Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Introducing resinOS
An Operating System Tailored for
Containers and Built for the Embedded
WorldAndrei Gherzan / Petros An...
Andrei Gherzan
● Lead engineer of resinOS
● Maintainer of meta-raspberrypi, meta-chip
About us
Petros Angelatos
Founder / ...
Mission
History
Architecture
Features
Development tools
Future
Agenda
Be the embedded OS of choice for containers in IoT
Create a community around containers for IoT
Modern security features
M...
Started 4 years ago
Modern devops practices to the embedded world
Naturally leaned towards containers
Ported Docker to ARM...
Needed an OS for our platform
Tried a modified Arch
Tried a modified TinyCore
Both had important shortcomings
History - re...
Started in January 2014 as internal project
Used Yocto as a base
Open sourced in July 2015
Currently under very active dev...
Architecture
Why we chose yocto
Minimal
Low footprint
Build system allows for easy patching
Board vendors usually supply Yocto BSP
Easi...
Yocto layer architecture
poky
meta-oe
meta-resin
resin-<board-name>
board BSP
submodules
One repo per board
Submodules for...
meta-resin
meta-resin
meta-resin-common
Jethro overlayer Fido overlayer Daisy overlayer
Main resinOS layer
Automatic aufs ...
Environment defined in a Dockerfile
Predictable host configuration
Docker image artifacts
You can use the OS as a containe...
Separate rootfs and root state
We know exactly which services write to disk
Dual root partition
data partition auto-expand...
Forced us to investigate all writes
Configuration stored in state partition
Network configuration
Random seed
Clock at shu...
Cleaner separation
OTA updates are much easier
Enables diff based updates
We can’t leave state behind
Read-only root
Compartmentalisation of failures
Device can survive data partition corruption
Most I/O activity happens in there
Root part...
Runtime
ResinOS Userspace
User
Application
Language
Packages
Language
Runtime
OS packages
Base Image
Container Engine (Doc...
Systemd
NetworkManager
ModemManager
dropbear
dnsmasq
docker
avahi
Ingredients
Leverage a lot of systemd features
Adjusting OOM score for critical services
Running services in separate mount namespaces...
DNS is hard
dnsmasq
Integration of Docker with host’s dnsmasq
NetworkManager
Excellent D-Bus API
ModemManager
Excellent D-...
AUFS driver
Allows support for NAND based devices
Currently on docker 1.10.3
Backported stability patches
Journald logging...
All logs end up in journald
In RAM 8MB buffer by default
Configurable log persistence
Journald allows for structured logs
...
Features
Some boards have internal storage
Image for these boards is a flasher
Automatic copying to internal storage
Feedback throu...
So many options
It’s one of our biggest focus areas
resinhup is our current approach
Takes advantage of dual root partitio...
● Used by
CoreOS, ChromiumOS, Ubuntu Snappy
Brillo, Mender.io
But wastes a lot of space
We’re experimenting with more adva...
Integration with docker
It uses docker to pull the OS image
It then unpacks and applies it
Leveraging important docker fea...
Automatic emulated testing
● We support virtual QEMU boards
● Automated basic testing on every PR
○ Booting
○ Networking
●...
Automatic hardware testing
● Manual testing doesn’t scale
○ Currently 22 boards
● We built a board that instruments boards...
ARM64
● Coming soon
ARMv6
● RPI Zero
● RPI model 1 A+
ARMv5
● TS7700
Device support
ARMv7
● Raspberry Pi 2
● Raspberry Pi ...
Device support
● Easy to add new boards
● Meta-resin handles
○ Userspace
○ Image generation
○ Kernel configuration
Development tools
● How do you..
○ Configure network credentials?
○ Provision a device?
○ Develop on the board?
○ Get logs?
Development tools
● Development images have
○ Open SSH server
○ Docker socket exposed over TCP
○ mDNS exposed metadata
● Device is at <hostn...
● Image configuration
● Wifi credentials
● Hostname
● Persistent logging
Resin Device Toolbox
$ rdt configure ~/Downloads/...
● Automatically detects removable storage
● Won’t wipe your drive!
● Validates after writing
Resin Device Toolbox
$ sudo r...
Docker development
Finds device in local network
Continously syncs code into the container
Rebuilds when necessary
Resin D...
● More than 500 images for each supported device type
● Debian, Fedora, Alpine
● Nodejs, python, golang, Java
● Follow doc...
Future
● Roadmap includes..
○ Compressed RAM
○ Docker 1.12
○ Hardware watchdog integration
○ Secure Boot
○ ramoops integration
○ ...
Open source
● Website - https://resinos.io/
● Github - https://github.com/resin-os
● Gitter - https://gitter.im/resin-os/c...
Questions?
Nächste SlideShare
Wird geladen in …5
×

