https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# k3s
a
This message was deleted.
b
r
thank you.
I'm just trying to compile a kernel-module against the correct SLE Micro kernel...
b
Good luck! 🙂
r
yikes
b
I haven't done this at all with SUSE, but in my experience, kernel mods were always hit or miss.
And I've had more misses with immutable than I have with traditional.
But if you've already built packages for immutable SUSE stuff I'm sure you'll be fine.
r
well, that's the thing. I've done it with CentOS 8 but we're trying to move to SLE Micro .. and finding the kernel is like where's waldo.
b
Ah ok.
The difference is that it's not like a traditional deployment.
This is more like RHCOS or FedoraCoreOS.
r
usually it's as simple as 
<package-manager> install kernel-devel
b
It's not
r
(in CentOS world, that is).. but in transactional-update world...
not easy
b
Yeah the similar toolset from that side would be 
rpm-ostree
r
ahhh, ok
b
For sure your kernel mod isn't available in any of the repos?
r
We actually develop custom hardware drivers.
b
ahhh
Well...
There's certainly a new level of complexity you're adding by choosing an atomic/immutible deployment.
r
right, for sure. We have large fleet deployments so an immutable OS is nice for that sort of thing when once the primary image is created it's just cloned all over the place.
making that primary image right now is where it's difficult.
b
The SLES (not immutable) is going to be closer to that CentOS 8 experience you currently have
r
right.. but we need tiny.
b
Otherwise, you're going to need to figure out how to containerize your kmod, sign it, and package it with the SLE Micro stuff too.
Size-wize, it's not that different.
It's just how the system ships the binaries.
r
yeah, we are signing everything. SecureBoot is a big requirement. Ok, this is helpful.
We've also been looking into Elemental as a solution because at the end of the day we are running k3s on these things.
b
Actually a traditional deployment should technically save a little space because you don't have the container overhead.
But there are other benefits to doing immutable.
Just kmod development adds that layer of container packaging.
It's not like you can just dump it to a folder and call it signed, you're gonna have to package it in an overlay.
So you don't lose the changes at boot.
You MIGHT be able to set the module path to persist through reboots instead.
But this kinda defeats the purpose of immutable hardening.
Particularly since this is the kernel space.
r
i see, ok, very good info.
b
Lastly, I've really liked working with Elemental and would easily recommend it for getting k3s stuff up and running. Anyways, I need more coffee. I hope that helped.
r
thank you so much!
b
np
Oh! I guess you could do something like an akmod?
Build the module at boot and launch it?
r
hmm... not a bad idea.
b
That would work.
boots would take slightly longer, but with servers they always do anyways.
alright. coffee.
good luck
Open in Slack
PreviousNext
Powered by