Click to edit the title text format

IoT gets snappy
with Ubuntu Core

Presented bySergio Schvezov sergio.schvezov@canonical.comManik Taneja manik.taneja@canonical.comwww.canonical.comJanuary 2016

About Sergio

Crdoba Argentina

Ubuntu Core

Lives

Team

Used to be in the Ubuntu phone foundations teamResponsibilities:- snappy: design and dev- ubuntu-device-flash- oem- webdm- bootloaders

While in foundations:- storage- mms- notificaciones- portar/integrar

Manik Tajeda

About Manik

California, USA

Product Management

Lives

Team

Manik Tajeda

The path so far

Let's go back to the start

Apt drives it

Periodic update cycle

Packages tied to a release

Ubuntu

The Ubuntu we all know and love.The one that is everywhere

Maintainer scriptsWait six monthsUse a PPA?Everything shared, is shared for everything.Huge dependency tree.Packaging correctly is hard.If you want to confine your binaries, it is rather hard (native apparmor rules and seccomp).

Evolutionary steps

System Image

click

Security and isolation

Frameworks

SDK

Ubuntu Touch

Ubuntu for phones, changing many known paradigms.

An image is a blobSystem Image.

Applied in deltas

Layered

A minimal android runs in an lxc container.

Generally small updates, rolling if you want to be trendy

Introduces clicks:No maintainer scripts

hooks instead.

The dependency is the framework

Ubuntu Store allows freedom for releasing software targeting a release.

SDK which basically defines the supported framework.

Confinement through apparmor easyprof

Trusted helpers

And here we are

New architecture

Transactional

Moldable

Isolated and independent components

Snappy

Ubuntu Core (and Personal) have a snappy architecture.

Builds on top of Touch

Everything is a snap

Moves away from system image:Total isolation and no more layering.

Layers require an orchestrator

Isolated components talk over interfaces.

Small and isolated make it easy to use.

Ubuntu Core

Confusion between snappy and Ubuntu Core

Ubuntu is not apt as Ubuntu Core is not snappy

Eagle view of Ubuntu Core

AppAppAppOSKernelGadget

Reliable updates

Safe

Simple packaging

AppmanikEverything comes from the storeInitially we had frameworks (15.04), this has grown to live as capabilities.frameworks was a bad name.Abstraccin de hw sera el kernel y un par de cosas msGadget defineApps can have forks.Apps provide apps, today as either a cli or a daemon.

OS

The big dependency.

The same on every hardware.

Generic initrd

Exposes capabilities.

Ubuntu CoreCommon base for all snaps.

Kernel

The Linux kernel itself

Modules

Hardware specific initrd

Bootloader assets.

Linux et. al.The Linux kernel and associated hardware-specific drivers (or libraries such as those which provide OpenGL) are all bundled into a single snap, called the kernel snap although it may occasionally include software that is not strictly part of the kernel.

Gadget

Branding

Customize towards the hardware connections.

Exposes capabilities

DefinesUsed to customize the device to specific uses.

Bootloader assets *

Manik discusses this slide

Apps

Can access resources exposed through capabilities.

No conflicts between apps

Kernel control groups

Kernel Namespace (CLONE_NEWNS)

AppArmor and SecComp

ConfinedApps have clear interfaces.

Apps

Replaces original ideas from frameworks.

Capabilities replace the previous security system based on security templates, overrides and profiles.

Easy way to expose capabilities.

Apps can provide and consume capabilities.

Capability types live in the OS snap.

CapabilitiesCapabilities are an evolution of the security system built into snappy. Snappy combines both sides to let applications obtain hardware-specific information and permissions to use it.

Snaps that need to interact with a piece of hardware or use non-default permissions need to declare that they consume a capability of a given type. Hardware systems can offer capabilities of various kinds.

Releases and channels

rolling

15.04

Today there's 2, rolling and 15.04The numbered releases are stable. 16.04 will be an LTS.

Half truth, stable releases are stable on the stable channel.

Edge is the daily build.

There is no stable channel for rolling.

Manik

On the cloud

Vagrant and KVM images for rapid prototyping.snappy Ubuntu Core can be found on all the major clouds like AWS, Azure & GCE

Also on private clouds

Manik

Containers

snappy install docker

snappy install owncloud

Or just use the docker command.

snappy install lxd

Manik

Devices

Manik

Ecosystem

Store

manik.

webdm

Firstboot experience

Access, configure and install/remove snaps

Administer the system

Can be branded

avahi/zeroconf

manik

Development

Snapcraft

Fetch sources on git, bzr or hg

Composed by parts

Extensible through plugins

Life cycle: pull, build, stage, strip and snap

Partes- parte central- independientes entre ellos- usado para el snap final o para contruirPlugins:- go, py2/3, java, c, ubuntuCiclo de vida:- pull parts/part-name/src- build parts/part-name/build, despus ../install- stage combina todos los parts en ./stage- snap partes productivas de stage + ./meta- assemble crea el snap

Demos

Show pi2loginrun unavailable commandsrun some snappy commands

LXDlxdbr0 (eth0)Layout

ros-trusty

eth0

Partes- parte central- independientes entre ellos- usado para el snap final o para contruirPlugins:- go, py2/3, java, c, ubuntuCiclo de vida:- pull parts/part-name/src- build parts/part-name/build, despus ../install- stage combina todos los parts en ./stage- snap partes productivas de stage + ./meta- assemble crea el snap

Questions?
Thanks!

Sergio Schvezovsergio.schvezov@canonical.com@sergiusens

Manik Tanejamanik.taneja@canonical.com@manikt