From nobody Sun Apr 09 14:04:54 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PvYlw6sHsz44W3D for ; Sun, 9 Apr 2023 14:05:32 +0000 (UTC) (envelope-from marietto2008@gmail.com) Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PvYlw1GVGz4JM2 for ; Sun, 9 Apr 2023 14:05:32 +0000 (UTC) (envelope-from marietto2008@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=Bs+by9Z8; spf=pass (mx1.freebsd.org: domain of marietto2008@gmail.com designates 2607:f8b0:4864:20::b33 as permitted sender) smtp.mailfrom=marietto2008@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-yb1-xb33.google.com with SMTP id y186so2501370yby.13 for ; Sun, 09 Apr 2023 07:05:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1681049130; x=1683641130; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ysTw0Ddg+6LYHuj7nIe3oCufsSXO+FkF9A4O9pu8V80=; b=Bs+by9Z85NFF0rEI/H9b287YAm43pQcPxy44S08tCaFFJEjoT3mZCAlWZAHacC+qGC 3IzOV6oI99QuQlw4RttKovAj42VOgc8lHAm45a1BKwGHyhqsC+MeowLHINIsnVy1j9oL MAZ++zAR319s6ReqyVjv3cH5XzGYbY8z6y0cMNYt6HNBWGguQWm7F7Xld+/H2VqbeVLC uRumnJxgxQcku1EJy2/TkNQp3oO2wRTa/7pHJO6d/UhrzRaCMftEaHhdqXQ7FUHc5/xN fT9d4NQThHUWIXgJdlRoe5PYFXbj7qGZ2bLQ9VthHyLo7GvGroTAJqeqD1XSHrAG8lgL IQFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681049131; x=1683641131; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ysTw0Ddg+6LYHuj7nIe3oCufsSXO+FkF9A4O9pu8V80=; b=Zp08LrDx3VvyHzXGYfoiJzRlLZHEgFkR05LLgfJVuNNUymXGWHr857EfrweAZ2CXT5 tK+Hn8hL82DyUNPep/H6lNOW81abUjRNQDPs+CpHh6Z5012zSQyQhXj47eP0umu9rjFu uS89TnUlbst/7vJS6JL1WqUPBnyElZojtpDLVOhSoYkAg/WRx2NlY2C13reHRFcpEzac qVukC2B3FjycQgP/u0xPvn51M19FkgySPFufPcMt9ptqv7sM9QbQ716UEq1BSp4l4SY4 DojerYSfiLl4jKMBrdHKqZffEBNVTEptgr3ftcn6o+j/TPDYddACfhxfyBX2c1g7yTly jxpA== X-Gm-Message-State: AAQBX9d0ZHD5tXDG/pCnEnLBmIPaWzEmm/kxG4g5Dq/cyfJ6jG/sdN5i kyzD9hfB6rOvOfFCMOh3tWA+a3gurkdEx30IfTPDHedxHqSefg== X-Google-Smtp-Source: AKy350bjcgOXxPQh/no/p+q9r8pfmlWVLZYCcrULgkF6O+W+91vJRXk16EZDS/R2iNzi7BfNU6tVstWPY2q6mswu0gY= X-Received: by 2002:a25:3306:0:b0:b8b:f5fb:5986 with SMTP id z6-20020a253306000000b00b8bf5fb5986mr5480439ybz.10.1681049130401; Sun, 09 Apr 2023 07:05:30 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> In-Reply-To: <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> From: Mario Marietto Date: Sun, 9 Apr 2023 16:04:54 +0200 Message-ID: Subject: Re: Docker To: Tim Preston Cc: Paul Mather , John Levine , FreeBSD Mailing List , tomek@cedro.info Content-Type: multipart/alternative; boundary="00000000000044848d05f8e7c0c3" X-Spamd-Result: default: False [-3.29 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.29)[-0.288]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::b33:from]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; FREEMAIL_FROM(0.00)[gmail.com]; RCPT_COUNT_FIVE(0.00)[5]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4PvYlw1GVGz4JM2 X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N --00000000000044848d05f8e7c0c3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable It seems that docker now can run on FreeBSD natively,not with the collaboration of bhyve. What do you think ? He says : "Yes, OCI Containers on FreeBSD. What was proposed ages ago as Do= cker done right" https://productionwithscissors.run/2022/09/04/containerd-linux-on-freebsd/ On Tue, Apr 4, 2023 at 4:23=E2=80=AFAM Tim Preston wro= te: > It can be done, with a bit of manual tinkering. > > Here is a gist which explains how to run Docker in a CentOS 8 VM (under > bhyve). > > https://gist.github.com/tehpeh/7e5329d295eca9539e6462f36b6ce9c0 > > It's a bit out of date but the general idea would be the same for CentOS > stream, Alpine etc: install Docker, enable the service, open > firewall/networking, nfs mount a local directory. This is pretty much wha= t > Docker for Mac does. > > If you're looking for the Docker hub image repository equivalent for > FreeBSD, take a look at Bastille templates or Potluck ( > https://potluck.honeyguide.net/). > > However, and this is only my personal opinion, a pre-baked container imag= e > repository is a bad idea. Apart from the security issues and recent drama > around Docker shutting down free accounts, container images are often set > up with default parameters not useful in a production environment (or eve= n > your specific dev environment) and are built against a particular kernel > version, so may not run as expected on a different kernel version. > > Again, only my opinion, but you're much better off building your own, > private, images targeting the particular OS/Kernel version you use in > dev/staging/production. In summary, prefer Dockerfiles over pre-built > images. > > I think the conversation we really need to have is not about copying > Docker, but instead how do we consistently create, run, and scale jails > across multiple FreeBSD hosts easily. > > Tim > > > On 2/4/23 02:54, Paul Mather wrote: > > On Mar 29, 2023, at 1:34 AM, John Levine wrote: > > > It appears that Tomek CEDRO said: > > if there are lots of images for linux docker, and docker is linux only > solution, there is no reason to talk about it on bsd or even offer some > sort of images of bsd for linux right? > > Docker runs on MacOS with a linux emulation layer. FreeBSD already has > some linux emulation so in principle one could do the same thing, but > it'd be a lot of work for dubious benefit. > > I disagree it would be of dubious benefit. MacOS is a Tier 1 platform in= the Docker ecosystem. Using Docker Desktop on macOS makes using Docker an= d Kubernetes for development work very easy on that platform, meaning you c= an stay in the environment you prefer. MacOS is not Linux, but the impleme= ntation on there is to use a shim Linux VM via the built-in macOS hyperviso= r (which, IIRC, is a derivative of bhyve). > > It would be great if the same thing could be done on FreeBSD. It would b= e beneficial if there was a supported docker machine driver for bhyve on Fr= eeBSD. Right now, I believe the road to running Linux containers on FreeBS= D is to use the VirtualBox docker machine driver, which is a bit heavyweigh= t (in terms of added dependencies) for my liking. It would be nice if bhyv= e could be used to run the shim Linux VM. > > Other than that, much of the tooling to run Docker and Kubernetes is alre= ady in ports. But, those (e.g., in the case of Kubernetes) need to point t= o non-FreeBSD systems that are running the actual containers, pods, etc. I= t would be nice to be able to do it all on FreeBSD, at least for developmen= t and kicking-the-tyres purposes. > > Cheers, > > Paul. > > > > --=20 Mario. --00000000000044848d05f8e7c0c3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
It seems that docker now can run on FreeBSD natively,= not with the collaboration of bhyve. What do you think ?

