Return to Video

Getting (more) Debian into our civil infrastructure

  • Not Synced
    Welcome back, the next talk will be
    Jan Kiszka
  • Not Synced
    on Getting more Debian into our
    civil infrastructure.
  • Not Synced
    Thank you Michael.
  • Not Synced
    So my name is Jan Kiszka,
  • Not Synced
    you may not know me, I'm not a Debian
    Developer, not a Debian Maintainer.
  • Not Synced
    I'm just an upstream hacker.
  • Not Synced
    I'm working for Siemens
  • Not Synced
    and part of the Linux team there
    for now 10 years actually,
  • Not Synced
    more than 10 years.
  • Not Synced
    We are supporting our business units
    in getting Linux into the products successfully
  • Not Synced
    for that long time, even longer actually.
  • Not Synced
    Today, I'm representing a collaborative
    project that has some relationship
  • Not Synced
    with Debian, and more soon.
  • Not Synced
    First of all, maybe a surprise to some
    of you,
  • Not Synced
    our civilization is heavily running on Linux
    and you may now think about
  • Not Synced
    this kind of devices where some kind of
    Linux inside,
  • Not Synced
    or you may think of the cloud servers
    running Linux inside.
  • Not Synced
    But actually, this is about devices closer
    to us.
  • Not Synced
    In all our infrastructure,
  • Not Synced
    there are control systems, there are
    management systems included
  • Not Synced
    and many many of them run Linux inside.
  • Not Synced
    Maybe if you are traveling with Deutsche
    Bahn to this event these days,
  • Not Synced
    there was some Linux system on the train
    as well,
  • Not Synced
    as they were on the ???,
    so on the control side.
  • Not Synced
    Energy generation.
  • Not Synced
    Power plants, they are also run with Linux
  • Not Synced
    in very interesting ways, in positive ways
  • Not Synced
    Industry automation, the factories, they
    have control systems inside
  • Not Synced
    and quite a few are running Linux inside.
  • Not Synced
    And also other systems like health care,
    diagnostic systems.
  • Not Synced
    These big balls up there, they're magnetic
    resonance imaging systems,
  • Not Synced
    they're running on Linux for over
    a decade now.
  • Not Synced
    Building automation, not at home but in
    the professional building area.
  • Not Synced
    Actually, as I said, the train systems are
    going to be more on Debian soon.
  • Not Synced
    We have Debian for quite a while in
    power generation.
  • Not Synced
    "We", in this case, Siemens.
  • Not Synced
    We have the box underneath,
    on the third row,
  • Not Synced
    the industrial switch there is running
    Debian.
  • Not Synced
    And the health care device is still
    on Ubuntu, but soon will be Debian as well.
  • Not Synced
    Just to give some examples.
  • Not Synced
    These are the areas where we, as a group,
    and we, as Siemens, are active.
  • Not Synced
    But there are some problems with this.
  • Not Synced
    Just take an example from a railway
    system.
  • Not Synced
    Usually, this kind of devices installation,
    they have a lifetime
  • Not Synced
    of 25, 30 years.
  • Not Synced
    It used to be quite simple with these
    old devices,
  • Not Synced
    simple in the sense that it was mechanic,
    it was pretty robust
  • Not Synced
    I was once told that one of these locking
    systems,
  • Not Synced
    they were basically left in a box out there
    for 50 years and no one entered the ???
  • Not Synced
    No one touched the whole thing for 50 years
  • Not Synced
    These times are a little bit over.
  • Not Synced
    Nowadays, we have more electronic systems
    in these systems
  • Not Synced
    and they contain of course software.
  • Not Synced
    What does it mean?
  • Not Synced
    Just to give you an idea, how this kind
    of development looks like in this domain.
  • Not Synced
    So ???
  • Not Synced
    development takes quite a long time
    until the product is ready,
  • Not Synced
    3 to 5 years.
  • Not Synced
    Then, in the railway domain, it's mostly
    about customizing the systems
  • Not Synced
    for specific installations of the railway
    systems,
  • Not Synced
    not only in Europe, they are kind of messy
    regarding the differences.
  • Not Synced
    So you have specific requirements of the
    customer, the railway operators
  • Not Synced
    to adjust these systems for their needs.
  • Not Synced
    And you see by then,
  • Not Synced
    after 5 years already, a Debian version
    would be out of maintenance and
  • Not Synced
    if you add an other year, you can start
    over again.
  • Not Synced
    So, in the development time, you may
    change still the system
  • Not Synced
    but later on, it's getting hard to change
    the system ???
  • Not Synced
    because then the interesting parts start
    in this domain, not only in this domain,
  • Not Synced
    that's safety and security assessment and
    approval for these systems.
  • Not Synced
    And that also takes time.
  • Not Synced
    For example, in Germany, you go for the
    Eisenbahn ???
  • Not Synced
    and you ask to get a permission to run
    that train on the track
  • Not Synced
    and if they say "Mmh, not happy with it",
