阅读说明：本技术 运行自动化系统的方法和根据方法工作的自动化系统 (Method for operating an automation system and automation system operating according to the method ) 是由 格拉尔德·克费尔 本杰明·科勒 于 2018-02-16 设计创作，主要内容包括：本发明涉及一种用于运行自动化系统的方法和根据该方法工作的自动化系统,其中,以在容器(14)中封装的形式提供在该自动化系统上运行的应用(16),并且其中,在在容器(14)中封装的应用(16)需要内核模式软件(22)的情况下,在该自动化系统上运行的主机扩展器(30)根据由容器(14)包括的元数据(32)从具有内核模式软件(22)的数据库(34)中加载所需要的内核模式软件(22)并且将其在自动化系统上进行本地安装,其中,在识别出自动化系统中的不兼容性的情况下,主机扩展器(30)安装虚拟机(26),在虚拟机(26)中加载有导致不兼容性的容器(14),并且在虚拟机(26)的内核(38)中加载由容器(14)包括的应用(16)所需要的内核模式软件(22)。(The invention relates to a method for operating an automation system and an automation system operating according to the method, wherein an application (16) operating on the automation system is provided in the form of a package in a container (14), and wherein, in the event that the application (16) packaged in the container (14) requires kernel-mode software (22), a host extender (30) operating on the automation system loads the required kernel-mode software (22) from a database (34) with the kernel-mode software (22) on the basis of metadata (32) comprised by the container (14) and installs it locally on the automation system, wherein, in the event that an incompatibility in the automation system is identified, the host extender (30) installs a virtual machine (26), in the virtual machine (26) loads the container (14) which causes the incompatibility, and loading kernel mode software (22) required by the applications (16) included by the container (14) in a kernel (38) of the virtual machine (26).)

1. A method for operating an automation system is provided,

wherein the application (16) running on the automation system is provided in a form encapsulated in a container (14), and

wherein, in case kernel mode software (22) is required by the application (16) encapsulated in the container (14), a host extender (30) running on the automation system loads the required kernel mode software (22) from a database (34) with the kernel mode software (22) according to metadata (32) comprised by the container (14) and installs the kernel mode software locally on the automation system,

wherein, in case of identifying an incompatibility in the automation system, the host extender (30) installs a virtual machine (26), loads the container (14) causing the incompatibility in the virtual machine (26), and loads the kernel mode software (22) required by the application (16) comprised by the container (14) in a kernel (38) of the virtual machine (26).

2. The method of claim 1, wherein,

local installation of the kernel mode software (22) is implemented in a form that integrates the kernel mode software into a kernel (36) of an operating system (12) of the automation system.

3. The method of claim 1 or 2,

the host extender (30) automatically checks, when the container (14) is deleted, whether the kernel-mode software (22) installed in connection with the running of the application (16) comprised by the container (14) is also required and, in the corresponding case, deletes the kernel-mode software.

4. The method of claim 1, 2, or 3,

the host extender (30) automatically verifies the compatibility of the kernel mode software (22) required for each case in the case of a plurality of containers (14).

5. A computer program (30) with program code means for performing all the steps of the method according to any one of the preceding claims when the computer program (30) is run on an automation system.

6. An automation system having a processing unit and a memory, which is loaded with a computer program (30) according to claim 5, which computer program is run in a local kernel (36) for integration of kernel-mode software (22) when the automation system is run, wherein the kernel-mode software (22) is required to run an application (16) encapsulated in a container (14).

Technical Field

The invention relates to a method for operating an automation system and in general for a substantially arbitrary computer system. The invention also relates to an automation system or computer system operating according to the method and to a computer program for carrying out the method.

Background

The so-called container technology is a standard method for simply merging (packaging) and distributing software applications, which are then simply referred to as applications according to common language conventions. The technique can be used for different operating systems, such as Windows and Linux. There are various implementations of this. For example, the open source software "Docker" as a container technology is executed in the Linux environment. There is a so-called "Windows-Container" for the Windows operating system.

In order to encapsulate applications in containers, they comprise a complete Runtime environment (Runtime environment) which is necessary for running the respective application. Accordingly, the container contains, for example, all the binary and configuration data and libraries necessary for the execution of the respective program. By means of encapsulation in containers, abstractions of differences in the distribution of various operating systems are achieved.

