Microsoft’s “CBL-Mariner” Linux distro installation and overview

It is not every day that you hear of one operating system having a vested interest in another operating system’s domain. In this case, Microsoft is taking a deep dive into the Linux operating system world. This exploration has led to the development of CBL-Mariner,  a Linux operating system distribution operating under the umbrella of Microsoft.  The release of this distro is under the MIT license (open-source).

CBL-Mariner is a Github-hosted repository. An official statement from Microsoft describes this Linux distribution as Microsoft’s edge products and services and cloud infrastructure-oriented internal Linux distribution.   Two primary objectives propelled the development of this Linux distribution. First, its design catered to providing a consistent platform for Microsoft’s growing number of devices and services.

Secondly, the open-source nature of Linux distributions has made it not only a reputable platform but also a growing one. Therefore, this Microsoft-owned distro is the perfect opportunity to keep tabs on what is happening in the Linux world through their growing updates.

The first report that dismissed CBL-Mariner as a secret and brought it into the limelight took place in November 2020. CBL-Mariner had become confirmed hot news early this month when the Microsoft engineering team released an easy-to-follow installation guide regarding this Linux distribution. All that you need is a little Linux confidence to conquer the easy installation steps confidently.

We can confidently conclude that the Linux operating system footprints are dynamic enough to be considered worthy allies by other major operating systems like the ones under Microsoft.

A closer look at CBL-Mariner

The abbreviation “CBL” in CBL-Mariner translates to “Common Base Linux”. Microsoft’s Linux System Group is responsible for its creation or development. The same development team worked on Windows Subsystem’s Linux kernel dedicated to WSL 2 (Linux version 2). The primary developmental objective behind CBL-Mariner is for Microsoft’s engineering teams to adapt it to an internal Linux distribution functionality.

Achieving this objective paves the way for the creation of Microsoft’s edge products and services in addition to cloud infrastructure development. The existence of CBL-Mariner under a Github repo grants it an open-source badge. However, accessing this public repo does not grant a user an ISO file or an image like when dealing with other Microsoft products.

The instructions attached to the repo will guide anyone into creating their own builds from scratch, especially if you are under an Ubuntu Linux distribution like 18.04 or later. The same Github page that hosts CBL-Mariner also avails a series of needed prerequisites like Golang, RPM tools, ISO build tools, and Docker.

The approach or build process for creating the needed ISO file is direct. You will need to rely on pre-compiled RPM packages. You can access them from CBL-Mariner’s package repo. The option of creating an ISO file for CBL-Mariner also depends on the targeted installation platform. For example, if you use a platform like the vSphere 7  homelab, you will take the following command-line approach to create your CBL-Mariner ISO file.

git clone https://github.com/microsoft/CBL-Mariner.git

cd CBL-Mariner/toolkit

sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

CBL-Mariner installation process

Depending on your current environment, you could choose to create some new VMs and set their associated guest operating systems to Linux (64 bit) versions 5.x or later. These configuration settings comfortably apply to a vSphere lab environment. As for the hardware requirement, a 16 GB disk storage, 2 GB RAM, and 1 vCPU should suffice. These requirements comfortable create an ideal environment for installing and testing CBL-Mariner.

Once you create and boot into the CBL-Mariner ISO file or image,  a text-oriented or graphical-oriented interface or mode will guide you through the needed installation process and its attached options. It would be best to always go with the graphic mode unless you are not a newbie to the Linux command line.

CBL-Mariner welcome screen

As for the installation type, you will have to choose between Core and Full installation. Whichever choice you make, both installation types are reasonably fast. Core installation averages at 29 seconds, while full installation averages at 76 seconds.

The CBL-Mariner installation process is interactive. Along the way, you will need to provide some typical parameters like partitioning and user associated with the system.

