 Hello everyone, welcome to this talk called what's federal IOT. My name is Jose Noguera I'm a software engineer in ref that and thank you very much for your time on this talk So a little bit of context about who am I? I'm Spanish as you can tell from my accent. I've been working in In red hat for almost three months now and I've lived in Spain. I believe in Austria where I did my Rasmus I lived in Dublin for for a couple of years and now I'm living in London I love traveling I wanted to be able to do again But I'm waiting, you know for for everything to be safer that is now I consider myself a jack of all trades and a master of maybe one or two I was you could say a generalist I'd like to know a little bit of everything and then Specialize a little bit on some stuff. I'm a very very curious person And I'm always learning and I am the new maternity of Greenwood Which is something I support that we are going to talk about in this talk So what are we going to talk about in this talk? It's we are gonna cover a little bit of context on what's IOT and what edge computing We're gonna talk of course About if you're IOT we're gonna do a little overview in the beginning Then we are gonna speak about live Austria and RPM Austria their features and peculiarities We are gonna speak about Greenwood as well About Cezare, which is the provision platform and finally we're gonna speak a little bit just one minute About run for edge and yes, that's not the Greenwood logo We don't have any logo yet So if you are willing to contribute, please do because I think it could be pretty pretty cool to have a Logo and see actually thinking I have a couple of mine So we'll see we'll see but anyway any contributing will be very much appreciated. So Internet of Things, what is it here? You can find a quicky video definition, but In plain words, it's basically Anything that it's not a computer and it's able to gather information and send information to a to a remote location or a server And it's connected to the internet That's could be a very very mundane Definition by definition that I could say to my to my mother and to my grandma It could include cars, fridges, air conditioners, speakers, TVs and basically anything called smart You know, if it's a smart bulb, it's you can say that it's a part of this Internet of Things Network and Regarding edge computing, Red Hat defines it as The computing that takes place at or near the physical application of the user or the source of the data The most clear example for me is an autonomous vehicle It wouldn't make sense that the sensors in the vehicle send the data They are gathering to a remote server in order to decide whether the object in front of them is a stop sign or not It just would take too much time and could lead to catastrophic consequences like the car crashing or the car running over a pedestrian What makes sense is that this decision of whether this object is a stop sign or not Is done in the computer inside the car closest to the source of data And this is edge computing and in case you don't get it, the picture is they've hauled events They you to guitarist and best known as the edge and yes, and you can see he is computing I know presentations and puns are not really my thing Now for a quick overview on Fedora IoT and it's defined as a foundation for Internet of Things and device ecosystems their main features are continuous applications security in mind Multiple architecture support web-based provisioning and this is Cicero Bruton that we are going to talk about later on and reliable operating system and Regarding this last matter is what we are going to dive in today in this talk LiveOS 3 formerly known as OS 3 and actually OS 3 is still very present in the in the LiveOS 3 documentation But I guess that in the future The name of live OS 3 will gain more weight on this. So what it is? This is a No spoiler alert. This is a rather intense slide. Let me sum this up for you The key points here are that live OS 3 is an upgrade system that perform Atomic upgrades of complete file system trees What does this mean and how does this help us? Well these help us by giving us a chance of rolling back to previous state of the entire file system tree Making it possible to quickly revert errors in configurations for example And I really like the summary of git for operating system binaries I think it's a very very good definition as the deployments are defined by commit hashes You can actually check out to two branches or refs in the variety jargon and perform commit actions So if you're familiar with git concepts, you'll be familiar with live OS 3 concepts in no time On top of the previous features live OS 3 also brings in bootloader configuration management of slash See as we'll see in the following slides and some other functions that make this library ideal for IoT devices A power street Can be used alone But adding a package manager on top of it is killer combination that will allow us Create a hybrid tree package system as we will see in the next slide and This killer combination in federal IoT is called RPM OS 3 It uses live OS 3 for the image system and It uses for packaging it just leave DNF accepting RPM of both client on server side The features described in these slide Align and extend as you can see the features that live OS 3 offers git like Atomic upgrades rolling back without affecting user data Back to layering on client side and easiness of making our own derivatives So moving on with what makes federal IoT's file system peculiar we have for example slash user Which is read only in each deployment Slash user will point to slash OS 3 