Getting (more) Debian into our civil infrastructure

Not Synced

Welcome back, the next talk will be
Jan Kiszka
Not Synced

on Getting more Debian into our
civil infrastructure.
Not Synced

Thank you Michael.
Not Synced

So my name is Jan Kiszka,
Not Synced

you may not know me, I'm not a Debian
Developer, not a Debian Maintainer.
Not Synced

I'm just an upstream hacker.
Not Synced

I'm working for Siemens
Not Synced

and part of the Linux team there
for now 10 years actually,
Not Synced

more than 10 years.
Not Synced

We are supporting our business units
in getting Linux into the products successfully
Not Synced

for that long time, even longer actually.
Not Synced

Today, I'm representing a collaborative
project that has some relationship
Not Synced

with Debian, and more soon.
Not Synced

First of all, maybe a surprise to some
of you,
Not Synced

our civilization is heavily running on Linux
and you may now think about
Not Synced

this kind of devices where some kind of
Linux inside,
Not Synced

or you may think of the cloud servers
running Linux inside.
Not Synced

But actually, this is about devices closer
to us.
Not Synced

In all our infrastructure,
Not Synced

there are control systems, there are
management systems included
Not Synced

and many many of them run Linux inside.
Not Synced

Maybe if you are traveling with Deutsche
Bahn to this event these days,
Not Synced

there was some Linux system on the train
as well,
Not Synced

as they were on the ???,
so on the control side.
Not Synced

Energy generation.
Not Synced

Power plants, they are also run with Linux
Not Synced

in very interesting ways, in positive ways
Not Synced

Industry automation, the factories, they
have control systems inside
Not Synced

and quite a few are running Linux inside.
Not Synced

And also other systems like health care,
diagnostic systems.
Not Synced

These big balls up there, they're magnetic
resonance imaging systems,
Not Synced

they're running on Linux for over
a decade now.
Not Synced

Building automation, not at home but in
the professional building area.
Not Synced

Actually, as I said, the train systems are
going to be more on Debian soon.
Not Synced

We have Debian for quite a while in
power generation.
Not Synced

"We", in this case, Siemens.
Not Synced

We have the box underneath,
on the third row,
Not Synced

the industrial switch there is running
Debian.
Not Synced

And the health care device is still
on Ubuntu, but soon will be Debian as well.
Not Synced

Just to give some examples.
Not Synced

These are the areas where we, as a group,
and we, as Siemens, are active.
Not Synced

But there are some problems with this.
Not Synced

Just take an example from a railway
system.
Not Synced

Usually, this kind of devices installation,
they have a lifetime
Not Synced

of 25, 30 years.
Not Synced

It used to be quite simple with these
old devices,
Not Synced

simple in the sense that it was mechanic,
it was pretty robust
Not Synced

I was once told that one of these locking
systems,
Not Synced

they were basically left in a box out there
for 50 years and no one entered the ???
Not Synced

No one touched the whole thing for 50 years
Not Synced

These times are a little bit over.
Not Synced

Nowadays, we have more electronic systems
in these systems
Not Synced

and they contain of course software.
Not Synced

What does it mean?
Not Synced

Just to give you an idea, how this kind
of development looks like in this domain.
Not Synced

So ???
Not Synced

development takes quite a long time
until the product is ready,
Not Synced

3 to 5 years.
Not Synced

Then, in the railway domain, it's mostly
about customizing the systems
Not Synced

for specific installations of the railway
systems,
Not Synced

not only in Europe, they are kind of messy
regarding the differences.
Not Synced

So you have specific requirements of the
customer, the railway operators
Not Synced

to adjust these systems for their needs.
Not Synced

And you see by then,
Not Synced

after 5 years already, a Debian version
would be out of maintenance and
Not Synced

if you add an other year, you can start
over again.
Not Synced

So, in the development time, you may
change still the system
Not Synced

but later on, it's getting hard to change
the system ???
Not Synced

because then the interesting parts start
in this domain, not only in this domain,
Not Synced

