From nobody Tue Apr 11 09:44:24 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PwgtR0PVrz44XXx for ; Tue, 11 Apr 2023 09:45:03 +0000 (UTC) (envelope-from marietto2008@gmail.com) Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PwgtQ6nzcz3Bnv for ; Tue, 11 Apr 2023 09:45:02 +0000 (UTC) (envelope-from marietto2008@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-54f64b29207so39552347b3.8 for ; Tue, 11 Apr 2023 02:45:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1681206301; x=1683798301; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+ZpzvDoJ/Gs7PaXkGDTzKrgOnaU+sSDgMLU4eOG2Gqk=; b=h/Em7TZ9H/qeIb2OUB306jPFCmtv+SuOsNIX0MD6k8TTHJpppD4ezKaqH6yj9fQTfK qOEHb3zR5pd+muQn3LGAijvKffcYqJNCIszHDLxfCv5N0APNnE4uMv5K4UUxTHCfCYjj wbnusD1kEBNoltTBBvDxyUrUHf7V8VBpRSiDTHKmRiWFjwhFswfNzXR+VlBnkSInlL9i TKQhALK0AEViqMs/5RlgpGVWZ3yyQSKO3FJxXRl7wadnnSoO7n5UCiKI2tvNGolmiIbC bgJwHHe8jqM0ROGtLUGMAiN7b7PcjM8+mHq8IH+07EHENnl4g1/BwBslsQtKoTba8ZRl SBpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681206301; x=1683798301; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+ZpzvDoJ/Gs7PaXkGDTzKrgOnaU+sSDgMLU4eOG2Gqk=; b=zdtVIMYpCRMXP7Ckf4pzs8QE+AW9Dcw/xqVHM3gEx9J3s5WJLwJ5x6XXvG2tOJmFDQ BWq2g09sKAMdyVHMFP0VyyPknVf+Jfj2qSiqQC7HA5OK3P+/pBs+smTZgA9xNiaVrMLg Q04RwXFI4QSKZVr8iwBLs/LYUg+bMaPh6sDnpIAljNfTYL/mx0iYeFiQKNrspIVmYMh3 LAeRjZJb1H/N6/AHa1ASqQIP1nL3C8zuIqBCnaLLqCB9ZoFIu96+Jo3EC/CzNJcCzvSg 1uDjBD35ScFW1lgmUB3jDWCWG6cfbuJD73DDU98dQF/TDLdI3iGEMbdRJirLf5DX18I+ tVew== X-Gm-Message-State: AAQBX9ePUDNVwXISTT8DTxJBSC1KtiMG35dyq8MfUwqqPhi+JarWq2gg efaJYOup0QLy9F8ptnWxDw1CsA1r9991JHzPlfNxaERgl+pzbg== X-Google-Smtp-Source: AKy350aR9+i7t9nM4wPoMpgELkMCIlHGUNBqvQdp10nE0nRKj0+SXNWA+clPnynSleeUp9TzBkUBB/gZfVQLkPuBaTk= X-Received: by 2002:a81:b719:0:b0:540:e744:13ae with SMTP id v25-20020a81b719000000b00540e74413aemr1354072ywh.3.1681206301111; Tue, 11 Apr 2023 02:45:01 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> In-Reply-To: <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> From: Mario Marietto Date: Tue, 11 Apr 2023 11:44:24 +0200 Message-ID: Subject: Re: Docker To: Tim Preston Cc: FreeBSD Mailing List Content-Type: multipart/alternative; boundary="0000000000005f3a0405f90c5819" X-Rspamd-Queue-Id: 4PwgtQ6nzcz3Bnv X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --0000000000005f3a0405f90c5819 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Tim,you are wasting your time. It seems that all of these (good) FreeBSD developers don't want you to use Linux technologies if you have chosen FreeBSD as the main OS. That's not good and it sounds like a discriminatory attitude. I really don't understand why I should be forced to use only one OS or a limited set of tools. I (and it's not only me) want to use as many tools as possible within one OS only. I like FreeBSD for a lot of reasons,but it is also true that there are a lot of good docker images on the internet that can make my life easier. So,why can't I use them on FreeBSD ? Do you want to keep alive the war between Windows and Linux in the '90 / 2000 ? Probably we should clarify what's the kind of user that can make this kind of argumentation. Well,me,I'm a FreeBSD home user. My position is not comparable with the position of the developers that dislike that the linux technologies are integrated at a various level in the FreeBSD world. We,home users,want this. Because we "love" Linux,FreeBSD,and sometimes even NetBSD,OpenBSD,etc. We want everything. It seems that our mindset is more open than the developers who have chosen FreeBSD for their job. On Tue, Apr 11, 2023 at 9:12=E2=80=AFAM Tim Preston wr= ote: > The port mentioned in the first article doesn't work any more, if I > remember correctly. > > The second link describes how Linux containers might be run via Linux > binary compatibility. It's not Docker exactly, but could be used to run > Docker images. > > But the question I'd ask is "why?". If you need to run Docker images you > should probably run them on Linux, to ensure 100% kernel compatibility. > > After all, Docker is a Linux-only technology. There doesn't seem much > point trying to shoehorn it into FreeBSD. > > > On 10/4/23 00:04, Mario Marietto wrote: > > It seems that docker now can run on FreeBSD natively,not with the > collaboration of bhyve. What do you think ? > > He says : "Yes, OCI Containers on FreeBSD. What was proposed ages ago as = Docker > done right" > https://productionwithscissors.run/2022/09/04/containerd-linux-on-freebsd= / > > On Tue, Apr 4, 2023 at 4:23=E2=80=AFAM Tim Preston w= rote: > >> It can be done, with a bit of manual tinkering. >> >> Here is a gist which explains how to run Docker in a CentOS 8 VM (under >> bhyve). >> >> https://gist.github.com/tehpeh/7e5329d295eca9539e6462f36b6ce9c0 >> >> It's a bit out of date but the general idea would be the same for CentOS >> stream, Alpine etc: install Docker, enable the service, open >> firewall/networking, nfs mount a local directory. This is pretty much wh= at >> Docker for Mac does. >> >> If you're looking for the Docker hub image repository equivalent for >> FreeBSD, take a look at Bastille templates or Potluck ( >> https://potluck.honeyguide.net/). >> >> However, and this is only my personal opinion, a pre-baked container >> image repository is a bad idea. Apart from the security issues and recen= t >> drama around Docker shutting down free accounts, container images are of= ten >> set up with default parameters not useful in a production environment (o= r >> even your specific dev environment) and are built against a particular >> kernel version, so may not run as expected on a different kernel version= . >> >> Again, only my opinion, but you're much better off building your own, >> private, images targeting the particular OS/Kernel version you use in >> dev/staging/production. In summary, prefer Dockerfiles over pre-built >> images. >> >> I think the conversation we really need to have is not about copying >> Docker, but instead how do we consistently create, run, and scale jails >> across multiple FreeBSD hosts easily. >> >> Tim >> >> >> On 2/4/23 02:54, Paul Mather wrote: >> >> On Mar 29, 2023, at 1:34 AM, John Levine wrote: >> >> >> It appears that Tomek CEDRO said: >> >> if there are lots of images for linux docker, and docker is linux only >> solution, there is no reason to talk about it on bsd or even offer some >> sort of images of bsd for linux right? >> >> Docker runs on MacOS with a linux emulation layer. FreeBSD already has >> some linux emulation so in principle one could do the same thing, but >> it'd be a lot of work for dubious benefit. >> >> I disagree it would be of dubious benefit. MacOS is a Tier 1 platform i= n the Docker ecosystem. Using Docker Desktop on macOS makes using Docker a= nd Kubernetes for development work very easy on that platform, meaning you = can stay in the environment you prefer. MacOS is not Linux, but the implem= entation on there is to use a shim Linux VM via the built-in macOS hypervis= or (which, IIRC, is a derivative of bhyve). >> >> It would be great if the same thing could be done on FreeBSD. It would = be beneficial if there was a supported docker machine driver for bhyve on F= reeBSD. Right now, I believe the road to running Linux containers on FreeB= SD is to use the VirtualBox docker machine driver, which is a bit heavyweig= ht (in terms of added dependencies) for my liking. It would be nice if bhy= ve could be used to run the shim Linux VM. >> >> Other than that, much of the tooling to run Docker and Kubernetes is alr= eady in ports. But, those (e.g., in the case of Kubernetes) need to point = to non-FreeBSD systems that are running the actual containers, pods, etc. = It would be nice to be able to do it all on FreeBSD, at least for developme= nt and kicking-the-tyres purposes. >> >> Cheers, >> >> Paul. >> >> >> >> > > -- > Mario. > > > --=20 Mario. --0000000000005f3a0405f90c5819 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Tim,you are wasting your time. It seems that = all of these (good) FreeBSD developers don't want you to use Linux tech= nologies if you have chosen FreeBSD as the main OS. That's not good and= it sounds like a discriminatory attitude. =C2=A0

