Microsoft Linux CBL-Mariner

This post is a two part series on the CBL-Mariner Linux. If you’re interested just in the installation you can skip this part and switch to Part 2.

It was a very well known fact that Microsoft and Linux doesn’t sync for many years. Gone are those days when we couldn’t even come up with Microsoft and Linux together in a sentence. Former Microsoft CEO Steve Ballmer (in)famously branded Linux “a cancer that attaches itself in an intellectual property sense to everything it touches” back in 2001. Fast forwarding to 2021, news says that Microsoft quietly released CBL on its GitHub and it’s released as open-source. Anyone can use it, build it, edit it & reuse it fulfilling the four essential freedom of Free software foundation.

Microsoft’s stance about open-source has also changed over the years. There have been signs on Microsoft embracing Linux for quite sometime. The Windows Subsystem for Linux (WSL) initially released in 2016 and later came up with a stable release WSL2 in 2019 is an evidence of that. The constant rise of cloud and edge computing has increased the dominance of Linux. Their surprising acquisition of GitHub back in 2018 was another strategic motion towards accepting OSS/FOSS model.

In this blog, we’ll discuss about Microsoft’s Linux (distro)? CBL-Mariner. IMHO it doesn’t qualify for being called as a distro. We’ll see why?

CBL-Mariner is a Linux developed by the Linux System Group at Microsoft, the team behind the WSL compatibility layer. The CBL part of its name stands for Common Base Linux. It is fully open-source & built for powering Microsoft’s Azure Edge services. Although Microsoft stated that it’s an internal distribution for managing their Edge infrastructure, the entire project is available publicly via GitHub. It’s a minimal and lightweight Linux that users can use as a container or container host. CBL-Mariner proves that Microsoft is on the right track when it comes to free software and Linux. The company that once stood steadfast against its open-source rival has seemingly come to terms with the changing reality of the IT industry. Let’s see what the future holds for this new strategy.

“This initiative is part of Microsoft’s increasing investment in a wide range of Linux technologies, such as SONiC, Azure Sphere OS and Windows Subsystem for Linux (WSL). CBL-Mariner is being shared publicly as part of Microsoft’s commitment to Open Source and to contribute back to the Linux community,”

CBL-Mariner GitHub pages

Looking into this release strategically, CBL-Mariner has similarities in concept and philosophy with Amazon Linux which is explicitly used in AWS. Microsoft might have thought in the same direction for use in Azure. Another aspect to look is that, RedHat’s CoreOS was deprecated in May 2020. CoreOS also known as Container Linux is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and scalability. which was predominantly used in Microsoft Azure. This led Microsoft to look for an alternate Linux which they controls rather than from other enterprise Linux players. Having said that, we’ll wait and see the adoptability of CBL-Mariner.

Whether deployed as a container or a container host, CBL-Mariner consumes limited disk and memory resources. The lightweight characteristics of CBL-Mariner also provides faster boot times and a minimal attack surface. By focusing the features in the core image to just what is needed for our internal cloud customers there are fewer services to load, and fewer attack vectors. When security vulnerabilities arise, CBL-Mariner supports both a package-based update model and an image based update model. Leveraging the common RPM Package Manager system, CBL-Mariner makes the latest security patches and fixes available for download with the goal of fast turn-around times.

Microsoft uses it as the base Linux for containers in the Azure Stack HCI implementation of Azure Kubernetes Service. It’s also used in Azure IoT Edge to run Linux workloads.

Now, we talk explicitly on the CBL-Mariner. what are the features of it? how to install it? etc. in the part 2 of this series.

Microsoft Linux CBL Mariner – Part 2

This post is the part 2 of the CBL-Mariner blog series. If you’ve not read Part 1 yet please do so here.

CBL-Mariner philosophy is you only need a small core set of packages(RPM Based) on top of CBL core to address the needs of cloud & edge computing.

What’s in it?

It shares major components from,

  • VMWare’s Photon OS project for SPEC files
  • The Fedora Project for QT, DNF etc
  • Linux from scratch for SPEC and for simplified installation
  • Open mamba for SPEC files
  • GNU FSF Core compilers and utilities
  • And finally requires Ubuntu 18.04 as the build environment to create CBL mariner binaries and to bake an ISO

How to install it?

CBL-Mariner is open source released under GNU GPL, LGPL, MIT License & Apache License.

  • It has its own repo under Microsoft’s GitHub organization.
  • No ISOs or images of Mariner are provided
  • The repo has instructions to build them on Ubuntu 18.04.
  • It can be deployed on VMware, Hyper-V or Virtual Box
  • It doesn’t include Desktop aka GUI

How does it look like?

  • Its completely based on command line(CUI)
  • Boots very quickly due to light-weight nature
  • Runs with very minimal or nominal memory foot print
  • CBL-Mariner package system is RPM-based
  • The package management system uses both dnf and tdnf (Tinydnf)
  • It has two package repositories, base and update
  • Around 3300 packages are available between both repositories.

How does it operates?

Apart from DNF CBL-Mariner also supports an image-based update mechanism for atomic servicing and rollback using RPM-OSTree, rpm-ostree is an open source tool based on OSTree to manage bootable, immutable, versioned filesystem trees. The idea behind rpm-ostree is to use a client-server architecture to keep Linux hosts updated and in sync with the latest packages in a reliable manner.