that's safety and security assessment and
approval for these systems.
Not Synced

And that also takes time.
Not Synced

For example, in Germany, you go for the
Eisenbahn ???
Not Synced

and you ask to get a permission to run
that train on the track
Not Synced

and if they say "Mmh, not happy with it",
you do it over again
Not Synced

and it takes time
Not Synced

and if you change something in the
system, it becomes interesting
Not Synced

because some of these certification
aspects become invalid,
Not Synced

you have to redo it.
Not Synced

And then of course, these trains on
the installation,
Not Synced

the have a long life as I mentioned
before.
Not Synced

So how do you deal with this in
an electronic device and
Not Synced

in software-driven devices over
this long phase?
Not Synced

That's our challenge
Not Synced

and just one example and there are
more in this area.
Not Synced

At the same time, what we see now is
these fancy buzzwords
Not Synced

from cloud business entering
our conservative, slowly moving domain.
Not Synced

We talk about IoT, industrial IoT, so
connected devices.
Not Synced

We talk about edge computing, it means
getting the power of the cloud
Not Synced

to the device in the field, closer to
where the real things happen.
Not Synced

So, networking becomes a topic.
Not Synced

In the past, you basically built a system,
you locked it up physically
Not Synced

you never touched it again, except
the customer complains that
Not Synced

there were some bug inside.
Not Synced

These days, the customer asks us to
do a frequent update.
Not Synced

And actually the customers ???
ask for this.
Not Synced

So you have to have some security
maintenance concept in this
Not Synced

which means regular updates, regular fixes
Not Synced

and that is of course ???
for this kind of doing the way you have
Not Synced

slow running and long running
support cycles.
Not Synced

To summarize, there's a very long time
we have to maintain our devices in the field
Not Synced

and so far, this was mostly done
individually.
Not Synced

So each company, and sometimes quite
frequently also inside the company,
Not Synced

each product group, development ???
did it individually.
Not Synced

So everyone was having their own kernel,
everyone was having their own base system,
Not Synced

it was easy to build up so it should be
easy to maintain.
Not Synced

Of course it's not.
Not Synced

This was one thing, one important thing.
Not Synced

And then, of course, we not always are
completely happy
Not Synced

with what the free software gives us.
Not Synced

There are some needs to make things
more robust,
Not Synced

to make things more secure, reliable.
Not Synced

So we have to work with these components
and improve them, mostly upstream,
Not Synced

and that, of course, is not a challenge
we have to address in this area.
Not Synced

And catch up with a trend coming in from
the service space on the cloud space.
Not Synced

So with this challenge…
Not Synced

it was the point where we, in this case,
a number of big users of
Not Synced

industrial open source systems,
Not Synced

came together and created a new
collaborative project.
Not Synced

That's what you do in the open source
area.
Not Synced

This project is called Civil Infrastructure
Platform.
Not Synced

It's under the umbrella of the Linux
Foundation,
Not Synced

there are many projects of the Linux
Foundation you may have seen,
Not Synced

but most of them are more in the area
of cloud computing
Not Synced

or in the area of media.
Not Synced

Automotive computing, this one is actually
even more conservative than the other ones
Not Synced

and it's also comparably small.
Not Synced

Our goal is to build this open source
base layer for these application scenarios
Not Synced