I really don't understand why I should be forced to use only one OS or a= =20 limited set of tools. I (and it's not only me) want to use as many tool= s=20 as possible within one OS only. I like FreeBSD for a lot of reasons,but=20 it is also true that there are a lot of good docker images on the internet= =20 that can make my life easier. So,why can't I use them on FreeBSD ? Do= =20 you want to keep alive the war between Windows and=20 Linux in the '90 / 2000 ?=C2=A0

Probably we should clarify what&#= 39;s the kind of user that can make this kind of argumentation. Well,me,I&#= 39;m a FreeBSD home user.=C2=A0 My position is not comparable with the posi= tion of the developers that dislike that the linux technologies are integra= ted at a various level in the FreeBSD world. We,home users,want this. Becau= se we "love" Linux,FreeBSD,and sometimes even NetBSD,OpenBSD,etc.= We want everything. It seems that our mindset is more open than the develo= pers who have chosen FreeBSD for their job.


<= div class=3D"gmail_quote">
On Tue, Apr= 11, 2023 at 9:12=E2=80=AFAM Tim Preston <tim@timpreston.net> wrote:
=20 =20 =20
The port mentioned in the first article doesn't work any more, if I remember correctly.

The second link describes how Linux containers might be run via Linux binary compatibility. It's not Docker exactly, but could be used to run Docker images.

But the question I'd ask is "why?". If you need to run Do= cker images you should probably run them on Linux, to ensure 100% kernel compatibility.

After all, Docker is a Linux-only technology. There doesn't seem much point trying to shoehorn it into FreeBSD.


On 10/4/23 00:04, Mario Marietto wrote:
=20
It seems that docker now can run on FreeBSD natively,not with the collaboration of bhyve. What do you think ?

He says : "Yes, OCI Containers on FreeBSD. What was proposed ages ago as Docker done right"


On Tue, Apr 4, 2023 at 4:23= =E2=80=AFAM Tim Preston <tim@timpreston.net> wrote:
It can be done, with a bit of manual tinkering.

Here is a gist which explains how to run Docker in a CentOS 8 VM (under bhyve).

https://gist.github.com/tehpeh/7e5329d295eca= 9539e6462f36b6ce9c0

It's a bit out of date but the general idea would be the same for CentOS stream, Alpine etc: install Docker, enable the service, open firewall/networking, nfs mount a local directory. This is pretty much what Docker for Mac does.

If you're looking for the Docker hub image repository equivalent for FreeBSD, take a look at Bastille templates or Potluck (https://potluck.honeyguide.net/).

However, and this is only my personal opinion, a pre-baked container image repository is a bad idea. Apart from the security issues and recent drama around Docker shutting down free accounts, container images are often set up with default parameters not useful in a production environment (or even your specific dev environment) and are built against a particular kernel version, so may not run as expected on a different kernel version.

Again, only my opinion, but you're much better off building your own, private, images targeting the particular OS/Kernel version you use in dev/staging/production. In summary, prefer Dockerfiles over pre-built images.

I think the conversation we really need to have is not about copying Docker, but instead how do we consistently create, run, and scale jails across multiple FreeBSD hosts easily.

Tim


On 2/4/23 02:54, Paul Mather wrote:
On Mar 29, 2023, at 1:34 AM, John Levine <johnl@iecc.com> wrote:


It appears that Tomek CEDRO <tomek@cedro.info> said:

if there are lots of images for linux docker, and do=
cker is linux only
solution, there is no reason to talk about it on bsd or even offer some
sort of images of bsd for linux right?

Docker runs on MacOS with a linux emulation layer.  Fr=
eeBSD already has
some linux emulation so in principle one could do the same thing, but
it'd be a lot of work for dubious benefit.

I disagree it would be of dubious benefit.  MacOS is a T=
ier 1 platform in the Docker ecosystem.  Using Docker Desktop on macOS make=
s using Docker and Kubernetes for development work very easy on that platfo=
rm, meaning you can stay in the environment you prefer.  MacOS is not Linux=
, but the implementation on there is to use a shim Linux VM via the built-i=
n macOS hypervisor (which, IIRC, is a derivative of bhyve).

It would be great if the same thing could be done on FreeBSD.  It would be =
beneficial if there was a supported docker machine driver for bhyve on Free=
BSD.  Right now, I believe the road to running Linux containers on FreeBSD =
is to use the VirtualBox docker machine driver, which is a bit heavyweight =
(in terms of added dependencies) for my liking.  It would be nice if bhyve =
could be used to run the shim Linux VM.

Other than that, much of the tooling to run Docker and Kubernetes is alread=
y in ports.  But, those (e.g., in the case of Kubernetes) need to point to =
non-FreeBSD systems that are running the actual containers, pods, etc.  It =
would be nice to be able to do it all on FreeBSD, at least for development =
and kicking-the-tyres purposes.

Cheers,

Paul.



--
Mario.



--
Mario.
--0000000000005f3a0405f90c5819--