Container technology is significantly smaller and requires fewer resources than operating system virtualization (OS virtualization). In OS virtualization, the encapsulation generated at this time comprises a Virtual Machine (VM), the complete corresponding operating system to be virtualized (in particular the corresponding operating system kernel), and at least one application which is run by means of the virtual machine. In contrast, in container technology all containers share a common operating system kernel.

The applications (software applications) to date usually require a so-called driver (driver software) for executing the application. When such applications in a container need to be merged and delivered, this often causes problems in that the drivers are integrated into the respective operating systems as so-called kernel-mode software. However, container technology to date has only been able to abstract so-called user mode software (i.e., software at other, less system/system critical oriented, levels) in so-called sandboxes. A container of the above-mentioned type is a so-called sandbox, wherein the container contains all the data and files necessary for running the respective application and thus isolates the application from other applications and the respective operating system (sandbox).

Current kernel mode software cannot be packaged in containers because all containers share a common operating system kernel and containers do not have the right to make changes in the so-called kernel space. In other words, more expensive and resource intensive traditional OS virtualization, which is directly hosted on the Hypervisor (Hypervisor), has been used so far. In order to encapsulate applications used by kernel mode software, a Virtual Machine (VM) comprising a complete so-called operating system stack has to be allocated to this purpose in addition to the respective application itself.

For example, the completed encapsulation is distributed to one or more recipients by means of electronic data transmission, which is costly and resource-intensive.

A version of the kernel that supports Docker is disclosed in the article "firmware Container-Based Resource Management for the Internet of Things" by Thomas Renner et al, International software network conference (ICSN) at IEEE 2016. Here, the isolated container is provided by the Linux namespace. Furthermore, container virtualization can be implemented directly in the kernel.

In particular, the creation of multiple Kernel regions is disclosed in Duncan Hardie "How to Get Started Creating Oracle Solaris Kernel Zones in Oracle Solaris 11", URL: http:// www.oracle.com/technical work/arrows/server language-admin/How to create-Kernel-lines-sl-2251331. html # 6.

Disclosure of Invention

The object of the present invention is to provide a possibility for encapsulating applications requiring kernel-mode software in a container and for running such applications on a corresponding target system.

According to the invention, this object is achieved by means of a method having the features of claim 1. The method is described as a method for operating an automation system (i.e. an automation system which is set up, for example, for controlling and/or monitoring a process flow) and the description is continued on the basis thereof. However, the methods presented herein can be used with substantially any type of computer system and, to this extent, automated systems are merely exemplary computer systems. Accordingly, the generic computer system, which is not intended or not primarily intended for automation purposes, is also understood in the following each time the term "automation system" is referred to.

In the method proposed here, for operating an automation system, wherein an application to be operated in the automation system is provided in the form of a package in a container, the following steps are proposed: in case the application encapsulated in the container requires kernel mode software, a computer program running on the automation system and subsequently called host extender loads the required kernel mode software from a database with the kernel mode software and installs it locally on the automation system. The local installation of kernel-mode software is realized here in particular in the form of an integration thereof into the kernel of the operating system of the automation system.

In this case, it is derived on the basis of the metadata of the container with the respective application itself which kernel-mode software is required by the respective application and which kernel-mode software is loaded and installed locally from the database accordingly. The metadata exists in an encoded form that can be automatically evaluated by the host extender, i.e. for example in XML format or the like.

For the further description, to avoid unnecessary repetition, it applies that: the features and details described in connection with the claimed method and possible embodiments also apply, of course, when a method for carrying out an automation system is combined and considered, and vice versa, so that the method can also be extended by means of single or multiple method features relating to method steps operated by the automation system, and the automation system can accordingly also be extended by means of method steps for carrying out operations within the scope of the method. Correspondingly, the features and details described in connection with the claimed method and possible embodiments also apply obviously in connection with and in consideration of the method for carrying out an automation system, and vice versa, so that all references can be made to each other with regard to the disclosure of the various aspects of the invention.