based on free software, based on Linux.
Not Synced

We started two years ago.
Not Synced

That's basically our structure, to give
you an idea.
Not Synced

Member companies, the 3 on the top are
founding platinum companies,
Not Synced

Hitachi, Toshiba and Siemens.
Not Synced

We have Codethink and Plat'Home
on board,
Not Synced

we had them on board for the first time
as well.
Not Synced

Renesas joined us and just recently also
Moxa.
Not Synced

So if you compare this with other
collaborative projects,
Not Synced

it's a pretty small one, comparatively
small one,
Not Synced

so our budget is also limited.
Not Synced

It's still decent enough, but, well,
we are growing.
Not Synced

And based on this budget, we have
some developers being paid,
Not Synced

Ben is paid this way, you will see
later on why.
Not Synced

And we have people working from
the companies in the communities
Not Synced

and we are ramping up on working with
communities
Not Synced

to improve the base layers for our needs.
Not Synced

Everything is open source, we have
a GitLab repo as well and
Not Synced

you can look up there what's going on there.
Not Synced

So, the main areas of activities where
we are working on right now.
Not Synced

4 areas.
Not Synced

Kernel maintenance,
Not Synced

we started with declaring one kernel as
the CIP kernel to have
Not Synced

an extended support phase for this kernel
of 10 years.
Not Synced

This is what we're aiming for, which is
feasible already
Not Synced

for some enterprise distros
in a specific area
Not Synced

but here we are talking about an industrial
area, an embedded area
Not Synced

so there is some challenge.
Not Synced

I'm saying 10 years, there's sometimes
written 15 years,
Not Synced

we will see after 10 years if we follow
on to this.
Not Synced

Along with this, of course, comes the need
for real time support.
Not Synced

Currently, it's a separated branch, but
it's going to be integrated eventually
Not Synced

to have the PREEMPT_RT branch
??? doing this.
Not Synced

As I mentioned before, Ben is currently
our 4.4 CIP kernel maintainer.
Not Synced

This is the core, basically where we
started activities.
Not Synced

We continued in extending this on
test infrastructure,
Not Synced

so we invested a bit in improving on
??? infrastructure,
Not Synced

we are now ramping up an internal
??? just to enable
Not Synced

the kernel testing of course.
Not Synced

And then, that's actually what I'd like
to talk about today a bit more,
Not Synced

there's a CIP core.
Not Synced

The kernel alone doesn't make a system,
you need a user space,
Not Synced

you need a user land and that's basically
where we are now focusing on,
Not Synced

ramping up.
Not Synced

Our activity is to define this CIP core,
means a base system,
Not Synced

user space base system which you want
to maintain as long as the kernel,
Not Synced

so an other 10 years thing.
Not Synced

Our group had a couple of members which
were already familiar with Debian before.
Not Synced

So it was pretty easy for that group
to decide on
Not Synced

choosing Debian as the base source
for our core, CIP core package.
Not Synced

So, why was Debian chosen?
Not Synced

Well, it has an outstanding maturity and
a focus on stability,
Not Synced

so we are pretty much aligned regarding
how conservative we see certain things
Not Synced

which is a positive thing for us.
Not Synced

It has very professional security properties
but we also rely on heavily.
Not Synced

And also another interesting aspect for us
is the license hygiene that you are after
Not Synced

to ensure that there is only free software
in these packages
Not Synced

and that is properly documented.
Not Synced

We, when we are using and redistributing
software,
Not Synced

in contrast to, for example, the service space
Not Synced

when you don't usually redistribute things,
Not Synced

we are redistributing devices, so we are
redistributing software,
Not Synced

we have to take care of the licenses
that we are redistributing
Not Synced

and that we are compliant with all these
licenses included.
Not Synced

So it's very important for us that this is
a consistent picture we get from the package.
Not Synced

Someone looked at this already, we are still
looking ourselves on this
Not Synced

but that's a very important thing.
Not Synced

With these characters, we chose Debian
as the base system.
Not Synced

So, what does it mean right now?
Not Synced

We are currently in the process to select
the core packages from the Debian packages
Not Synced

There is still a little bit of ???
obviously.
Not Synced

So we are already working with Debian on
certain long term support aspects
Not Synced

Just to mention 2 activities,
Not Synced

we were sponsoring already the staging
repo for security master.
Not Synced

Actually I'm ??? aware of the current
state of the project
Not Synced

but we got the feedback that it's
apparently a valuable thing for LTS activity
Not Synced

