From nobody Thu Apr 13 14:00:25 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Py1SJ2n87z453nt for ; Thu, 13 Apr 2023 14:00:32 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Received: from sonic318-20.consmr.mail.ne1.yahoo.com (sonic318-20.consmr.mail.ne1.yahoo.com [66.163.186.82]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Py1SH3JYgz4K6r for ; Thu, 13 Apr 2023 14:00:31 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681394429; bh=yo1yTYpMM1F2GGNpc6Ky1E2OX//XMCApUqj4lNLanAM=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=Bbzi4FfPyy0tcPfK8apb+UngDd4I2ucqICd4+M3uSGfk2SVYXY5SBV/59sWi1BQHSBtUz8bpeafCHFXB1kJ3u+FroSi/+ZI7K8lqZgF6udHmvwoJv+KZlpOAk6qsYncIpu1IkRuUgYddFNbARWhWWtqOi3yi+iOBsWgaVIA1jcYSiWgjniFto9VQDIfrtqJdb6ZJX03PwFgeytigqKUar4Wf0FxBvrqg765Od+xOwW1Q1RIF+ZlelEdgc71Zk/6+iT28geUASKcL+aikoWaHLs1+LNGkQIehbuz7SPIvn+AU077A0dzKDCMpuoCmqsFpyMpOeg2+Cw0TLLfVqcROXQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1681394429; bh=POeBqSzdo61Cfdnbkb5x/vXHVlpVNYXiQuZ4e2rafNz=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=rKc828Oj8oVZz41VfvC/GZBnm+eMQOuqDSCE8SyIkJadX3zmAjvcQ6FHv67wS6Kw0P4VMUU2uoF4VeWT5sh8IbuTrbyI2pcJRMG+sxfzL8U5CZrhfJuaf+KlAyXDo2NoEzMcMw/ShzJSOSa6waRb+59cURfhLcGaujMM7/SVGJbxEYn3CaI0cjdC292ZckqvrLyfQuFoa8LWRSzDBz5OlE8fcXc2/3rfdq5ISPF+RaIAEXLSh+qVYH4RaHCamNcYvQE1uzw0D/M/HdTalO6iTWkTnj1eArj4pimg4BERLGrW5PmUixkvlxhi97Fs68CFxfO4BfkQhe17PNXjOxid9A== X-YMail-OSG: jK6py5AVM1mwh8rVa_f8wA9WhVSM7rqH6JwFlB6XHXB5L8JlRKclksRz1p.B371 pLbAtqnyeQEpAI1TzCmIhzU.Jw6EU_SDlSN53dhtXkgHd0OfHXyUqzt9twiEnapg1exH7chWGPvC P2.siiPc4Jm6nd2_o6jFnbNyACR.7mks02EVqH02X8bpP7T2tjv5cI6B4YtELQXj0GAWIjiFfdjk 2iOJulg62HdCOEX.xrCEh8ftaY6bwfhsPg2iOVy4S7_hcf6014AVKTJWllFfW.4uDUzPT7aXuSXe geLHEJUYDV8kCKJvEMPp_fUcSsS8gfRXmRyOrCRyo_INlxSYLLCY82XCjFYJMstJC4PNGCoOWJXg aSYJwTBecfjFaySG9welFaTsqZca7Nr81xMErW89J_OoIpeAw1.ASPKLqX_.P3OaK_AHfYIR2HX. _EZvPJn7vJkEnz4Xw3bGCAzRjpm85DHTuAfgxQtJ_HxE3hbP2AogPJIWCzuWxW9Vk_zq7JNu3Ogl qp9O0u94g5Y_mTnsBv1IE7J3P4Vp5DNRSyPoyk15KWxfqP_ilInj6zcMdHIZjI6OmV..8VpesHT1 G7leNXC0.wV9PLgb0Do425Kam3zl2YUYUMYdzDs9nwH7l0fYxepaHd2_4SZTlLKILx7LXbjN_Oyd maGCZv6LWAqrmS_zrgdqxpmlEF6geZ0QmtE28qgdCGKjL4lZh6J96e7KpkaVh5CfUAhJ.kgwfcac utiLYOoxDfj3eft39T3_r_oBDrkvubsCVEOr8R4M15FPh3L52QnCok9Lji7rID7zE3Z7EG_X3iRc 90_TKSCxXUsZpkZaLlOaN96jQNMjzktLT9I5.4f7B.gUJm34CWxOvPAnvsfUACwj1xTLHXsMesqc Ng9Nlp39LUdKlcR_atp5k5MeTnTRotw.sqQzuhlNbdw5K0IUXdo9JH2gKsGRzJGIcB.qYv6breWV 1iaEGRN6xlgSwV7Dk12kfQapZUVvhdif7ffzxd2njSRgSjmSSl9R4IdwqBl1uBY6kbQCtPCn9pnS m3M8mxmWj6T061yhtJYVeOHirT9HGKDEXSNx8U953F67YrKdf48Ig26FIiueOYpUSwbLekSiMJsC FbxIsp4uZAolvMroNR4PZbedkci6TsajLHw45G2mT0LMLUYqkqDBavNRaFfqy_O1d6iAtAH10lQJ PDTNUPZoCT6bCOTMp.OvvisV9ho5nA4TdcnEzNMso3QbzVOCDs2sc34CocbHv2sP44QrTz6P5cxL Rzlq33Aa_jpL2XwgFZrU5gLfU76eN8bTiOzNvaCeM6OBa5euzEId._4StSvhwIs61eDt6xk_8ZpS QCxDQACmDcDP27FI53_0gFWbPL4OSXw8I7v5NB2WUUi2JNr3xFtbWYIukVAfMWopiRzuk6jlkj7N p05Fvcwfslxjg3WPuzkfrhf7KwyQ.WtRlFGAglmixGrVS4b3QwrX34mU78L4r8cpj_3Sc3HwYlet gvDlcJi4.9G1Vd4nX9_5Em4bIj8orn0NTCwHtYR4ZO8z92z0cOoAsu9.R18M8b6DSYvTSu1eSS2x .8HnyqHlQQ0QKDT9dwEGGLvRGXfKcSx0H2vGQQ5k1RP.EkucH_HH7TBE.yXIYDVkNll4D6rU0fDe GOWhdSsrqpwrLl18RG79OL.PEaEIYSS_nS61E2R8FQQqy.MKIBQG7kpePjGhsCEqaX6Ef06janh8 RD1a8lAE5b94nC0nfQwMSRWS0b0eamK7Abg0rZBn6Q7vqSIIwUqxObBdd3yac3zquH52VXkqk8c2 S3oMmKZVObijWI8uT_zUIOgEzBzhZljrea0KHmcwD0OHRdKF_.KnOPk81gN8EuZJ2cV.JarPosYu vRVVbTXjDCDJLIV5mOU.sNxini.k6q6GDx1NU55gGiB9Fs5Bj.nchEBvH.IGoV5E16NdJUNy8OTZ 9G7YbzZ2w5Ev3PyU50v1rzmu0Jw0WwNf9zarsBYefdB.tyVCIr6bc45MwhWOtM2keGpo6r5E6mRo QU9NTSDaE11f87flkSzOrOr6Gz5cJmKjRpY0LwEtMLY24nKvGLSKvm509839G3bx7vN35MEwG5WU o9fjUIeAeNcalov2g5vKhtGyby3vo.3seLIfwF4T4hsWE56eFqbv4WfIxIaYQHYqy7MexfsCdgzr jXlcmX_pGnfMu5lhPvbwxxytfl6TpT7O1b2IIIwTbj0XYGWNAFUw9FLVh_bWc0J7BUZe8lJIiCjv QC_5A44LT5Lrh5Gj1wJxq0yNhbJRfQRBL X-Sonic-MF: X-Sonic-ID: 8c6dfad3-785a-47aa-a8e9-c83b56310667 Received: from sonic.gate.mail.ne1.yahoo.com by sonic318.consmr.mail.ne1.yahoo.com with HTTP; Thu, 13 Apr 2023 14:00:29 +0000 Date: Thu, 13 Apr 2023 14:00:25 +0000 (UTC) From: Paul Pathiakis To: Miguel C , Mario Marietto Cc: Alejandro Imass , Steve O'Hara-Smith , Tim Preston , freebsd-questions Message-ID: <543289768.3317542.1681394425362@mail.yahoo.com> In-Reply-To: References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <1535315680.2770963.1681309684072@mail.yahoo.com> Subject: Re: Docker List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_3317541_1854442059.1681394425359" X-Mailer: WebService/1.1.21365 YMailNorrin X-Rspamd-Queue-Id: 4Py1SH3JYgz4K6r X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N ------=_Part_3317541_1854442059.1681394425359 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I guess my opinion at this point is to drop this.