Introducing resinOS: An Operating System Tailored for Containers and Built for the Embedded World

17.619 Aufrufe

Veröffentlicht am

This presentation, from the Embedded Linux Conference Europe in October 2016, discusses how resinOS was built, highlights some of its key features, and shares a roadmap for future development and contribution.

resinOS is the latest open-source tool built by resin.io to enable the future of hardware with the tools of modern software. resinOS is a simple yet powerful operating system that brings standard Docker containers to embedded devices and works on a wide variety of device types and architectures. resinOS was born from the team’s experience deploying embedded containers across device types and has been battle-tested in production environments.

You can download resinOS at https://resinos.io

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Introducing resinOS: An Operating System Tailored for Containers and Built for the Embedded World

  1. 1. Introducing resinOS An Operating System Tailored for Containers and Built for the Embedded WorldAndrei Gherzan / Petros Angelatos October 2016
  2. 2. Andrei Gherzan ● Lead engineer of resinOS ● Maintainer of meta-raspberrypi, meta-chip About us Petros Angelatos Founder / CTO Ported Docker to ARM
  3. 3. Mission History Architecture Features Development tools Future Agenda
  4. 4. Be the embedded OS of choice for containers in IoT Create a community around containers for IoT Modern security features Minimal footprint Production ready Mission
  5. 5. Started 4 years ago Modern devops practices to the embedded world Naturally leaned towards containers Ported Docker to ARMv6 Ported Docker to ARMv5 Fixes upstreamed History - resin.io
  6. 6. Needed an OS for our platform Tried a modified Arch Tried a modified TinyCore Both had important shortcomings History - resinOS
  7. 7. Started in January 2014 as internal project Used Yocto as a base Open sourced in July 2015 Currently under very active development It’s been running in production for 2.5 years History - resinOS
  8. 8. Architecture
  9. 9. Why we chose yocto Minimal Low footprint Build system allows for easy patching Board vendors usually supply Yocto BSP Easier device support Yocto
  10. 10. Yocto layer architecture poky meta-oe meta-resin resin-<board-name> board BSP submodules One repo per board Submodules for dependent layers Tried repo tool Tried monolithic repo Each board can move independently https://github.com/resin-os?query=resin-
  11. 11. meta-resin meta-resin meta-resin-common Jethro overlayer Fido overlayer Daisy overlayer Main resinOS layer Automatic aufs patching BSP independent kernel configuration Can prepopulate docker images Kernel headers for out-of-tree module development https://github.com/resin-os/meta-resin
  12. 12. Environment defined in a Dockerfile Predictable host configuration Docker image artifacts You can use the OS as a container resin/resinos:<version>-<board> Build system https://github.com/resin-os/resin-yocto-scripts
  13. 13. Separate rootfs and root state We know exactly which services write to disk Dual root partition data partition auto-expands on first boot Partition layout rootA databoot rootB state
  14. 14. Forced us to investigate all writes Configuration stored in state partition Network configuration Random seed Clock at shutdown Some state is stored in tmpfs DHCP leases Limited logs Read-only root
  15. 15. Cleaner separation OTA updates are much easier Enables diff based updates We can’t leave state behind Read-only root
  16. 16. Compartmentalisation of failures Device can survive data partition corruption Most I/O activity happens in there Root partition is never written to while in use We strive to do atomic operations everywhere Reliability
  17. 17. Runtime ResinOS Userspace User Application Language Packages Language Runtime OS packages Base Image Container Engine (Docker) Linux Kernel + Kernel Modules CONTAINER CONTAINER(S)
  18. 18. Systemd NetworkManager ModemManager dropbear dnsmasq docker avahi Ingredients
  19. 19. Leverage a lot of systemd features Adjusting OOM score for critical services Running services in separate mount namespaces Very easy dependency management NTP Socket activation for SSH Saves RAM since ssh is running only when needed Systemd