We just joined LTS platinum sponsoring
and we are now involved in discussion
Not Synced

for this extended LTS activity,
Not Synced

so anything beyond 5 years
Not Synced

and in the end, that's what we committed
to our users.
Not Synced

We want to ensure that for the base system
the 10 years is reached.
Not Synced

Of course, ideally, in the community,
not only based on our personal activities
Not Synced

but in the end, we have to fill the gap
Not Synced

and that's basically our commitment
on this.
Not Synced

Don't take literally what is written here.
Not Synced

This is basically to reflect the package set
we are discussing
Not Synced

and there are some 30 to 300 packages
on the discussion, so to say right now
Not Synced

We're condensing basically all the input
from our users, from our members,
Not Synced

what they are using already
Not Synced

and there is a difference we will later
on where this comes from
Not Synced

in the amount of packages, if the way
they're using.
Not Synced

So, the kernel currently is not part of
the Debian thing we import,
Not Synced

although some of our users would directly
use a Debian kernel
Not Synced

but as I said, when there's a need for
additional activities and
Not Synced

that's why CIP Core comes in
Not Synced

but then we have a set of base packages
Not Synced

and then of course, we also have to have
a certain set of packages that we need to keep
Not Synced

in a usable way to ensure reproducibility
of this base set.
Not Synced

Because if we want to fix something
after 9 years in the field
Not Synced

on a base system produced in the past,
Not Synced

we have to ensure if we can come up
with the same result
Not Synced

plus the delta.
Not Synced

So there are different ways how to build
a system
Not Synced

and compared to the classic installation
Not Synced

you may know from a desktop or a server
you're not installing,
Not Synced

we are prebuilding images and then deploy
these images on the devices
Not Synced

either in the factory or out there
in the field.
Not Synced

So the challenge for us is, if we have
this package list,
Not Synced

how to get to the device image.
Not Synced

So just to give you a brief idea, of course
there is some input
Not Synced

from the CIP kernel in source form
Not Synced

then we are using ???
prebuilt binary packages from Debian
Not Synced

and/or source package, the source feed
from Debian,
Not Synced

the upstream source but the Debian patches
as input feeds
Not Synced

and that comes bound to a minimum
base system to be generated
Not Synced

and we are currently working on this.
Not Synced

There is no defined way of producing
this image within CIP at this point,
Not Synced

we are basically following two paths.
Not Synced

One of them is the path which is dominated
by the idea
Not Synced

"Ok, we have to ensure we, in this case
the ??? environments
Not Synced

have to ensure to reproduce the image
ourself, the binaries ourself"
Not Synced

so we take the maintain sources from
the Debian community
Not Synced

but we rebuilt and then generate a new
binary ??? out of this.
Not Synced

That's one way and that's an activity
which you have heard about,
Not Synced

meta-debian project prominently driven
by Toshiba,
Not Synced

which uses the ???
way of producing a base system
Not Synced

but out of Debian sources so that you have
a maintained source input feed
Not Synced

for this production.
Not Synced

That's one path.
Not Synced

The other path is using predominantly
binary packages
Not Synced

and personally and specific also at Siemens
we are more following this path here.
Not Synced

So there is for example the ISAR project,
Not Synced

??? is one of their developers here
as well
Not Synced

We are working on this path, it means that
95 or 99% of your image consists originally
Not Synced

of binaries, Debian binaries as they are
shipped, as they are released
Not Synced

and then there is often the need to modify
a little bit,
Not Synced

it might be the kernel, it might be
the bootloader,
Not Synced

it might be a special patched package
for whatever reason,
Not Synced

hopefully good ones.
Not Synced

You have an infrastructure to assemble
the binary images and
Not Synced

to produce the source packages
on demand
Not Synced

and install that into an image that you
then can flash on the device.
Not Synced

That's the second path we are following,
as I said,
Not Synced

that's just to describe the workflows,
the technology behind it is
Not Synced

not yet standardized in the CIP.
Not Synced

For us at Siemens, currently,
???
Not Synced

it's also ??? based
Not Synced

yocto-like production,
Not Synced

but based on the Debian binaries
producing a ready-to-install device image.
Not Synced