The above object is also achieved by means of an automation system operating according to the method described here and below and comprising means for carrying out the method. The method is carried out automatically in the form of a computer program and, therefore, the invention is also, on the one hand, a computer program with program code instructions that can be run by a computer and, on the other hand, a storage medium with a computer program product of program code means and, finally, also an automation system with a microprocessor and a processing unit of the type or form of a memory in which such a computer program can be loaded or loaded as a means for carrying out the method and its design.

When describing method steps or a sequence of method steps in the following, reference is made to actions which are based on or implemented under the control of a computer program. Each reference herein to the term "automated" is specifically intended to refer to the action involved, either based on or under the control of a computer program.

Instead of having individual computer code instructions, the implementation of the methods described herein and below can also be implemented in firmware. It is known to the person skilled in the art that, instead of implementing the method in software, it can always be implemented in firmware or in firmware and software. It should therefore be taken to apply the terms "software" and "computer program" to the description filed here, but also other possible implementations, namely in particular in firmware or in both firmware and software.

The method proposed here has the advantage that the previous container technology is extended such that the kernel-mode software required by the application can now also be encapsulated in the container. The advantages so far: such as simple allocation of applications, fast start-up of containers, efficient resource utilization, etc., are also given along with the expansion of container technology.

Advantageous embodiments of the invention are the subject matter of the dependent claims. The use of reference relationships between the claims herein indicates further developments of the subject matter of the dependent claims by means of the features of the respective dependent claims. This is not to be understood as a disclaimer of independent, claimed protection for features or combinations of features of the dependent claims. Furthermore, when features of the dependent claims are embodied in detail, the following claims are to be understood as being generic and specific in their disclosure: no such limitations are present in the respective preceding claims and in the general implementation of the specific method/specific automation system. Accordingly, each reference in the description of aspects of the dependent claims is also to be explicitly understood as a description of an optional feature, unless explicitly stated otherwise. Finally, it should be pointed out that the method specified here can also be modified according to the dependent device claims and vice versa.

In one implementation of the method, the host extender automatically checks, when the container is deleted, whether kernel-mode software installed in connection with the running of the application comprised by the container is still required. When it is verified herein that kernel mode software is no longer needed, the host extender automatically or is instructed to delete kernel mode software. This not only makes the kernel uncluttered but also reduces its size. Deleting kernel mode software that is no longer needed also helps to avoid possible incompatibilities.

In a further embodiment of the method, it is provided that the host extender automatically checks the compatibility of the respectively required kernel-mode software if there are a plurality of containers. Based on this check, it can at least be ensured that the required kernel-mode software is not installed locally, when incompatibilities and corresponding functional disturbances or malfunctions are taken into account on the basis of such an installation.

In a further embodiment of the method, it is provided that, if an incompatibility in the automation system is detected, the host extender installs the virtual machine, loads the container which causes the incompatibility in the virtual machine, and loads the kernel-mode software required by the application contained in the container in the kernel of the virtual machine. This enables the running of the application comprised by the causative container, despite the incompatibility being determined in advance, by running the container and the application in a specially generated virtual machine. Loading kernel-mode software into the kernel of the virtual machine does not involve the kernel of the operating system of the automation system and accordingly does not produce incompatibilities and does not have to worry about functional disturbances or functional failures.

Drawings

Embodiments of the present invention are explained in detail below with reference to the drawings. Corresponding elements or components are denoted by the same reference numerals throughout the figures.

Shown here are:

FIG. 1 is a hierarchical model of an application with packaging in a container;

FIG. 2 is a hierarchical model with applications encapsulated in virtual machines;

FIG. 3 is a hierarchical model of a computer program with applications packaged in containers and for local installation of kernel mode software required by the applications;

FIG. 4 is a data structure for deleting locally installed kernel mode software that is no longer needed; and is

Fig. 5 is a hierarchical model of a computer program according to fig. 3 with applications generated by the computer program for running applications packaged in virtual machines in the event of compatibility problems.

