, the newly supported client operating systems include openSUSE Leap 15.5 and SLE Micro 5.4.
One of the highlights is the ability to more easily deploy PTFs (Program Temporary Fixes) now. These are mainly provided by support when bug reports have been created and a fix needs to be tested. PTFs that have been successfully tested by customers will later be made available in the update channels. Until now, RPM files had to be downloaded manually from a SFTP server and installed. Now PTFs can be synchronized as a software channel. SUSE Manager itself is excluded from this - here PTFs still have to be downloaded manually.
Recurring salt states can now be configured more granularly. Optional SUSE Software channels can now be synchronized via the web interface and API. Grafana has been updated from version 8.5.20 to 9.5.1. Prometheus and Node Exporter updates mainly fixed numerous CVEs. To my delight, I also discovered that one of my PRs made it into the documentation.
More details can be found in the release notes.
A preview of what the future SUSE Manager 5.0 might look like was given by Cedric Bosdonnat (Senior Software Engineer) and Miguel Pérez Colino (Director of Product Management & Engineering for SUSE Manager) in their presentation "Modernizing your apps: An example of how to bring Uyuni server to Kubernetes using k3s".
It was explained that code modernization requires a lot of time. Uyuni is based on the 2008 first released Spacewalk project and currently contains mainly a lot of OpenJDK 11 code, which will be successively updated to version 17. Through the analysis tool Windup, more challenges came to light. For example, in many places there are strict dependencies on the hostname of the executing system or shared files. The project has already gained initial experience with such migrations in the past. Containerized proxy servers for satellite sites are already fully supported since SUSE Manager 4.3.2 (October 2022).
In the future, maintaining SSL certificates will move to the ingress level of the container stack. It was demonstrated that Uyuni can already be run as a large single container via Podman. One of the next goals is to decouple the services it contains (Apache, Tomcat, PostgreSQL, etc.) into individual containers to enable better scaling and operation via a Kubernetes distribution. In addition to k3s, RKE2 is also to become a conceivable target platform.
SUMA 5.0 is expected to be released in July 2024 - only container-based setups will be supported. A direct upgrade will, as with the upgrade from 3.2 to 4.0, not be possible. Rather, a new system will be provided in parallel, which will then - controlled via a script - take over the old data.
During the presentation TUT-1117 - Integrating SUSE Manager with Ansible I had the honor to present a self-developed Ansible-Collection for SUSE Manager and Uyuni. This allows to install the tools automatically and to configure them reproducibly. Also, it is possible to start some of the tasks that can be triggered via GUI or API (install patches/packages, trigger OpenSCAP scans) via Ansible.
The advantage is obvious: users who already use Ansible for maintenance tasks can now also automate the installation of patches. A Dynamic Inventory simplifies the selection of affected hosts.
Feedback, ideas and bug reports are always welcome!
Rancher
With Rancher Prime AI, an extension under development was presented by Sanjay Nadhavajhala (Engineering Manager AI & Observability) in one of the keynotes, which strongly reminds of ChatGPT. Also implemented as a chat bot, it has knowledge of the Rancher instance and can provide contextual support for debugging or knowledge building. Logs can be analyzed under the menu item "AI Insights". As a result, a concrete recommendation (e.g. "upscale busy containers ") is issued. The demonstration was interesting, but less spectacular than the title promised, but this may be mainly due to the early stage of development. Further updates should add new features.
In the presentation "Introduction to Rancher Desktop" Dwain Sims (Sales Engineer, SUSE) and Collin Griffin (Chief Engineer, Krumware) introduced the desktop application Rancher Desktop, which I have not dealt with before.
This is an application to be able to work as easily and quickly as possible with a lightweight Kubernetes. The look and feel is strongly reminiscent of Docker Desktop or Podman Desktop, which should make it easier to get started. Compared to the aforementioned tools, however, not only a container engine, but a slim Kubernetes is provided in a desired version. Besides Linux, macOS and Windows are also supported. While WSL2 is used on the latter, a VM is created on macOS and Linux using Lima and QEMU, respectively. In this, containerd or dockerd and k3s are then installed. Docker Extensions, such as Logs Explorer can be conveniently selected in the UI.
A development workflow was demonstrated using VSCode and Skaffold in addition to Rancher Desktop for quick testing of developed code.
Networking
The main reason why I attend conferences is to meet people that you can't meet otherwise. Especially with international conferences, it's a nice side effect to be in the same time zone for a change. Networking was possible at any time - there was no special app for it, but the smaller number of participants allowed to exchange ideas easily. At the evening events it was easy to make new contacts.
One of the reasons for me to go to SUSECON was the option to meet the SUSE Manager Team. I have been attending the Uyuni Community Hours since the beginning and have met many exciting people there. It's a small, but very open-minded and open community - and so turning virtual acquaintances into physical ones was a must. So we had the opportunity to meet Cedric Bosdonnat, Don Vosburg, Miguel Pérez Colino and Ricardo Mateus. We were even able to record an interview with Miguel and Don at a late hour - it was endless fun!
Emiel Brok (Service Sales Specialist) and Niki Kostova (Global Social Media Manager) were looking for exciting interviewees for short interviews, which were then published on social media platforms - here too we had a lot of fun.
By chance, I had the honor to participate, together with Andrew Wafaa (Senior Director, Software Communications & Fellow, Arm Ltd.) and Abdeldjalil Derraschouk (ERP Technical Manager, Sonatrach), in the business panel "[BDM1504] - No Weak Links: How to Fortify Your Ecosystem". The goal of the conversation was an interactive exchange with different perspectives on the topic of "IT Ecosystem". For example, Andrew primarily described his experiences from a vendor perspective, while Abdeldjalil spoke from a customer perspective. My employer is both a partner and contributor in the OSS space. It was a very interesting talk and the first panel for me to attend.
Thanks again to Rachel Cassidy (SVP Global Channels) and Ton Musters (Senior VP Channel & Cloud EMEA, APJ & GC) for this great opportunity!
Conclusion
I enjoyed the conference very much! Especially the networking with participants and developers was extremely valuable. The variety of topics was great - I haven't worked through my SUSECON Digital backlog yet. The next few months should be exciting around the ALP and SUSE Manager projects. I am already looking forward to the next SUSECON.