We look at the situation.
Not Synced

So what is Debian providing?
Not Synced

Well, a large set of packages, a nice
level of support, 3 + 2 years LTS mostly.
Not Synced

That's already great, I mean there's
everything available,
Not Synced

almost everything in the world of
Free Software, we can get via Debian.
Not Synced

The build, it supports native build.
Not Synced

That's also an advantage, because finding
after 10 years, 15 years with cross build…
Not Synced

There's always a problem with
cross building, even a little bit.
Not Synced

So this is a good strategy to go, although
you're also working on cross build
Not Synced

that may be interesting for certain
scenarios as well for us
Not Synced

and we're all discussing this these days,
Not Synced

reproducible builds is also very important
for us
Not Synced

because we also have to prove that
the delta is really only on the delta
Not Synced

that has to be changed and not anything
else and
Not Synced

we have to rebuild something for
whatever reason,
Not Synced

we don't want to produce a completely
different image in the end.
Not Synced

So it's a very important topic.
Not Synced

I mentioned already before the license
compliance topics.
Not Synced

I'm not really deep expert on all the
licensing thing,
Not Synced

except when I have to be because some
customer asks us internally
Not Synced

how to be compliant and how to solve
certain compliance findings.
Not Synced

A colleague of mine, ??? example
who's maintaining the fossology project
Not Synced

is way more in this because we have also
our infrastructure
Not Synced

to ensure license compliance and identify
packages, ???
Not Synced

and the idea, as far as I heard, is to
combine these kinds of activity
Not Synced

so that Debian can also use the information
that this kind of scanners produce
Not Synced

like spdx formats and build it into
the Debian 5 next generations.
Not Synced

In turn, we can extract this information
and ensure that they are still valid
Not Synced

when we take a package.
Not Synced

So there's a lot of activity already
in this area
Not Synced

and of course testing, not to mention.
Not Synced

So, what we need to require here,
as I said.
Not Synced

One thing is we will need a longer support
phase.
Not Synced

The number of packages fortunately is
much lower.
Not Synced

As I said, something like 200 at most is
what we're currently heading for
Not Synced

for most of our devices.
Not Synced

We have the need to both build natively and
cross build predominantly
Not Synced

in the development phase,
Not Synced

but there might also cases where it might
be useful for a product image
Not Synced

but predominantly it's for development
phase, you want to
Not Synced

??? when you are building on on x64 ARM
for example.
Not Synced

The binary source packages should be
managed and reproducible.
Not Synced

The license compliance already
mentioned.
Not Synced

And the testing activity is also something
that we want to improve on further.
Not Synced

So, where we see the collaboration.
Not Synced

Already mentioned long term maintenance
for packages,
Not Synced

that's definitely an area where we are
reaching out and we are in discussion.
Not Synced

Contributing to Debian cross, there's
activities going on this area.
Not Synced

Reproducible builds, we had some
discussion, Holger and Chris, these days
Not Synced

where we could possibly support you
on this.
Not Synced

It's not our topmost priority at
this point but it's obvious that
Not Synced

it will become in the future.
Not Synced

Also, a way possibly interesting for you,
Not Synced

I think there is a good chance that
these activities also open up
Not Synced

more adoption in the ???
of Debian.
Not Synced

Because we are also discussing this kind
of things with our suppliers,
Not Synced

means the silicon vendors, pushing them
to be more upstream
Not Synced

in order to have it easier for us to
integrate their work in our systems
Not Synced

and eventually, also enabling them to
use the same mechanism that we are using
Not Synced

for building our images to build there
our customer SDKs
Not Synced

or however they call them
Not Synced

and that can create a large ecosystem.
Not Synced

We have been discussing already with
some of these vendors
Not Synced

and some are actually interested
in Debian as well as a default image
Not Synced

to replace those not so successful
source build approaches
Not Synced

that are out there in the field
eventually with something more easy to use
Not Synced