slash repo slab objects. We will talk about slash of a street later But for the moment Let's just say that this path in particular is a repository for all slash users user files and binary binaries In order to save disk if deployments share a file They will both both have a hard link to the same file in this directory But new or modified files will be hard link to each correspondent deployment So while if needed, there is a command that allows the user to make slash user readable This is RPM OS 3 admin unlock This removes the read only bind amount on slash user and replace it with a readable Overlay file system, but all changes in the overlay are lost on reboot So it allows the user to test different configuration without compromising the system stability however, in case this This change is an origin fixed fix or we just want to make this change permanent I think the suffix slash last hot fix will create a new deployment and the current deployment will be cloned as a pullback target and by the way, I know I talk a lot about deployments and Let me just define this for you. These are the different atomic versions of our system tree If we add a new layer to it here, for example, installing a new application. This is considered a new Moving on with what makes Federal IoT's file system peculiar. We can see that slash user is read only in instant deployment it will point to slash OS 3 slash repo slap objects that We will talk about this Slash OS 3 later on but for the moment, let's say that this path in particular is a repository for all slash user files and binaries In order to save disks if deployments share a file They will both have a hard link to the file in this directory as we can see in the image It would basically show us the win bash binary that in two different deployments Have the same inode number that the one that is in slash OS 3 slash repo slap objects But for new or for modified files These files will be hard linked in each different Uncorrespondent deployment. So when I have two versions of being vash that will Have different inode and they will be both hosted in O3 repo objects and the different deployments will just hard link to these path As well if needed There's a command that allows the user to make slash user Rightable and this command is rpm dash O3 admin unlock this removes their read-only bind mount on Slash user and replace it with a rightable overlay file system But all changes in the overlay are lost in reward So if you want to test different configurations without compromising the system stability, this is just perfect for you However, in case you need to make these changes permanent You can add the suffix dash dash hotfix and this will create a new deployment based on the current File tree and the current deployment will be cloned as a wall-backed target And by the way, I'm no I'm talking a lot about deployment So I'm gonna stop here and define what's that deployment is and these are basically the different Atomic versions of our system tree. We add a new layer to it via for example Stalling a new application. This is considered a new deployment More stuff Slash bar directory is shared between deployments You can edit a file in slash bar in deployment one go to deployment to edit the same file rollback and the changes will persist Slash ETC on the other hand is unique for each deployment For every new deployment a new slash at C partition is created via Three-way diff between the previous default configuration the active systems at C and the new default configuration It's noted here in slide files will be copied won't be hard linked as with a slash user Contents will be the same, but they will have a different item. I know number Now we arrived to slash o3 Which in fact is a sim link to slash Cs root slash o3 Which were all the previous magic and differentiates differentiation between Slash it is slash bar and slash user happens in a way It contains several directories, but we'll focus today on the deploy one Deploy contains another sub directory, which in Fedora IoT will most likely have the same name Fedora dash IoT, but in roll for edge came varai, which is the system name As said in Fedora IoT the name of the system name is going to be Fedora dash IoT But in roll for edge this name can be specified by the user Inside these deployments slash system directory we found two directories var and again deploy Var is where the shared var partition is mounted Deploy is the set of files specific for that deploy in party Now escaping from the file system features we find Grimwood Grimwood is a framework for system data allows administrators to define the desired and needed state for applications after booting It performs a series of checks that basically are bash scripts Included by the user These checks can be required for things that are absolutely necessary for the system and wanted For things that are interesting for our system for our system, but they are not essential Let me show you an example Required could be that the device has port 80 listening and engine x up after every single update or boot Unwanted could be if the device is able to connect to a non essential service after this boot I hope that clarifies it a little bit What happens if after an update all the required checks pass well This boot will be marked as green and if defined Grimwood will run another set of pass script If they're why they require test don't pass Grimwood will mark the boot as red Another optional set of bash scripts will be run useful for instance to send logs or alerts to a different location And Grimwood will reboot the system for a defined a defined number