CBL-Mariner system partition configuration

CBL-Mariner system final configuration setup    

CBL-Mariner Overview

The feel you will get, or one you should expect from your interaction with CBL-Mariner, is very similar to those under Linux distros like Photon-OS and Fedora. This stride is no coincidence. The team behind CBL-Mariner even gives credits to Fedora and Photon-OS in the Github repo’s acknowledgment section.  These Linux distros SPEC files created valid references and starting points for the development of CBL-Mariner.

As expected in any other modern Linux distribution, CBL-Mariner has also borrowed “systemd” as its system manager. Therefore, accessing your CBL-Mariner installation is also viable through the system console. It is easy if your operating system environment has an SSH daemon installed. If not, you can use the “tdnf” package manager to install it through your primary console to access the Mariner VM.

sudo tdnf install -y openssh-server

sudo systemctl enable --now sshd.service

CBL-Mariner package and update system

The package system under CBL-Mariner is RPM-based. As for the package update system, both tdnf and dnf are viable package managers. The tdnf or tiny dnf package manager has its basis on dnf with a direct derivative link from VMware’s Photon OS.

RPM-OSTree is the approach used by CBL-Mariner to accomplish atomic servicing and rollback as supported image-based system update mechanisms. Also, this approach is directly linked with OSTree on top of being an open-source tool. It is effective in managing versioned, immutable, and bootable filesystem trees.

The developmental objective behind the existence of rpm-ostree sorted to create a client-server architecture. Thus, the associated Linux hosts would remain updated and be synchronized to access and install the latest packages releases.

Two configured system package repositories, “update” and “base,” are available on this operating system through the following console command.

$ sudo tdnf repolist

Running the above command should yield an output similar to the following:

Loaded plugin: tdnfrepogpgcheck
repo id            repo name                               status
mariner-official-baseCBL-Mariner Official base 1.0 x86_64 enabled
mariner-official-updateCBL-Mariner Official update 1.0 x86_64 enabled

These two repositories are responsible for the availability of combined 3300 packages in estimation. In addition, VMware Tools package like open-vm-tools is readily available even for CBL-Mariner instances operational under the vSphere environment.

CBL-Mariner security by default

The secure-by-default principle is behind the security protocols that define the authenticity of the CBL-Mariner operating system. This principle defines security-oriented features like tamper-resistant logs, ASLR, hardened kernel, compiler-based hardening, and signed updates. If you need an in-depth look at these security features, CBL-Mariner’s Github repo has all the answers. The same repo also covers detailed VHDX and ISO images creation.

CBL-Mariner’s developmental strides

The strides that made Microsoft gain interest in the Linux operating system’s world started way back when WLS (Windows Subsystem for Linux) was released. The August 2016 Windows 10 Anniversary Update led to WSL 2 announcement. It implied that Windows users would benefit from Linux Apps through their graphical user interface-centered operating system environment.

This assimilation approach of Linux applications into the Windows operating system environment is different from developing and using an actual Linux distro. It is such developmental strides that make the release of CBL-Mariner an interesting stride for Windows.

Final note

Linux operating system and its allied distributions and flavors are cancerous to the operating system world, but the only good kind of cancer. Its infection is inevitable as other operating system distributions are starting to acknowledge its true power and potential. Furthermore, Linux’s open-source status makes it a worthy investment as users do not have to worry about having their fate tied to the price tags of commercially-owned operating system companies.

Microsoft has been quietly making strides towards open-source projects. In 2018, the software company was publicly recognized as the leading worldwide contributor to open-source projects. Microsoft is on its way to acquire another worldwide status after its recent acquisition of Github. The Github platform is literally a hub of countless open-source software projects. So Microsoft will not only brag about its open-source projects contributor status but will also become an open-source projects distributor.

The release of CBL-Mariner is the start of Microsoft’s 2021 and onwards ambitions. If you are working on an edge or server-based project, this Microsoft’s Linux distro is easy to download, install, and use, as covered by this article. Welcome to the 2021 software world where operating systems are colluding to better the software-centered human lifestyles!