    you do it over again
  • Not Synced
    and it takes time
  • Not Synced
    and if you change something in the
    system, it becomes interesting
  • Not Synced
    because some of these certification
    aspects become invalid,
  • Not Synced
    you have to redo it.
  • Not Synced
    And then of course, these trains on
    the installation,
  • Not Synced
    the have a long life as I mentioned
    before.
  • Not Synced
    So how do you deal with this in
    an electronic device and
  • Not Synced
    in software-driven devices over
    this long phase?
  • Not Synced
    That's our challenge
  • Not Synced
    and just one example and there are
    more in this area.
  • Not Synced
    At the same time, what we see now is
    these fancy buzzwords
  • Not Synced
    from cloud business entering
    our conservative, slowly moving domain.
  • Not Synced
    We talk about IoT, industrial IoT, so
    connected devices.
  • Not Synced
    We talk about edge computing, it means
    getting the power of the cloud
  • Not Synced
    to the device in the field, closer to
    where the real things happen.
  • Not Synced
    So, networking becomes a topic.
  • Not Synced
    In the past, you basically built a system,
    you locked it up physically
  • Not Synced
    you never touched it again, except
    the customer complains that
  • Not Synced
    there were some bug inside.
  • Not Synced
    These days, the customer asks us to
    do a frequent update.
  • Not Synced
    And actually the customers ???
    ask for this.
  • Not Synced
    So you have to have some security
    maintenance concept in this
  • Not Synced
    which means regular updates, regular fixes
  • Not Synced
    and that is of course ???
    for this kind of doing the way you have
  • Not Synced
    slow running and long running
    support cycles.
  • Not Synced
    To summarize, there's a very long time
    we have to maintain our devices in the field
  • Not Synced
    and so far, this was mostly done
    individually.
  • Not Synced
    So each company, and sometimes quite
    frequently also inside the company,
  • Not Synced
    each product group, development ???
    did it individually.
  • Not Synced
    So everyone was having their own kernel,
    everyone was having their own base system,
  • Not Synced
    it was easy to build up so it should be
    easy to maintain.
  • Not Synced
    Of course it's not.
  • Not Synced
    This was one thing, one important thing.
  • Not Synced
    And then, of course, we not always are
    completely happy
  • Not Synced
    with what the free software gives us.
  • Not Synced
    There are some needs to make things
    more robust,
  • Not Synced
    to make things more secure, reliable.
  • Not Synced
    So we have to work with these components
    and improve them, mostly upstream,
  • Not Synced
    and that, of course, is not a challenge
    we have to address in this area.
  • Not Synced
    And catch up with a trend coming in from
    the service space on the cloud space.
  • Not Synced
    So with this challenge…
  • Not Synced
    it was the point where we, in this case,
    a number of big users of
  • Not Synced
    industrial open source systems,
  • Not Synced
    came together and created a new
    collaborative project.
  • Not Synced
    That's what you do in the open source
    area.
  • Not Synced
    This project is called Civil Infrastructure
    Platform.
  • Not Synced
    It's under the umbrella of the Linux
    Foundation,
  • Not Synced
    there are many projects of the Linux
    Foundation you may have seen,
  • Not Synced
    but most of them are more in the area
    of cloud computing
  • Not Synced
    or in the area of media.
  • Not Synced
    Automotive computing, this one is actually
    even more conservative than the other ones
  • Not Synced
    and it's also comparably small.
  • Not Synced
    Our goal is to build this open source
    base layer for these application scenarios
  • Not Synced
    based on free software, based on Linux.
  • Not Synced
    We started two years ago.
  • Not Synced
    That's basically our structure, to give
    you an idea.
  • Not Synced
    Member companies, the 3 on the top are
    founding platinum companies,
  • Not Synced
    Hitachi, Toshiba and Siemens.
  • Not Synced
    We have Codethink and Plat'Home
    on board,
  • Not Synced
    we had them on board for the first time
    as well.
  • Not Synced
    Renesas joined us and just recently also
    Moxa.
  • Not Synced
    So if you compare this with other
    collaborative projects,
  • Not Synced
    it's a pretty small one, comparatively
    small one,
  • Not Synced
    so our budget is also limited.
  • Not Synced
    It's still decent enough, but, well,
    we are growing.
  • Not Synced
    And based on this budget, we have
    some developers being paid,
  • Not Synced
    Ben is paid this way, you will see
    later on why.
  • Not Synced
    And we have people working from
    the companies in the communities
  • Not Synced
    and we are ramping up on working with
    communities
  • Not Synced
    to improve the base layers for our needs.
  • Not Synced
    Everything is open source, we have
    a GitLab repo as well and
  • Not Synced
    you can look up there what's going on there.
  • Not Synced