Detailed Description

Fig. 1 schematically shows, in a simplified manner, a hierarchical model of a device/computer system, referred to in the following as a server 10, which serves in particular as a computer system of an automation system for controlling and/or monitoring a process flow (in principle arbitrary and not shown here). A corresponding operating system 12 is provided on the hardware of the server 10. This operating system is also sometimes referred to as a host OS (host operating system) in the following, according to common language conventions. Various containers 14 are shown above the operating system 12. Each of which includes at least one application 16 and a runtime environment 18 necessary for running the respective application 16. Here, for example, binary data and/or Libraries (Libraries). A computer program, referred to next as a container manager 20, is capable of running the applications 16 encapsulated in the container 14.

Since it is not feasible to package kernel-mode software in the container 14 by means of the container technique explained before and schematically shown in fig. 1 in a simplified manner, in order to package an application 16 which requires kernel-mode software 22 (fig. 3) for its execution, conventional OS virtualization typically uses, for example, so-called drivers, as this is schematically shown in fig. 2 in a simplified manner.

In fig. 2, the diagram is also based on a hierarchical model and shows, at the bottom, the server hardware 10 of the respective target computer system and the operating system (host OS)12 running on this hardware 10. A so-called hypervisor 24 serves as an interface between the operating system 12 and one or more Virtual Machines (VMs) 26. Each virtual machine 26 includes at least one application 16 arranged for execution within and by the virtual machine 26, and a corresponding guest operating system (guest OS)28 required for execution of the application 16. The virtual machine 26 also comprises a possible runtime environment 18, in particular a binary file and/or a library, which is required to run the respective application 16.

The currently implemented container technology uses a container manager 20 (FIG. 1) as a central component in the corresponding local system (target computer system) to manage the corresponding container 14 and the applications 16 encapsulated therein. The container manager 20 is responsible for the allocation, installation and configuration (Deployment) of the containers 14 as well as start, stop and delete.

The solution presented herein is based on extending container manager 20 to a container manager extension (fig. 3), which is referred to next as host extender 30. The host extender 30 is responsible for integrating the kernel mode software 22 into the corresponding local kernel 36, thereby providing the kernel mode software 22 for running the applications 16 comprised by the container 14.

Fig. 3 shows a container 14 set up for running on the corresponding target hardware 10 or alternatively in a virtual machine 26. The corresponding target hardware 10 configured to run the container 14, or alternatively the virtual machine 26 configured to run the container 14, is referred to as the host 10/26, because both the target hardware 10 directly adapted to run the container 14, as well as the virtual machine 26 running on substantially any target hardware 10, are considered platforms-i.e., "hosts" for running the container 14.

On host 10/26, there is running hypervisor 24, which serves as an interface for the respective target hardware 10 and its operating system 12, or as an interface for the guest operating system 28 of the respective virtual machine 26.

The host extender 30 processes metadata 32 encapsulated within the container 14 that defines a correspondence between the application 16 encapsulated within the container 14 on the one hand and the kernel-mode software 22 (e.g., the driver 22 or drivers 22) on the other hand. With the help of the metadata 32, it is automatically recognized for the container manager 20 whether a specific kernel mode software 22 has to be present or installed when starting the container 14. The host extender 30 is used here to install kernel mode software 22, necessary for running the applications 16 encapsulated in the container 14, on the host 10/26 (server or virtual machine), in particular in the kernel 36 integrated therein.

The host extender 30 retrieves the appropriate kernel-mode software 22 (necessary for running the respective application 16) from a database 34 (container extension center) which is provided locally or can be accessed by means of the usual means for data transmission, i.e. for example via the internet. The database 34 includes kernel mode software 22 that is referenced by the container 14 by means of the data sources 32 included by the container and is used at runtime.

Host extender 30 plays an important role in the management of kernel mode software 22. Upon launching container 14 on host 10/26, it is automatically verified, for example by means of host extender 30, whether the required driver 22, i.e. the required kernel mode software 22, is installed in host 10/26. If it is verified that kernel mode software 22 has not been installed locally at host 10/26, host extender 30 schedules a local installation, as it is shown in FIG. 3, by loading kernel mode software 22 from the database and adding it to the kernel 36 of host 10/26.

When another instance of the container 14 that requires the same kernel mode software 22 for running the application 16 comprised by the container is launched on the host 10/26, the host extender 30 automatically determines that the required kernel mode software 22 is already installed in the kernel 36, thereby enabling the container 14 to be launched directly and the application 16 comprised by the container to be run.