=C2=A0 I don't see a vali= d point for diverting resources and various other things to accommodate 'do= cker' or many other things that are dependent on 'linuxisms'.=C2=A0 Where d= oes it stop?=C2=A0 Do we start porting everything from Windows as well?=C2= =A0 My point is there are many things in many OSes and variants thereof, th= at have hooks into proprietary parts of the kernel that are not 'modular'.= =C2=A0 By modular, I mean that they can be compiled and used on another OS = like most things in the ports/pkgs system.=C2=A0 Since this is 'kernel' lev= el, I don't think FreeBSD should pursue such an endeavor with the limited r= esources at hand.=C2=A0 The FreeBSD kernel and userland are a thing of beau= ty and refinement imho.=C2=A0 All I have to do is look at the CVE database = to see that in the last 10 years there only a couple of hundred bugs.=C2=A0= Just the linux KERNEL has 1000s as does windows.=C2=A0 I would worry that = anything that had ties into the Linux kernel is probably an issue waiting t= o happen. I've been doing system administration and system architecture for over 35 y= ears...=C2=A0 When people ask what the dominant *nix OS is and are expectin= g Linux.... It starts us down the road of all the big boys use FreeBSD beca= use they can't afford to have constant patching and vulnerabilities. So, it's either in a hypervisor and we go from there or drop it.=C2=A0 The = amount of time spent on this discussion is becoming 'trollish' Paul On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto wrote: =20 =20 ---> Couldn't we just run docker on bhyve? more no than yes. You could try to put yourself in other people's shoes. Yo= u are only moving the problem. You are indirectly asking the users that com= e from another system to learn bhyve if they want to use docker. Why should= they learn something different to just use what they need ? At this point = they could jump directly to learn jails,instead of bhyve and / or docker. T= o learn something different requires time,energy,etc. This is not a good bu= siness card for the new users. And it implicitly admits that a useful and p= opular tool like docker doesn't work on an efficient operating system like = FreeBSD. Yes there are great tools like docker for freebsd, but those users= don't need it, they just want docker. Maybe they don't even need to learn = bhyve. Just Docker. Your reasoning is typical of someone who has been using= freebsd for some time, you don't think like those users who would like to = adopt it and are evaluating the pros and cons. Take also in consideration t= hat running bhyve to run Docker is a waste of resources on the machine,if I= want to run only Docker,because in a normal situation,I shouldn't have the= need to use bhyve. Users that have already boarded FreeBSD have probably a= lready come to appreciate jails and many of them don't need to run bhyve to= get docker. Remember the focus of my argumentation : it is something like = this : I offer a native implementation of docker on FreeBSD and I use it as= bait to attract more users. And between those users maybe there will be al= so good developers that will love FreeBSD even for different reasons than d= ocker. The ultimate goal is to make freebsd a little more attractive to the= industry, because as far as I read, it's slowly disappearing. On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM Miguel C w= rote: 100% Agree with this, and the fact is there have been cases where there is = that tolerance and there are maintainers making efforts to bring "linux" th= ings to freeBSD even if via linux emulation. Docker has been mentioned many times in mailing lists and forums and there = is always comments like "but why jails are much better" etc, sometimes not = only intolerant but rude reply that serve only to drive people away IMHO. I also don't get why is that so complicated, is it just cause FreeBSD's mai= ntainers/community don't want to even consider docker on FreeBSD? Couldn't = we just run docker on bhyve? I'm sure it would serve the "just want to test= this image purpose" but I suspect there