SUSE yakaburitsa yechitatu prototype yepuratifomu yeALP "Piz Bernina" (Inochinjika Linux Platform), yakaiswa sekuenderera mberi kwekusimudzira kwekugovera kweSUSE Linux Enterprise. Musiyano wakakosha pakati peALP kupatsanurwa kwekugovera kwepakati muzvikamu zviviri: yakabviswa-pasi "host OS" yekumhanya pamusoro pe Hardware uye dhizaini yekutsigira maapplication, ane chinangwa chekushanda mumidziyo nemichina chaiyo. ALP inotanga kugadzirwa uchishandisa yakavhurika yekuvandudza maitiro, mune yepakati kuvaka uye bvunzo mhinduro inowanikwa pachena kune wese munhu.
Yechitatu prototype inosanganisira matavi maviri akapatsanurwa, ayo muchimiro chayo chazvino akafanana mune zviri mukati, asi mune ramangwana ivo vanozosimudzira munzira yenzvimbo dzakasiyana dzekushandisa uye vachasiyana mumasevhisi avanopa. Bazi reBedrock, rakanangana nekushandiswa mumasevha masisitimu, uye Micro bazi, rakagadzirirwa kuvaka makore-enyika masisitimu uye inomhanya mamicroservices, aripo kuti aedzwe. Magungano akagadzirirwa akagadzirirwa x86_64 architecture (Bedrock, Micro). Pamusoro pezvo, zvinyorwa zvegungano zviripo (Bedrock, Micro) zveAarch64, PPC64le uye s390x zvivakwa.
Iyo ALP dhizaini yakavakirwa pakusimudzira mu "host OS" yenharaunda iyo isinganyanyi kukosha kutsigira uye kubata michina. Inokurudzirwa kumhanyisa maapplication ese uye mushandisi nzvimbo yenzvimbo kwete munzvimbo yakasanganiswa, asi mumidziyo yakaparadzana kana chaiwo michina inomhanya pamusoro pe "host OS" uye yakaparadzaniswa kubva kune mumwe nemumwe. Iri sangano rinobvumira vashandisi kuti vatarise pamashandisirwo uye abstract workflows kure neiyo iri pasi system nharaunda uye hardware.
Iyo SLE Micro chigadzirwa, zvichienderana nekuvandudzwa kweiyo MicroOS purojekiti, inoshandiswa sehwaro hwe "host OS". Kune yepakati manejimendi, magadzirirwo ekugadzirisa masisitimu Munyu (pre-yakaiswa) uye Ansible (optional) inopihwa. Podman uye K3s (Kubernetes) maturusi aripo ekumhanyisa midziyo yakasarudzika. Pakati pezvikamu zvehurongwa zvakaiswa mumidziyo ndeye yast2, podman, k3s, cockpit, GDM (GNOME Display Manager) uye KVM.
Pakati pezvinhu zvemamiriro ekunze, kushandiswa kwedhisiki encryption (FDE, Full Disk Encryption) nekukwanisa kuchengeta makiyi muTPM kunotaurwa. Iyo midzi yekuparadzanisa inoiswa mukuverenga-chete modhi uye haichinji panguva yekushanda. Iyo nharaunda inoshandisa atomu yekuvandudza yekumisikidza michina. Kusiyana neatomu inogadziridza yakavakirwa pane ostree uye snap inoshandiswa muFedora neUbuntu, ALP inoshandisa yakajairwa pasuru maneja uye snapshot mechanism muBtrfs faira system pane kuvaka yakaparadzana mifananidzo yeatomu uye nekuisa imwe dhizaini yekuunza.
Pane inogadziriswa modhi yekumisikidza otomatiki yezvigadziriso (semuenzaniso, unogona kugonesa kuisirwa otomatiki kwezvigamba zvekusagadzikana kwakanyanya kana kudzoka kunosimbisa nemaoko kuisirwa zvigadziriso). Live zvigamba zvinotsigirwa kugadzirisa iyo Linux kernel pasina kutangazve kana kumisa basa. Kuti uchengetedze kuponeswa kwehurongwa (kuzviporesa), iyo yekupedzisira yakagadzikana inonyorwa uchishandisa Btrfs snapshots (kana anomalies akaonekwa mushure mekushandisa zvigadziriso kana kushandura marongero, sisitimu inoendeswa kune yakapfuura nyika).
Ipuratifomu inoshandisa akawanda-version software stack - nekuda kwekushandiswa kwemidziyo, unogona kushandisa panguva imwe chete shanduro dzakasiyana dzematurusi uye maapplication. Semuenzaniso, unogona kumhanyisa maapplication anoshandisa akasiyana vhezheni ePython, Java, uye Node.js sekutsamira, kupatsanura zvisingaenderane zvinoenderana. Base dependencies inopihwa muchimiro cheBCI (Base Container Images) seti. Mushandisi anogona kugadzira, kugadzirisa uye kudzima software stacks pasina kukanganisa dzimwe nharaunda.
Nekugadzika, iyo D-Installer installer inoshandiswa, iyo inoshandiswa mushandisi inoparadzaniswa kubva kune zvikamu zvemukati zveYaST uye zvinokwanisika kushandisa zvakasiyana-siyana zvemberi, kusanganisira kumberi kwekugadzirisa kuiswa kuburikidza newebhu web interface. Kuitwa kwevatengi veYaST (bootloader, iSCSIClient, Kdump, firewall, nezvimwewo) mumidziyo yakasiyana inotsigirwa.
Shanduko huru mune yechitatu ALP prototype:
- Kupa Kuvimbika Kwekuita Nzvimbo yekuvanzika komputa, kubvumira yakachengeteka kugadzirisa data uchishandisa yega, encryption uye chaiwo michina.
- Kushandiswa kwehardware uye runtime certification kuratidza kutendeseka kwemabasa ari kuitwa.
- Nheyo yekutsigira yakavanzika virtual muchina (CVM, Yakavanzika Virtual Machine).
- Kubatanidzwa kwerutsigiro rweNeuVector papuratifomu kuratidza kuchengetedzeka kwemidziyo, kuona kuvepo kwezvinhu zviri munjodzi uye kuona chiitiko chakaipa.
- Tsigiro ye s390x yekuvaka mukuwedzera kune x86_64 uye aarch64.
- Iko kugona kugonesa yakazara-dhisiki encryption (FDE, Yakazara Disk Encryption) padanho rekuisa nemakiyi akachengetwa muTPMv2 uye pasina chikonzero chekuisa passphrase panguva yekutanga boot. Yakaenzana rutsigiro rweese encryption yenguva dzose zvikamu uye LVM (Logical Volume Manager) zvikamu.
Source: opennet.ru