openSUSE corporate image
This activity started as a Hack Week project, to offer an openSUSE [] based corporate image that would be supported by SUSE IT. In ideal situation, this image should provide all the necessary software and settings to offer a seamless experience for the end user and will be managed by an MDM.
- The deployment do the end-user machine is unattended
- Machine has disk encrypted (boot disk does not need to be encrypted) - sufficient is to have encryption done by default password (and during firstboot the password is changed - assumption)
- Once the machine is provisioned, it is added to asset DB (serial number + asset owner)
- Productivity tools are installed
- Manageable by MDM
- Different installation profiles
- Possibility to reset the password to gain full system access for the ones who want to have a self-managed system
- Possibility of user-initiated mechanism for remote support
- List of recommended/supported hardware (web page)
- Additional applications installed
- Backup solution (rclone to OneDrive)
The applications listed below are the most commonly used ones in SUSE across all operating systems. Not all of them will be required by all end-user groups, but these should be preinstalled or easily available for installation when corporate Linux image is used. Other applications can be installed using available software sources (such as openSUSE repositories, Flathub, etc), but root credentials might be required.
|Application name||User base||Installation source(s)|
|Slack||all users||Flathub, other|
|Teams||all users||Flathub, other|
|OpenConnect||all users||openSUSE repositories|
|openVPN||optional (all users?)||openSUSE repositorie|
|Firefox||all users||openSUSE repositories, Flathub|
|Chromium||all users||openSUSE repositories, Flathub|
|Evolution||all users||openSUSE repositories, Flathub|
|Thunderbird||all users (optional?)||Flathub, other|
|KeepassXC||all users||openSUSE repositories, Flathub|
|OneDrive client||all users||openSUSE repositories|
|VLC||optional||openSUSE repositories, Flathub|
|Rancher Desktop||optional||Rancher repositories, AppImage|
|Visual Studio Code||optional||Flathub, other|
Some of the system and applications configuration should be preinstalled, to offer more streamlined experience.
- Web browser homepage and bookmarks
- VPN setup (excluding username and password)
- OneDrive client config (user would still need to login and authorize the application usage)
- SUSE CA Certificates
Building CSB image
All of SUSE IT packages are expected to be maintained in isv:SUSE:suse-it-infra.
The build configuration for the image itself lives in suse-it-infra/livecd-openSUSE/selfinstall-leap-gnome-csb.kiwi.
Further image tweaks can be done inside config.sh which we've inherited from the MicroOS.
The image is configured in a way that gnome-initial-setup is executed on the first boot and let's user choose, l10n, TZ, user/password, and trigger a script from suse-it etc.
Encryption of the image
We've have agreed that initial encryption with be full-disk-encryption with exceptions of /boot and /boot/efi which do not hold any user data. Default password is suseit. Password will be changed as part of firstboot experience.