io t gets snappy with ubuntu core
TRANSCRIPT
Click to edit the title text format
IoT gets snappy
with Ubuntu Core
Presented bySergio Schvezov [email protected] Taneja [email protected] 2016
About Sergio
Crdoba Argentina
Ubuntu Core
Lives
Team
Used to be in the Ubuntu phone foundations teamResponsibilities:- snappy: design and dev- ubuntu-device-flash- oem- webdm- bootloaders
While in foundations:- storage- mms- notificaciones- portar/integrar
Manik Tajeda
About Manik
California, USA
Product Management
Lives
Team
Manik Tajeda
The path so far
Let's go back to the start
Apt drives it
Periodic update cycle
Packages tied to a release
Ubuntu
The Ubuntu we all know and love.The one that is everywhere
Maintainer scriptsWait six monthsUse a PPA?Everything shared, is shared for everything.Huge dependency tree.Packaging correctly is hard.If you want to confine your binaries, it is rather hard (native apparmor rules and seccomp).
Evolutionary steps
System Image
click
Security and isolation
Frameworks
SDK
Ubuntu Touch
Ubuntu for phones, changing many known paradigms.
An image is a blobSystem Image.
Applied in deltas
Layered
A minimal android runs in an lxc container.
Generally small updates, rolling if you want to be trendy
Introduces clicks:No maintainer scripts
hooks instead.
The dependency is the framework
Ubuntu Store allows freedom for releasing software targeting a release.
SDK which basically defines the supported framework.
Confinement through apparmor easyprof
Trusted helpers
And here we are
New architecture
Transactional
Moldable
Isolated and independent components
Snappy
Ubuntu Core (and Personal) have a snappy architecture.
Builds on top of Touch
Everything is a snap
Moves away from system image:Total isolation and no more layering.
Layers require an orchestrator
Isolated components talk over interfaces.
Small and isolated make it easy to use.
Ubuntu Core
Confusion between snappy and Ubuntu Core
Ubuntu is not apt as Ubuntu Core is not snappy
Eagle view of Ubuntu Core
AppAppAppOSKernelGadget
Reliable updates
Safe
Simple packaging
AppmanikEverything comes from the storeInitially we had frameworks (15.04), this has grown to live as capabilities.frameworks was a bad name.Abstraccin de hw sera el kernel y un par de cosas msGadget defineApps can have forks.Apps provide apps, today as either a cli or a daemon.
OS
The big dependency.
The same on every hardware.
Generic initrd
Exposes capabilities.
Ubuntu CoreCommon base for all snaps.
Kernel
The Linux kernel itself
Modules
Hardware specific initrd
Bootloader assets.
Linux et. al.The Linux kernel and associated hardware-specific drivers (or libraries such as those which provide OpenGL) are all bundled into a single snap, called the kernel snap although it may occasionally include software that is not strictly part of the kernel.
Gadget
Branding
Customize towards the hardware connections.
Exposes capabilities
DefinesUsed to customize the device to specific uses.
Bootloader assets *
Manik discusses this slide
Apps
Can access resources exposed through capabilities.
No conflicts between apps
Kernel control groups
Kernel Namespace (CLONE_NEWNS)
AppArmor and SecComp
ConfinedApps have clear interfaces.
Apps
Replaces original ideas from frameworks.
Capabilities replace the previous security system based on security templates, overrides and profiles.
Easy way to expose capabilities.
Apps can provide and consume capabilities.
Capability types live in the OS snap.
CapabilitiesCapabilities are an evolution of the security system built into snappy. Snappy combines both sides to let applications obtain hardware-specific information and permissions to use it.
Snaps that need to interact with a piece of hardware or use non-default permissions need to declare that they consume a capability of a given type. Hardware systems can offer capabilities of various kinds.
Releases and channels
rolling
15.04
Today there's 2, rolling and 15.04The numbered releases are stable. 16.04 will be an LTS.
Half truth, stable releases are stable on the stable channel.
Edge is the daily build.
There is no stable channel for rolling.
Manik
On the cloud
Vagrant and KVM images for rapid prototyping.snappy Ubuntu Core can be found on all the major clouds like AWS, Azure & GCE
Also on private clouds
Manik
Containers
snappy install docker
snappy install owncloud
Or just use the docker command.
snappy install lxd
Manik
Devices
Manik
Ecosystem
Store
manik.
webdm
Firstboot experience
Access, configure and install/remove snaps
Administer the system
Can be branded
avahi/zeroconf
manik
Development
Snapcraft
Fetch sources on git, bzr or hg
Composed by parts
Extensible through plugins
Life cycle: pull, build, stage, strip and snap
Partes- parte central- independientes entre ellos- usado para el snap final o para contruirPlugins:- go, py2/3, java, c, ubuntuCiclo de vida:- pull parts/part-name/src- build parts/part-name/build, despus ../install- stage combina todos los parts en ./stage- snap partes productivas de stage + ./meta- assemble crea el snap
Demos
Show pi2loginrun unavailable commandsrun some snappy commands
LXDlxdbr0 (eth0)Layout
ros-trusty
eth0
Partes- parte central- independientes entre ellos- usado para el snap final o para contruirPlugins:- go, py2/3, java, c, ubuntuCiclo de vida:- pull parts/part-name/src- build parts/part-name/build, despus ../install- stage combina todos los parts en ./stage- snap partes productivas de stage + ./meta- assemble crea el snap
Questions?
Thanks!
Sergio [email protected]@sergiusens
Manik [email protected]@manikt