This is not a regular Linux distro that you think, which you’ll try to install on the hardware or as a virtual machine and install necessary applications on it and start using it like you use Ubuntu, Fedora, Arch etc. No matter if you’re a professional developer, sys admin or a mere hobbyist, you can easily build custom CBL-Mariner images and play around. However, If you’re not a faint hearted person and have previous exposure to Makefiles, Make command, rpm build and Linux proficiency it’ll be easy for you. There are prerequisites listed in it’s GitHub page that roughly include Docker, RPM tools, ISO build tools and Golang, amongst others to setup an environment on Ubuntu 18.04(recommended) for building an ISO.

Finally, how do you use it?

CBL-Mariner doesn’t have any ISO image available by default. The GitHub page provides a quick start guide to build an ISO. There is another description which provides details on building a custom CBL-Mariner ISO and/or image.

There are couple of prerequisites needed to build your ISO. First thing we require is an Ubuntu 18.04 system. As per the GitHub pages of CBL-Mariner all the requirements are tested and validated for Ubuntu 18.04.

We’ll now check on the quick start guide as an initial step and if you’re interested to do a custom build you can do so. Quick build will take approximately 20 to 30 minutes and a custom build has taken a little over 3 hours.

I’ve tested this build in AWS with a t2.medium EC2 instance having 50 Gig disk. I have bumped up to 50 Gig because I build the quick one as well as the custom image. Custom build requires rpm packages to be rebuild and it’ll consume some space in your file system.

# Install required dependencies.
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage python-minimal bison gawk parted gcc g++

# Recommended but not required: `pigz` for faster compression operations.
sudo apt -y install pigz

# Install Docker.
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
$ sudo usermod -aG docker $USER

# I've explicitly installed golang from the tar ball
$ wget https://dl.google.com/go/go1.16.7.linux-amd64.tar.gz
$ tar zxvf go1.16.7.linux-amd64.tar.gz
$ sudo mv go /usr/local/bin
$ export GOROOT=/usr/local/go
$ export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
$ go version - To test the installation

For the build to work we need to create a symbolic link of go binary to /usr/bin

$ sudo ln -s /usr/local/go/bin/go /usr/bin/go

Now we can clone the CBL-Mariner repository and start our build.

$ git clone https://github.com/microsoft/CBL-Mariner.git
$ git checkout 1.0-stable
$ cd toolkit
$ sudo make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

I’ve faced lot of issues and errors while building with non stable branches/tags. If you are comfortable with bleeding edge releases, you can get your hands dirty with that. Once the build is completed you can find your image in the out directory.

$ cd ../CBL-Mariner/out/images/full/

$ ls -lh full.1.0.20210813.0520.iso

A quick view of the build I’ve done is provided in the below video.

CBL-Mariner build

Now that we have the ISO image, we can install CBL-Mariner on a virtual machine. To do this, I’m going to use Oracle VirtualBox, which is free. If we have any other virtualization tool we can use that as well.

Steps to Follow:

  • Open VirtualBox.
  • Click on the button New to create a new VM.
  • Now start the virtual machine creation wizard.
  • Put the name we want
  • Choose “Linux”, and version “Linux 2.6/3.x/4.x (64-bit)”. And press next.
  • Follow the wizard and chose the default
  • For CBL-Mariner we must configure at least 1 CPU, 1GB of RAM, and 8GB of disk.
  • Go to next until completing the wizard.
  • Now that we are back on the main VirtualBox screen
  • we can right-click the entry that appears with the name we have given it and then select Configuration on the menu.
  • we can also select the entry and click the upper Settings button.
  • Go to Storage, and from there on the icon of the optical disk (Empty) we have to click on Optical Drive and choose “Select a disk file” to be able to load the ISO image. And in the browser that will appear, select where we have the ISO that we generated in the previous step.
  • It’s time Start the virtual machine with CBL-Mariner.

Once we have started the virtual machine, it will start up and after a few moments it will show we a menu to installation. The steps we must follow are:

  • Choose the option “Graphical Installer” for graphical installation. There are also options for text mode, but the graphic is better. And once selected, press Next. [we have to move through the menu with the keyboard arrows and ENTER to select]
  • Now we will see an installer very similar to that of any other distro. In the Installation Type menu: we have to choose «CBL-Mariner Full » for full installation. In any case, both in Full and Core, as it hardly includes packages, it will be fast.
  • The next screen is the license terms to accept.
  • Then comes the assistant hard drive partitioning. There we have to create the necessary partitions or leave the ones that come by default.
  • Turn to choose the hostname, as well as the username and password. It’s free text for hostname
  • Please provide a complex password with combination of CAPITAL, small, Number & Special Characters
  • CBL-Mariner now begins the actual installation. Will start to install packages. And when it’s done, reboot the virtual machine.
  • When we start we will see the Login, where we have to put the login data (name and password).
  • Now we use CBL-Mariner as we would with any server distro, without a GUI
CBL-Mariner Installation

Thanks to all who have taken time to go through this blog. Hope this helps you to try building and installing CBL-Mariner the latest addition to Linux family.