will be some issues with Filesytem= /network, not issues per say, but more like it likely takes some work to ge= t this to run in easy manner, but I think I've seen mentions of using sshfs= or zvols to make this part easier. MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is suppo= rted but docker, but they are still using a VM at the end of the day and ha= ndle the filesystem/network stuff for the user. I've never tried this my self but I don't think it should be that super com= plicated unless you plan to run docker on prod envs, I think here, the argu= ment that "right tool for the job" is very valid.... I use docker on my mac= OS but I'm not going to run things in prod in macbooks ofc, I will still us= e Linux, K8s etc. Perhaps the FreeBSD foundation could invest a bit in getting a tool to easy= the way of running docker through bhyve, I do believe this would be good f= or user adoption, but probably there are other priorities. On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto wrote: The point of my argumentation is not if FreeBSD has or not good tools for c= ontainerizing and securing applications. It has. Point is that the users th= at don't know FreeBSD are tied to their own tools and rarely want to change= them. Almost everyone wants to change. But trying,experimenting and changi= ng something in the workflow is important,because every tool has bad and go= od sides. There are many docker images already to be used on the net and th= is will save a lot of time and effort and money for a lot of people. This i= s a fact. And I think that it happened because Docker is...good. FreeBSD ha= s tools like docker,but the mass production of containerized images never h= appened. So,would we ask ourselves the reason ? Maybe something has not gon= e well. I use Linux and FreeBSD and I "love" both these systems. Linux has = a larger user base than FreeBSD. A larger user base may mean more innovatio= ns in a small time,a faster bug correction and so on.=20 I think that mostly advantages from the implementation of docker on FreeBSD= will come from the user base. Mostly for those users that come from linux = or other OS and that already use docker and kubernetes. I don't think those= users are a small number. Those users could jump to FreeBSD if Docker / Ku= bernetes are implemented in FreeBSD. This could be the straw that broke the= camel's back. You argue that the jails are working already great and that = they should use them. I argue that the freebsd community could have a more = tolerant behavior to the users that could jump to the FreeBSD world and the= y should not force them to learn only new technologies at first. To have so= me important tools which work on multiple systems means having a good busin= ess card. So,in the end I ask to myself and to you : FreeBSD needs to grow = in terms of community ? Does it need to be populated by a bigger number of = users that will come from another OS base community ?=20 On Thu, Apr 13, 2023 at 10:17=E2=80=AFAM Alejandro Imass wrote: On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis wrote: I believe the simplest thing would be to wrap jails or iocage in an interf= ace that looks like and behaves Docker-like. and Bastille!=C2=A0 --=20 Mario. --=20 Mario. =20 ------=_Part_3317541_1854442059.1681394425359 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I guess my opinion at this p= oint is to drop this.  I don't see a valid point for diverting resourc= es and various other things to accommodate 'docker' or many other things th= at are dependent on 'linuxisms'.  Where does it stop?  Do we star= t porting everything from Windows as well?  My point is there are many= things in many OSes and variants thereof, that have hooks into proprietary= parts of the kernel that are not 'modular'.  By modular, I mean that = they can be compiled and used on another OS like most things in the ports/p= kgs system.  Since this is 'kernel' level, I don't think FreeBSD shoul= d pursue such an endeavor with the limited resources at hand.  The Fre= eBSD kernel and userland are a thing of beauty and refinement imho.  A= ll I have to do is look at the CVE database to see that in the last 10 year= s there only a couple of hundred bugs.  Just the linux KERNEL has 1000= s as does windows.  I would worry that anything that had ties into the= Linux kernel is probably an issue waiting to happen.

