SUSE published The first prototype of the platform Alp (Adaptable Linux Platform), positioned as a continuation of the development of the distribution of SUSE Linux Enterprise. The key difference between the new system is the separation of the basic base of the distribution into two parts: the cut “Host OS” for work on top of the equipment and a layer for supporting applications, focused on launching in containers and virtual machines. Assemblies prepared for architecture x86_64.
The idea is to develop the minimum environment necessary for support and control of the equipment in Host OS, but to launch all applications and components of the user space not in a mixed environment, but in separate containers or in virtual machines performed on top of Host OS “and isolated from each other. Such an organization will allow users to focus on applications and abstract work processes, separating them from low -level systemic environment and equipment.
The basis for “Host OS” is involved in the product Sle micro, based on the developments of the project microos . For centralized management, SALT configuration control systems are offered (preinstalled) and ANSIBLE (option). To launch insulated containers, tools podman and k3s (kubernetes). Among the system components included in containers are Yast2, Podman, K3S, Cockpit, GDM (Gnome Display Manager) and KVM.
The use of the default discount encryption (FDE, Full Disk Encryption) with the possibility of storing keys in TPM is mentioned. The root section is mounted in mode only for reading and does not change during operation. Surrounded by an atomic installation of updates is used. Unlike atomic updates on the basis of Ostree and Snap, used in Fedora and Ubuntu, in the ALP instead of building individual atomic images and deploying additional delivery infrastructure, a full -time package manager and snapshot mechanism in FS BTRFS.
The basic concepts of Alp:
- Minimization of the user intervention (Zero-Touch), which implies the automation of the main processes of escort, deployment and settings.
- Automatic maintenance of security and the location of the system in current condition (Self-updating). There is a configuable mode of automatic installation of updates (for example, you can turn on the car installation of only corrections of critical vulnerability or return to manual confirmation of the installation of updates). To update the Linux nucleus without restarting and suspension of work, Live Patchi are supported.