Jump to: navigation, search

openSUSE corporate image


This activity started as a Hack Week project, to offer an openSUSE [[1]] based corporate image that would be supported by SUSE IT. In ideal situation, this image should provide all the necessary software and settings to offer a seamless experience for the end user and will be managed by an MDM.

MVP Requirements

  • The deployment do the end-user machine is unattended
  • Machine has disk encrypted (boot disk does not need to be encrypted) - sufficient is to have encryption done by default password (and during firstboot the password is changed - assumption)
  • Once the machine is provisioned, it is added to asset DB (serial number + asset owner)
  • Productivity tools are installed

Additional features

  • Manageable by MDM
  • Different installation profiles
  • Possibility to reset the password to gain full system access for the ones who want to have a self-managed system
  • Possibility of user-initiated mechanism for remote support
  • List of recommended/supported hardware (web page)
  • Additional applications installed
  • Backup solution (rclone to OneDrive)

Standard software

The applications listed below are the most commonly used ones in SUSE across all operating systems. Not all of them will be required by all end-user groups, but these should be preinstalled or easily available for installation when corporate Linux image is used. Other applications can be installed using available software sources (such as openSUSE repositories, Flathub, etc), but root credentials might be required.

Caption text
Application name User base Installation source(s)
MVP Mandatory
Slack all users Flathub, other
Teams all users Flathub, other
OpenConnect all users openSUSE repositories
openVPN optional (all users?) openSUSE repositorie
Firefox all users openSUSE repositories, Flathub
Chromium all users openSUSE repositories, Flathub
Evolution all users openSUSE repositories, Flathub
Thunderbird all users (optional?) Flathub, other
KeepassXC all users openSUSE repositories, Flathub
OneDrive client all users openSUSE repositories
VLC optional openSUSE repositories, Flathub
Rancher Desktop optional Rancher repositories, AppImage
GitHub Desktop optional Flathub
Visual Studio Code optional Flathub, other


Some of the system and applications configuration should be preinstalled, to offer more streamlined experience.

  • Web browser homepage and bookmarks
  • VPN setup (excluding username and password)
  • OneDrive client config (user would still need to login and authorize the application usage)
  • SUSE CA Certificates

Deployment methods


Building CSB image

All of SUSE IT packages are expected to be maintained in isv:SUSE:suse-it-infra.

The build configuration for the image itself lives in suse-it-infra/livecd-openSUSE/selfinstall-leap-gnome-csb.kiwi.

Further image tweaks can be done inside config.sh which we've inherited from the MicroOS.

The image is configured in a way that gnome-initial-setup is executed on the first boot and let's user choose, l10n, TZ, user/password, and trigger a script from suse-it etc.

Encryption of the image

We've have agreed that initial encryption with be full-disk-encryption with exceptions of /boot and /boot/efi which do not hold any user data. Default password is suseit. Password will be changed as part of firstboot experience.