    So, the main areas of activities where
    we are working on right now.
  • Not Synced
    4 areas.
  • Not Synced
    Kernel maintenance,
  • Not Synced
    we started with declaring one kernel as
    the CIP kernel to have
  • Not Synced
    an extended support phase for this kernel
    of 10 years.
  • Not Synced
    This is what we're aiming for, which is
    feasible already
  • Not Synced
    for some enterprise distros
    in a specific area
  • Not Synced
    but here we are talking about an industrial
    area, an embedded area
  • Not Synced
    so there is some challenge.
  • Not Synced
    I'm saying 10 years, there's sometimes
    written 15 years,
  • Not Synced
    we will see after 10 years if we follow
    on to this.
  • Not Synced
    Along with this, of course, comes the need
    for real time support.
  • Not Synced
    Currently, it's a separated branch, but
    it's going to be integrated eventually
  • Not Synced
    to have the PREEMPT_RT branch
    ??? doing this.
  • Not Synced
    As I mentioned before, Ben is currently
    our 4.4 CIP kernel maintainer.
  • Not Synced
    This is the core, basically where we
    started activities.
  • Not Synced
    We continued in extending this on
    test infrastructure,
  • Not Synced
    so we invested a bit in improving on
    ??? infrastructure,
  • Not Synced
    we are now ramping up an internal
    ??? just to enable
  • Not Synced
    the kernel testing of course.
  • Not Synced
    And then, that's actually what I'd like
    to talk about today a bit more,
  • Not Synced
    there's a CIP core.
  • Not Synced
    The kernel alone doesn't make a system,
    you need a user space,
  • Not Synced
    you need a user land and that's basically
    where we are now focusing on,
  • Not Synced
    ramping up.
  • Not Synced
    Our activity is to define this CIP core,
    means a base system,
  • Not Synced
    user space base system which you want
    to maintain as long as the kernel,
  • Not Synced
    so an other 10 years thing.
  • Not Synced
    Our group had a couple of members which
    were already familiar with Debian before.
  • Not Synced
    So it was pretty easy for that group
    to decide on
  • Not Synced
    choosing Debian as the base source
    for our core, CIP core package.
  • Not Synced
    So, why was Debian chosen?
  • Not Synced
    Well, it has an outstanding maturity and
    a focus on stability,
  • Not Synced
    so we are pretty much aligned regarding
    how conservative we see certain things
  • Not Synced
    which is a positive thing for us.
  • Not Synced
    It has very professional security properties
    but we also rely on heavily.
  • Not Synced
    And also another interesting aspect for us
    is the license hygiene that you are after
  • Not Synced
    to ensure that there is only free software
    in these packages
  • Not Synced
    and that is properly documented.
  • Not Synced
    We, when we are using and redistributing
    software,
  • Not Synced
    in contrast to, for example, the service space
  • Not Synced
    when you don't usually redistribute things,
  • Not Synced
    we are redistributing devices, so we are
    redistributing software,
  • Not Synced
    we have to take care of the licenses
    that we are redistributing
  • Not Synced
    and that we are compliant with all these
    licenses included.
  • Not Synced
    So it's very important for us that this is
    a consistent picture we get from the package.
  • Not Synced
    Someone looked at this already, we are still
    looking ourselves on this
  • Not Synced
    but that's a very important thing.
  • Not Synced
    With these characters, we chose Debian
    as the base system.
  • Not Synced
    So, what does it mean right now?
  • Not Synced
    We are currently in the process to select
    the core packages from the Debian packages
  • Not Synced
    There is still a little bit of ???
    obviously.
  • Not Synced
    So we are already working with Debian on
    certain long term support aspects
  • Not Synced
    Just to mention 2 activities,
  • Not Synced
    we were sponsoring already the staging
    repo for security master.
  • Not Synced
    Actually I'm ??? aware of the current
    state of the project
  • Not Synced
    but we got the feedback that it's
    apparently a valuable thing for LTS activity
  • Not Synced
    We just joined LTS platinum sponsoring
    and we are now involved in discussion
  • Not Synced
    for this extended LTS activity,
  • Not Synced
    so anything beyond 5 years
  • Not Synced
    and in the end, that's what we committed
    to our users.
  • Not Synced
    We want to ensure that for the base system
    the 10 years is reached.
  • Not Synced
    Of course, ideally, in the community,
    not only based on our personal activities
  • Not Synced
    but in the end, we have to fill the gap
  • Not Synced
    and that's basically our commitment
    on this.
Title:
Getting (more) Debian into our civil infrastructure
Description:

Talk given by Jan Kiszka at Minidebconf Hamburg 2018
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-20/civil_infrastructure.webm
more » « less
Video Language:
English
Team:
Debconf
Project:
2018_mini-debconf-hamburg
Duration:
35:02

English subtitles

Incomplete

Revisions Compare revisions

Our website uses cookies for analysis purposes.