  20. 20. DNS is hard dnsmasq Integration of Docker with host’s dnsmasq NetworkManager Excellent D-Bus API ModemManager Excellent D-Bus API Lots of documentation Networking
  21. 21. AUFS driver Allows support for NAND based devices Currently on docker 1.10.3 Backported stability patches Journald logging driver Avoids SD card wear Seccomp enabled Docker
  22. 22. All logs end up in journald In RAM 8MB buffer by default Configurable log persistence Journald allows for structured logs Container logs are annotated with metadata Easy to send logs to a central location to store and process Log management
  23. 23. Features
  24. 24. Some boards have internal storage Image for these boards is a flasher Automatic copying to internal storage Feedback through LEDs Two stage flashing
  25. 25. So many options It’s one of our biggest focus areas resinhup is our current approach Takes advantage of dual root partition Validates everything before changing the state It’s still experimental Host OS updates https://github.com/resin-os/resinhup/
  26. 26. ● Used by CoreOS, ChromiumOS, Ubuntu Snappy Brillo, Mender.io But wastes a lot of space We’re experimenting with more advanced approaches ostree docker Dual root partition method
  27. 27. Integration with docker It uses docker to pull the OS image It then unpacks and applies it Leveraging important docker features Signed images Programmatic API for fetching Open question: can unify containers and host? ResinHUP https://github.com/resin-os/resinhup/
  28. 28. Automatic emulated testing ● We support virtual QEMU boards ● Automated basic testing on every PR ○ Booting ○ Networking ● Integrated with our Jenkins https://github.com/resin-io/autohat
  29. 29. Automatic hardware testing ● Manual testing doesn’t scale ○ Currently 22 boards ● We built a board that instruments boards ○ GPIO ○ Provisioning ○ SD muxing ○ Wifi testing https://github.com/resin-io/autohat-rig
  30. 30. ARM64 ● Coming soon ARMv6 ● RPI Zero ● RPI model 1 A+ ARMv5 ● TS7700 Device support ARMv7 ● Raspberry Pi 2 ● Raspberry Pi 3 ● Samsung Artik 5 ● SamsungArtik 10 ● Beaglebone Black ● Beaglebone Green ● Beaglebone Green Wireless ● Odroid C1/C1+ ● Odroid XU4 ● SolidRun Hummingboard i2 ● Boundary Devices Nitrogen6x ● Parallella Board ● VIA 820 board ● Zynq zc702 ● TS4900 single and Quad X86_32 ● Intel Edison X86_64 ● Intel NUC
  31. 31. Device support ● Easy to add new boards ● Meta-resin handles ○ Userspace ○ Image generation ○ Kernel configuration
  32. 32. Development tools
  33. 33. ● How do you.. ○ Configure network credentials? ○ Provision a device? ○ Develop on the board? ○ Get logs? Development tools
  34. 34. ● Development images have ○ Open SSH server ○ Docker socket exposed over TCP ○ mDNS exposed metadata ● Device is at <hostname>.local Development mode
  35. 35. ● Image configuration ● Wifi credentials ● Hostname ● Persistent logging Resin Device Toolbox $ rdt configure ~/Downloads/resinos-dev.img ? Network SSID super_wifi ? Network Key super_secure_password ? Do you want to set advanced settings? Yes ? Device Hostname resin ? Do you want to enable persistent logging? no Done!
  36. 36. ● Automatically detects removable storage ● Won’t wipe your drive! ● Validates after writing Resin Device Toolbox $ sudo rdt flash ~/Downloads/resinos-dev.img ? Select drive /dev/disk3 (7.9 GB) - STORAGE DEVICE ? This will erase the selected drive. Are you sure? Yes Flashing [========================] 100% eta 0s Validating [========================] 100% eta 0s
  37. 37. Docker development Finds device in local network Continously syncs code into the container Rebuilds when necessary Resin Device Toolbox $ rdt push --source . * Building.. - Stopping and Removing any previous 'myapp' container - Removing any existing container images for 'myapp' - Building new 'myapp' image
  38. 38. ● More than 500 images for each supported device type ● Debian, Fedora, Alpine ● Nodejs, python, golang, Java ● Follow docker conventions Base Images https://github.com/resin-io-library/base-images
  39. 39. Future
  40. 40. ● Roadmap includes.. ○ Compressed RAM ○ Docker 1.12 ○ Hardware watchdog integration ○ Secure Boot ○ ramoops integration ○ ... ● We interested in your thoughts ● There is lots of room for innovation Future
  41. 41. Open source ● Website - https://resinos.io/ ● Github - https://github.com/resin-os ● Gitter - https://gitter.im/resin-os/chat ● Apache 2 Licence
  42. 42. Questions?

×