of times The default one is the three times if after these times the boot is still marked as red It will roll back to the previous deployment Regarding what happened if the wanted checks failed Grimwood will show Which scripts have failed so admins could check what's happening, but the system won't be restarted or rollback If you're wondering how to access your devices after you have burned the Fedora IoT image onto them You can either customize the base image and add your credentials be it user passwords or Such keys or you can use Cesare So sir is offered via provision.fedoraproject.org and is a platform for provisioning your IoT devices You don't your SSH public key or keys if you want and when Fedora IoT first boots It will connect to Cesare and say hey, I'm an unclaimed device connected from this IP Then you soon your Fedora account and connected to the same IP as the device You can log into Cesare claim the device and this will shadow the copy of your loaded SSH key onto the device After a short period of time normally 10, 20, 30 seconds You'll be able to log in into your device using this SSH key And now it's demo time. Let's pray to the Depot codes To ensure that everything goes fine. So first thing first. I'm gonna show you guys Hey folks, sorry Cesare This is the provision portal as you can see here. I have no unowned device from these devices from this IP address So I'm gonna create a new return machine. I have already downloaded and extracted Fedora IoT raw image. So just going to use that one Yes, that's uh, yeah, I think this is fair So this is the first run and So you can see it says browse to provision.fetarooperator.org to configure the SSH key deployed I'm going to do so Fresh and now here I can claim this one Well, we can see that the address ends in 8584 claim it go to device management and Submit, this is the one 8584 submit provision request and Here you will have three options after I install Fedora IoT stable and Fedora raw height in this case We are using Fedora installed because that's what the documentation says and we're gonna schedule and I'm gonna to pause the video Because it takes a little bit to to get them to get the SSH key provision anyways I'm gonna have this first is the IP of the return machine and See you in a couple seconds Okay, a few minutes has passed and I'm gonna try to re-login to the return machine Yes, I trust this and as you can see I just enter into the The new machine we've provisioned this device this virtual machine via Cessaric I want to show you folks as well how Greenwood is working. So we are going to do first and We're going to the first installation of HDTPD. So I can show you how the atomic upgrades work That's gonna install HDTPD I'm gonna pause the video until it's installed and It is now installed. Hmm. I'm gonna reboot the system because it is what's needed to In order to to get into the new deployment I want to make sure that we are able to see this. So I'm gonna move into this and Then now I'm gonna system settings and control reboot And let's see what happens here So as you can see now, there are two deployments. I hope you have what I will to see it And now in the new deployment we have HDTPD HDTPD.service and We have now this installed. Now let's test how Greenwood works and For that what we are going to do is we're gonna install ZSH and we are going to Create a script in Greenwood Check directory and we're gonna create it in the required script So this script needs to pass in order to for Greenwood to mark this new deployment as Or this boot as a green. So what we're going to do is make sure that SSH ZSH is available and it is present in the system and We're gonna now reboot and The next boot we are going to see if this Is has passed Okay, so that's rebooted that's reviewing and we have a new deployment with ZSH installed and It seems that everything went fine As we can see here. Yes Everything would find properly and everything is good. Now what we are going to do is uninstall ZSH and reboot and But we are not going to remove this script so in order for What will Greenwood is going to do is going to check if ZSH is installed and as it's not it's going to reboot the system several times until it marks the this deployment as attained and It's going to roll back to the previous deployment. So we are going to go now and see how that works Okay, so now it's trying to To boot with a new deployment There are some feelings here and it's going to try to boot again again. It has encountered some fails One more time or fails and now it has selected the previous deployment The one that was marked as green and now I'm gonna try to again And we can see here that this is a fall boot that acted the default rps RPM of the street deployment has been rolled back and as we can see this script as the ZSH has failed So and this is how Greenwood work. Well, and that's the end of the demo Come back to the presentation Just one quick note. There is a downstream supportive version of federality It's called roll for edge and has some extra features Which are the image builder? Which is a very cool tool to create blue blueprints of the base images that you want to provision your IOT devices with It has a well as well support for For that had insights and of course all the good stuff that comes with your real subscription If you folks have any questions, just find me. I'm Jay Noguera in IRC You can post any questions as well in the IRC channel Hashtag Fedora dash IOT and This is a list of the references that used for creating them for create this presentation I hope you you folks enjoyed it. Thank you very much for your time