An other area I really like to see that
we have collaboration on
Not Synced

is regarding the license result.
Not Synced

We, at Siemens, currently are running
through with this subset package
Not Synced

that fossology run
Not Synced

and I would like to see the result of
this run, comparing it to what
Not Synced

Debian is currently reporting in the
metadata
Not Synced

if there are any gaps, anything that our
experts say
Not Synced

"Ok, you should document it more that way"
or "There is something missing"
Not Synced

and of course report these issues upstream
Not Synced

because eventually, I don't want to rescan
every single security update package
Not Synced

internally again if you did already.
Not Synced

That should just run through and
we should have the trust that
Not Synced

this information is accurate and we can
rely on that.
Not Synced

That's the vision behind it.
Not Synced

Test cases would be also an area where
we see a chance to contribute something.
Not Synced

Further things we are discussing might be
not that interesting for Debian,
Not Synced

but it's interesting in general.
Not Synced

Functional safety activities, you'd be
surprised how many people are asking for
Not Synced

functional safe Linux these days,
Not Synced

may it be for automotive, but also for
industrial purposes.
Not Synced

Worth mentioning, actually, is the
security standard this way.
Not Synced

So even if you're not involved in all
this IEC whatever stuff,
Not Synced

it's interesting because this is pushing
us, in industry,
Not Synced

to do things like update strategies
even more consistently
Not Synced

and ensure that the image that we ship
is integer,
Not Synced

so that it's really the original image.
Not Synced

Up to the questions of how to secure
the boot
Not Synced

and how to secure the system is running.
Not Synced

That helps us to argue internally and
externally for consolidation
Not Synced

and that helps us currently to push
a lot of these users
Not Synced

towards Debian solutions.
Not Synced

One of our units did once a survey,
recently actually,
Not Synced

about how many Linux systems they have
there, and they counted 99 balloons
Not Synced

erm, Linux systems, actually
Not Synced

and of course you can imagine
it's pretty hard to maintain 99 variants
Not Synced

in the field out there.
Not Synced

So they are one of the most prominent
drivers inside our company
Not Synced

to consolidate the systems and we are
currently consolidating over Debian.
Not Synced

Not everything, but most of it.
Not Synced

And then there is this doomsday date
as well,
Not Synced

which is an increasing concern because
you can imagine that
Not Synced

if you are building a device today, maybe
it's out of business in 10 years,
Not Synced

Ok you're lucky, maybe it's still running
in 20 years and it's not yet ready for 2038
Not Synced

and then we have a problem.
Not Synced

That's things ??? going on currently
already,
Not Synced

so one ??? for example is sponsoring
activities in glibc to prove the topic
Not Synced

and as a consortium, the CIP group be also
looking into this,
Not Synced

we would not jump in on things but
??? happening
Not Synced

but if there are gaps up there, then we will
possibly jump in here as well.
Not Synced

So, to summarize.
Not Synced

Title:: Getting (more) Debian into our civil infrastructure
Description:: Talk given by Jan Kiszka at Minidebconf Hamburg 2018
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-20/civil_infrastructure.webm

more » « less
Video Language:: English
Team:: Debconf
Project:: 2018_mini-debconf-hamburg
Duration:: 35:02

	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure
	tvincent edited English subtitles for Getting (more) Debian into our civil infrastructure

Show all

English subtitles

Incomplete

Revisions Compare revisions

Revision 10 Edited

tvincent
Revision 9 Edited

tvincent
Revision 8 Edited

tvincent
Revision 7 Edited

tvincent
Revision 6 Edited

tvincent
Revision 5 Edited

tvincent
Revision 4 Edited

tvincent
Revision 3 Edited

tvincent
Revision 2 Edited

tvincent
Revision 1 Edited

tvincent

	Revision Number	Author	Created
	10	tvincent
	9	tvincent
	8	tvincent
	7	tvincent
	6	tvincent
	5	tvincent
	4	tvincent
	3	tvincent
	2	tvincent
	1	tvincent

Getting (more) Debian into our civil infrastructure

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)