Host extender 30 also manages which kernel mode software 22 is integrated into kernel 36 in conjunction with the launching of container 14, for example, in a linked list or similar data structure 38. The data structure 38 includes, for example, a data set 40 (FIG. 4) for each driver 22 (kernel mode software 22) integrated in the kernel 36, and in turn includes references to one or more containers 14 that require the respective driver 22. When a container 14 is deleted, it is automatically verified by host extender 30 from data structure 39 which data set 40 or data sets 40 reference the container 14. References are deleted altogether when the container 14 is deleted. When a data set 40 is generated that no longer references a container 14, that is, a container 14 that requires a driver 22 originally provided for the data set 40 managed by the host extender 30 no longer exists, the driver 22 itself can be deleted from the kernel 36. The host extender 30 commands the corresponding driver 22 to be uninstalled (removed from the kernel 36).

Fig. 4 shows this situation in a schematically simplified form. When deleting the container 14 shown on the far left, it is possible to determine which drive 22 (i.e. the drive 22 shown on the far left) the container 14 uses, depending on the data structure of the associated data set 40 (i.e. the data set 40 shown on the far right) and depending on the data set 40. Because no other container 14 uses the same drive 22, the drive 22 can be deleted (unloaded) at the same time that the container 14 is deleted. The described deletion process is symbolically illustrated in fig. 4 by means of respective crosses.

If there are multiple different containers 14 launched on the host 10/26, compatibility of the container 14 with the kernel-mode software 22 encoded correspondence in the form of metadata 32 is optionally automatically verified by means of the host extender. If it is determined that there is no incompatibility, then the kernel mode software 22 necessary to run the container 14 can be installed on the host 10/26 in turn, and the container 14 can be run on the host 10/26.

In the case of automatic identification of incompatibilities by means of the host extender 30, it is proposed in a special embodiment of the novel solution proposed here that the host extender 30 automatically and dynamically generates and starts a virtual machine 26 (fig. 5) with container functionality in which the kernel-mode software 22 which leads to the determination of incompatibilities is installed locally (in its kernel 36). Subsequently, the virtual machine 26 is also automatically loaded (downloaded) by means of the host extender 30 and the container 14 which leads to the determination of the incompatibility is started. This is shown schematically and in simplified form in fig. 5.

Additional virtual machines 26 are generated and started, as needed, with the incompatibilities automatically determined. As long as compatibility with the kernel mode software 22 loaded in the kernel 36 of the host 10/26 occurs, the kernel mode software is installed to run the additional container 14 directly, i.e., without the need for a re-packaged virtual machine.

The passage of the virtual machine 26 or of a further virtual machine and by means of the automatic generation of the host extender 30 is effected, for example, on the basis of a further database 42(VN center) in which, for example, Images 44(Images) of the different virtual machines 26 are provided. The containers 14 to be operated (fig. 3, 5) can likewise originate from this database 42 or, for example, from a separate container database 46, which likewise accordingly comprises a mirror Image 48(Image) of the container 14. The database 42 with the image 44 of the virtual machine 26 and/or the container database 46 with the at least one image 48 of the container 14 can be accessed in a substantially known type and manner using conventional data transfer means, i.e. for example via the internet, so that the images 44, 48 can be loaded from the respective databases 42, 46 and loaded as required for implementing the means described herein.

Although the invention has been illustrated and described in detail by way of examples, the invention is not limited to the examples disclosed and other variants can be derived by those skilled in the art without departing from the scope of protection of the invention.

Thus, the important aspects of the description filed herein can be briefly summarized as: a method for operating an automation system and an automation system operating according to the method are specified, wherein an application 16 operating on the automation system is provided in the form of a package in a container 14. According to the new approach proposed here, in the event that the application 16 encapsulated in the container 14 requires the kernel-mode software 22, the host extender 30 running on the automation system loads the required kernel-mode software 22 from the database 34 with the kernel-mode software 22 and installs it locally on the automation system. In this case, it is assumed, based on the metadata 32 contained by the container 14 with the respective application 16 itself, which kernel-mode software 22 is required by the respective application 16 and which kernel-mode software 22 is accordingly loaded from the database 34 and installed locally.

Further embodiments are repeated below: