going to production with snaps and ubuntu coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfgoing...
TRANSCRIPT
![Page 1: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/1.jpg)
Going to production with snaps and Ubuntu Core
Kyle Fazzaria.k.a. [email protected]
Mohamed Saad Ibn Seddik@[email protected]
MOOS-DAWG 2017
![Page 2: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/2.jpg)
What are you doing here?
● My background is in robotics:
○ Used MOOS through university, developing the backseat driver for a fleet of AUVs meant for mine hunting and magnetic signature detection
○ Worked as a roboticist for the US Navy, using ROS to develop UGVs using COTS cameras (stereo and spectral)
● I still participate in the community, and I’m working on stuff today that could prove useful (snaps and Ubuntu Core)
![Page 3: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/3.jpg)
What we’ll be talking about
The future wrought by rushing to ship
Some questions to be answered before shipping:
How is my software updated?
How is the base OS updated?
How is the device recovered if an update goes sideways?
What is my factory process?
MOOS snap demonstration
![Page 4: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/4.jpg)
The curse of “just shipping it”
● Mirai and the 1Tbps DDoS do not exist because of security vulnerabilities
○ Vendors shipped without considering the need for updates
○ Consider the cost of recalling your robot as opposed to having an update strategy before shipping
![Page 5: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/5.jpg)
Some questions to answer before shipping
● How is my software updated?
● How is the base OS updated?
● How is the device recovered if an update goes sideways?
● What is my factory process?
![Page 6: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/6.jpg)
How is my software updated?
● Your software is not perfect. It will need to be fixed, or have features added
● Is your software even packaged? How?
● Maintaining your own infrastructure (Debian repositories, etc.) is no small task
![Page 7: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/7.jpg)
How is my software updated?
● Your software is not perfect. It will need to be fixed, or have features added
● Is your software even packaged? How?
● Maintaining your own infrastructure (Debian repositories, etc.) is no small task
● Let’s talk packaging for a minute. Have you heard about snaps?
![Page 8: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/8.jpg)
How is my software updated?
Snaps
Package any app for a number of different Linux distributions (desktop, server, cloud or device), and deliver updates directly
...
![Page 9: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/9.jpg)
How is my software updated?
Snaps automatically update
Just publish an update in the store
![Page 10: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/10.jpg)
How is my software updated?
Snaps have an amazing developer experience: snapcraft
● Snaps bundle their dependencies, and are immutable
● Snapcraft creates snaps, orchestrating disparate components and build systems into one cohesive distributable package.
● It’s extensible and new plugins to leverage different technologies are being developed all the time. Existing plugins include Python, CMake, Autotools, and many more
![Page 11: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/11.jpg)
How is my software updated?
Snaps are perfect for CI/CD
● Multiple release channels for differing levels of stability/risk:○ edge -> beta -> candidate -> stable
● GitHub integration for automatically building your software for any supported architecture
● Not using GitHub? You can still use the Launchpad builders for multiple architectures, or use your own infrastructure
![Page 12: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/12.jpg)
How is the base OS updated?
● “I enabled automatic security updates.” A good practice, but one that can cause issues in robotics (we’ll come back to this)
● Snaps automatically update, why don’t we just make a distro based entirely upon them?
![Page 13: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/13.jpg)
How is the base OS updated?
● “I enabled automatic security updates.” A good practice, but one that can cause issues in robotics (we’ll come back to this)
● Snaps automatically update, why don’t we just make a distro based entirely upon them?
○ Great minds. Let me introduce you to Ubuntu Core
![Page 14: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/14.jpg)
How is the base OS updated?
Ubuntu Core
Based entirely upon snaps
Gadget snap
Kernel snap
Kernel 4.4
Core snap
App snap(s)
![Page 15: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/15.jpg)
How is the base OS updated?
Ubuntu Core
● Every component automatically updates out of the box:○ Core (rootfs)○ Kernel○ Anything you add on top
● If you’re using a reference device (amd64, pi2/3, etc.), Canonical maintains the gadget, kernel and core snaps for the lifetime of the LTS○ (you can of course maintain your own if you wish)
![Page 16: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/16.jpg)
How is the device recovered?
● Remember those automatic security updates you enabled? What happens when a user turns off your robot mid-update?
● Recovery partitions? Manual procedures? Yuck.
![Page 17: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/17.jpg)
How is the device recovered?
● Remember those automatic security updates you enabled? What happens when a user turns off your robot mid-update?
● Recovery partitions? Manual procedures? Yuck.
● Snaps not only automatically update, they do so transactionally
![Page 18: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/18.jpg)
How is the device recovered?
Snaps update transactionally
Original dataWritable area
Original snapUpgrade
Original data is kept on device
Original dataWritable area
Original snap
Rollback on failure
Modified data during upgrade
Writable area
Updated snap
Original dataWritable area
Original snap
![Page 19: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/19.jpg)
How is the device recovered?
Snaps update transactionally
● Transactional updates == robust updates
● Updates will roll back if an update was interrupted or otherwise invalidated
● You can also write health checks, implemented as hooks, within the snap itself. A health check failure results in a rollback
![Page 20: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/20.jpg)
How is the device recovered?
Ubuntu Core updates completely transactionally
● Since Ubuntu Core is based entirely upon snaps, every component of the operating system is updated transactionally.
![Page 21: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/21.jpg)
What is my factory process?
● How do you deploy your OS of choice, MOOS(-IvP), and your special stuff on a device you’re about to ship?
● By hand? That doesn’t scale
● Pre-seeded installation ISO?○ Pre-configuring your software that way is hard, and
continues to be so as you update○ Using Ansible or similar is better, but it’s still a serious
learning curve
![Page 22: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/22.jpg)
What is my factory process?
● How do you deploy your OS of choice, MOOS(-IvP), and your special stuff on a device you’re about to ship?
● By hand? That doesn’t scale
● Pre-seeded installation ISO?○ Pre-configuring your software that way is hard, and
continues to be so as you update○ Using Ansible or similar is better, but it’s still a serious
learning curve
● What if I told you that you could create a flashable, bootable, fully-configured image with only a few lines of JSON?
![Page 23: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/23.jpg)
What is my factory process?
Creating an Ubuntu Core image
A single JSON document:
{ "type": "model", "series": "16", "model": "my-amd64-auv", "architecture": "amd64", "gadget": "pc", "kernel": "pc-kernel", "authority-id": "<store ID>", "brand-id": "<store ID>", "timestamp": "<timestamp>", "required-snaps": ["my-special-sauce"]}
![Page 24: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/24.jpg)
What is my factory process?
Creating an Ubuntu Core image
● Sign that JSON document to create what’s called a model assertion
● Hand it to ubuntu-image to put the image together:
$ sudo ubuntu-image -c stable my.model
● Now you have a bootable image ready to be flashed in the factory
![Page 25: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/25.jpg)
MOOS snap demonstration
![Page 26: Going to production with snaps and Ubuntu Coreoceanai.mit.edu/moos-dawg17/docs/08-fazzari.pdfGoing to production with snaps and Ubuntu Core Kyle Fazzari a.k.a. kyrofa kyle@canonical.com](https://reader030.vdocuments.site/reader030/viewer/2022040611/5ed86011a294ae057c67c77a/html5/thumbnails/26.jpg)
Getting started with snaps
● Get started on https://snapcraft.io
● Code is in GitHub: https://github.com/snapcore
● Ask questions:○ In IRC: #snappy on Freenode○ In Rocketchat: https://rocket.ubuntu.com/channel/snapcraft○ In the forum: https://forum.snapcraft.io