He says : "Yes, OCI Containers on FreeBSD. What was proposed ages a= go as Docker done right"


On Tue, Apr 4, 2023 at 4:23=E2=80=AFAM Tim Preston <tim@timpreston.net> wrote:
=20 =20 =20
It can be done, with a bit of manual tinkering.

Here is a gist which explains how to run Docker in a CentOS 8 VM (under bhyve).

https://gist.github.com/tehpeh/7e5329d295eca9539e646= 2f36b6ce9c0

It's a bit out of date but the general idea would be the same for CentOS stream, Alpine etc: install Docker, enable the service, open firewall/networking, nfs mount a local directory. This is pretty much what Docker for Mac does.

If you're looking for the Docker hub image repository equivalent fo= r FreeBSD, take a look at Bastille templates or Potluck (https://= potluck.honeyguide.net/).

However, and this is only my personal opinion, a pre-baked container image repository is a bad idea. Apart from the security issues and recent drama around Docker shutting down free accounts, container images are often set up with default parameters not useful in a production environment (or even your specific dev environment) and are built against a particular kernel version, so may not run as expected on a different kernel version.

Again, only my opinion, but you're much better off building your own, private, images targeting the particular OS/Kernel version you use in dev/staging/production. In summary, prefer Dockerfiles over pre-built images.

I think the conversation we really need to have is not about copying Docker, but instead how do we consistently create, run, and scale jails across multiple FreeBSD hosts easily.

Tim


On 2/4/23 02:54, Paul Mather wrote:
On Mar 29, 2023, at 1:34 AM, John Levine <johnl@iecc.com> wrote:


It appears that Tomek CEDRO <tomek@cedro.info> said:

if there are lots of images for linux docker, and docker is =
linux only
solution, there is no reason to talk about it on bsd or even offer some
sort of images of bsd for linux right?

Docker runs on MacOS with a linux emulation layer.  FreeBSD al=
ready has
some linux emulation so in principle one could do the same thing, but
it'd be a lot of work for dubious benefit.

I disagree it would be of dubious benefit.  MacOS is a Tier 1 pl=
atform in the Docker ecosystem.  Using Docker Desktop on macOS makes using =
Docker and Kubernetes for development work very easy on that platform, mean=
ing you can stay in the environment you prefer.  MacOS is not Linux, but th=
e implementation on there is to use a shim Linux VM via the built-in macOS =
hypervisor (which, IIRC, is a derivative of bhyve).

It would be great if the same thing could be done on FreeBSD.  It would be =
beneficial if there was a supported docker machine driver for bhyve on Free=
BSD.  Right now, I believe the road to running Linux containers on FreeBSD =
is to use the VirtualBox docker machine driver, which is a bit heavyweight =
(in terms of added dependencies) for my liking.  It would be nice if bhyve =
could be used to run the shim Linux VM.

Other than that, much of the tooling to run Docker and Kubernetes is alread=
y in ports.  But, those (e.g., in the case of Kubernetes) need to point to =
non-FreeBSD systems that are running the actual containers, pods, etc.  It =
would be nice to be able to do it all on FreeBSD, at least for development =
and kicking-the-tyres purposes.

Cheers,

Paul.



--
Mario.
--00000000000044848d05f8e7c0c3--