modern update approaches for embedded linux
play

Modern Update Approaches for Embedded Linux Petros Angelatos April - PowerPoint PPT Presentation

Bringing DevOps to Devices Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros Angelatos CTO & Founder of resin.io @petrosagg Agenda The need for updates Update techniques Our


  1. Bringing DevOps to Devices Modern Update Approaches for Embedded Linux Petros Angelatos April 2016

  2. About me ● Petros Angelatos ● CTO & Founder of resin.io @petrosagg

  3. Agenda ● The need for updates ● Update techniques ● Our solution ○ Device software architecture ○ Yocto architecture ○ Host OS updates ○ Application updates ● Drone demo ● Questions

  4. The need for updates

  5. More powerful devices, more complex software Embedded software now demands the full lifecycle support we’ve been giving to web, cloud, and mobile.

  6. Importance of updates ● Recalling products costs money ● Higher exposure to security exploits ● Longer release cycles

  7. Importance of updates

  8. Importance of updates

  9. Importance of updates

  10. Importance of updates

  11. We’ve been there We’ve been supporting a network with hundreds of screens in 5 countries, for two years. We’ve had to go out on weekends, in the snow, with drills and USB sticks, upgrading software. We spent a lot of resources on infrastructure that had little to do with our specific application.

  12. Updates are difficult ● Poor connectivity ● Intermittent power ● Devices can be anywhere ● Devices could be in the middle of a critical operation ● A failed updated is a bricked device

  13. Various update techniques ● Image based ● Package based ● Containers

  14. Our solution

  15. On-device software architecture RESIN.IO APPLICATION EXTENSION CONTAINER CONTAINER CONTAINER(S) The Vision: 100% updateable User Resin Application Agent ● All containers update safely and reversibly. Our own agent (Supervisor) runs in its own Language Language Packages Packages container add-on Language functionality Language Runtime Runtime containers ● Layers shared between containers are (future) stored only once OS OS packages packages Base ● Docker and Yocto userspace update using Base Image Image conventional methods Container Engine (Docker) All software projects we depend on are ● under open source licenses Userspace Linux Kernel + Kernel Modules

  16. Yocto layer architecture Jethro overlayer Fido overlayer Daisy overlayer meta-resin meta-resin-common BSP BSP BSP BSP BSP BSP BSP BSP BSP poky (yocto) meta-openembedded

  17. Host OS updates ● Green/Blue method ● Has been discussed in Yocto mailing list ● Used by ○ CoreOS ○ ChromiumOS ○ Ubuntu Snappy ○ Probably others too

  18. Typical partition layout Linux and root Inactive Data Bootloader

  19. Atomic updates ● Immutable filesystem images ● Image as unit of deployment

  20. Host OS updates Linux and OS v1 Inactive Data Bootloader ● Initial device state ● Bootloader points to first root partition

  21. Host OS updates Linux and OS v1 Inactive Data Bootloader OS v2 ● Version 2 of the OS is downloaded into the inactive partition ● This operation can be interrupted without issues ● At the end, we can verify integrity and sync to disk

  22. Host OS updates Linux and OS v1 OS v2 Data Bootloader ● Copy bootfiles from the OS image to boot partition ○ Kernel ○ DTBs ○ Initrd ○ etc. ● Do it in a atomic fashion ○ Write tmp file ○ Sync to disk ○ Rename to destination ○ Sync again

  23. Host OS updates Linux and OS v1 OS v2 Data Bootloader ● Flip flag in bootloader to point to the new OS image and to the new OS kernel ● Reboot

  24. Host OS updates Linux and Inactive OS v2 Data Bootloader ● Final device state after reboot

  25. Failsafe updates ● With the help of hardware watchdogs ● With the help of bootloader logic ● The new version marks itself as stable after running self-test

  26. Container updates ● We use Docker ○ Originally ported Docker to ARM ● No reboot required ○ Move fast, brick nothing ● Efficient in bandwidth through layer sharing ● Efficient in disk IO through layer sharing ○ But we can do better with binary diffs

  27. Container updates ● We can build update strategies depending on requirements ● Can achieve true downtime updates

  28. Update strategies Strategy 1: Download then Kill (default) 3. OLD CONTAINER KILLED, 2. UPDATE DOWNLOADED 1. DOWNLOAD THE UPDATE NEW ONE STARTED DEVICE DEVICE DEVICE Supervisor Supervisor Supervisor Old New Old Old New New New Container Container Container Container Container Container Container

  29. Update strategies Strategy 2: Hand Over 1. DOWNLOAD THE 3. NEW CONTAINER 4. NEW CONTAINER ASKS 2. UPDATE DOWNLOADED UPDATE STARTED OLD CONTAINER TO GIVE UP DEVICE DEVICE DEVICE DEVICE Supervisor Supervisor Supervisor Supervisor Old Old New Old New Old New New Container Container Container Container Container Container Container Container On Timeout On Timeout DEVICE DEVICE Supervisor Supervisor Notifies Old New Old New Container Container Container Container 5. OLD CONTAINER 6. OLD CONTAINER KILLED IS READY TO DIE

  30. Drone demo

  31. Food for thought ● If you squint, containers look a lot like host OS images and vice versa Can we unify? We think yes . Come to our booth to talk about it :)

  32. Open source ● Resin OS Github Organisation https://github.com/resin-os ○ ● Resin device supervisor https://github.com/resin-io/resin-supervisor ○ ● Gitter https://gitter.im/resin-io/chat ○

  33. Questions? Get in touch: Petros Angelatos // petrosagg@resin.io // @petrosagg

Recommend


More recommend