Project Description

SUSE IT needs help from fellow geekos with release engineering skills to define the requirements, process, infrastructure, and tools for building an openSUSE-based distribution bundled with SUSE IT-supported application stack. The resulting OS build will be offered as a standard distribution for new SUSE employees in addition to the existing Operating System library.

Goal for this Hackweek

  1. Define requirements (and name) for the build.
  2. Selected features implemented for the MVP.
  3. Define a process for updating the image with the future releases of openSUSE.
  4. Identify and deploy required infrastructure and repositories.
  5. Produce an installable OS image that can be used by volunteers across the company.
  6. Document everything.
  7. Have a lot of fun in the process.

This project is part of:

Hack Week 21

Activity

  • 1 day ago: wfrisch liked this project.
  • 2 days ago: huizhizhao liked this project.
  • 6 days ago: sydsb liked this project.
  • 8 days ago: anthidote joined this project.
  • 9 days ago: anthidote liked this project.
  • 12 days ago: ancorgs liked this project.
  • 16 days ago: gkurel_suse joined this project.
  • 16 days ago: ddemaio joined this project.
  • 16 days ago: ddemaio liked this project.
  • 16 days ago: mpiala joined this project.
  • 16 days ago: dgedon liked this project.
  • 16 days ago: tschmitz liked this project.
  • 17 days ago: Pharaoh_Atem liked this project.
  • 18 days ago: okurz liked this project.
  • 19 days ago: cdywan joined this project.
  • 19 days ago: ccumberland liked this project.
  • 19 days ago: ccumberland joined this project.
  • 20 days ago: cdywan liked this project.
  • 20 days ago: vgrinco joined this project.
  • 20 days ago: lkocman started this project.
  • 20 days ago: RicardoFelipeKlein liked this project.
  • 20 days ago: toe liked this project.
  • 20 days ago: vgrinco liked this project.
  • 20 days ago: mpiala liked this project.
  • 20 days ago: zbenjamin liked this project.
  • All Activity

    Comments

    • lkocman
      20 days ago by lkocman | Reply

      I think we're talking about a spin of openSUSE Leap 15.X with probably some autoyast config to meet requirements from the SUSE IT Policy (encrypted home etc) and some tool initialized on the first boot (Or perhaps SUMA could do that ?) that can pull additional "new" software and deploys configuration changes to clients as needed.

      The first-boot experience should probably connect to suse-guest (or other corporate wifi), pull VPN client and up2date configs, enable local printer discovery, certificates, enable multimedia and preferred browser that works with our web tools, preinstall tools used by SUSE Engineering (and other departments) teams, slack, Evolution with EWS config, etc.

      I know both RH with (CentOS 7.X based CSB) and IBM (with their open client) used to have 3rd party tools that were monitoring installed software, deploy new config changes etc. Perhaps that's something we could consider as well.

      Non-technical users had an option "not to have root password' any sort of management was done from the IT side. Knowing root password meant that you manage the host by yourself.

      The question is also if IT will want to have control about what updates go in as that would probably require some sort of RMT in between.

      • lrupp
        19 days ago by lrupp | Reply

        Looks like you want to explore kiwi's feature set and OBS ability to constantly rebuild the image to me. add-emoji

        Beside the encryption, you might want to have a look at existing images (like the one of the openSUSE heroes) to get a starting point.

        ...I'm just wondering what you plan to do with the rest of the week add-emoji

        • lkocman
          17 days ago by lkocman | Reply

          I personally wanted to play with container images for a quick home mirror enablement :-)

        • lkocman
          17 days ago by lkocman | Reply

          The problem is more with the management after the first-boot. There is a bunch of software in flatpaks etc. What about rancher tools with perhaps custom installers etc :-) There is unfortunatelly more to it than just kiwi tweaks.

      • vgrinco
        19 days ago by vgrinco | Reply

        For encryption I'd make use of the device TPM chip for storing the encryption key, to not rely on people remembering passwords.

        We might also explore options to allow users to select the profile for their machine. E.G. sales, engineering, marketing, etc. and have ansible profiles packaged for each that would apply only specific set of rules, deploy the apps they use, create shortcuts relevant for that particular role, and so on. It would result in a cleaner experience.

        For the bootstrap process, we can prepare a PXE server in given VLANs, which will also guarantee some sort of connectivity for the machine that's being bootstrapped. During the bootstrap process, we might want to consider updating the asset management system with the machine serial number and owner login.

        Agree with the root/no root option, and a mechanism to reset the password to gain full system access for the ones who want to self-manage. We must assume that there will be part of the population who will rely on IT entirely to manage their OS (HR, for example, we want to have as diverse community as possible). Not sure if we'll be able to create a secure, user-initiated mechanism for remote support - we can add that to the backlog to be implemented at a latter stage.

        • lrupp
          17 days ago by lrupp | Reply

          For PXE, please get in touch with our "Core Components" Team. They provide PXE + AutoYaST + some kind of Post-Boostrap process now since >15 years. It's called 'Orthos' and allows also to inventorize a machine automatically.

          For E&I, there are standard PXE services up and running in Nuremberg and Prague as well, including the latest development versions of our distribution. IMHO this should exist in Provo and Prague as well, but I'm not 100% sure there. EngInfra is providing this service.

      • bmwiedemann
        17 days ago by bmwiedemann | Reply

        enable multimedia

        depends on the openh264 work with Cisco, if we want something that can pass legal review.

        Or we need to convince Microsoft & friends to re-design their tools to use open codecs such as VP9/webm or AV1 in Teams.

        We certainly do not want to include those 3rd party Packman repos.

    • lkocman
      17 days ago by lkocman | Reply

      We already build a Corporate Standard build for Datto in OBS (it's Ubuntu based but the requirements would be similar), we might want to add that to our starting points next to image for Heroes.

      https://mysuse.sharepoint.com/sites/OpenSourceCommunityCitizens/SitePages/Past-Events-and-meetings.aspx

    • anthidote
      8 days ago by anthidote | Reply

      I was helping a new joiner who made the masochistic choice of a Thinkpad with an i9 and Intel Onboard GFX + Dedicated NVIDIA GFX. It does not well work on Tumbleweed. It works ok with Ubuntu, so I told him to stick with it and maybe keep on openSUSE as dual boot if he's interested in hacking it.

      Perhaps the most important part of this would be to have IT "certify" or "reccomend" certain laptops for openSUSE. Once a new joiner has made a hw choice like that, there's very little we can realisitically do.

      The same Thinkpad model with a Ryzen + Vega GFX is much, much more stable with TW. In fact it works flawlessly.

      I can share a pdf guide, that I am building for new joiners. Perhaps there are some things that could be used for the image. One thing that could be useful is preloading it with SUSE CA certificates. That would make accessing the LDAP directory and setting up a thunderbird addressbook a bit easier.

      • anthidote
        8 days ago by anthidote | Reply

        https://gitlab.suse.de/suse-support/new-joiners-guide

    Similar Projects

    Extend repomd-parser with appstream data by hennevogel

    Extending [repomd-parser](https://github.com/ik...


    Build Modern Unix Collection by hennevogel

    Get this repo to build without too invasive dis...


    Extend repomd-parser with appstream data by hennevogel

    Extending [repomd-parser](https://github.com/ik...