I'v= e been doing system administration and system architecture for over 35 year= s...  When people ask what the dominant *nix OS is and are expecting L= inux.... It starts us down the road of all the big boys use FreeBSD because= they can't afford to have constant patching and vulnerabilities.

So, it's either in a hypervisor and we go from there or drop it.=   The amount of time spent on this discussion is becoming 'trollish'

Paul

=20
=20
On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario= Marietto <marietto2008@gmail.com> wrote:


---> Couldn't we just run docker on bhyve?

more no than yes. You could try to put yourself in other people'= s shoes. You are only moving the problem. You are indirectly asking the use= rs that come from another system to learn bhyve if they want to use docker.= Why should they learn something different to just use what they need ? At = this point they could jump directly to learn jails,instead of bhyve and / o= r docker. To learn something different requires time,energy,etc. This is no= t a good business card for the new users. And it implicitly admits that a usef= ul and popular tool like docker doesn't work on an efficient operating syst= em like FreeBSD. Yes there are great tools like docker for freebsd, but those = users don't need it, they just want docker. Maybe they don't even need to l= earn bhyve. Just Docker. Your reasoning is typical of someone who has been usi= ng freebsd for some time, you don't think like those users who would like t= o adopt it and are evaluating the pros and cons. Take also in consideration= that running bhyve to run Docker is a waste of resources on the machine,if= I want to run only Docker,because in a normal situation,I shouldn't have t= he need to use bhyve. Users that have already boarded FreeBSD have probably al= ready come to appreciate jails and many of them don't need to run bhyve to = get docker. Remember the focus of my argumentation : it is something like t= his : I offer a native implementation of docker on FreeBSD and I use it as = bait to attract more users. And between those users maybe there will be als= o good developers that will love FreeBSD even for different reasons than do= cker. The ultimate goal is to make freebsd a little more attractive to the ind= ustry, because as far as I read, it's slowly disappearing.



On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM M= iguel C <miguelmclara@gmail.com> wrote:
100% Agree with this, and t= he fact is there have been cases where there is that tolerance and there ar= e maintainers making efforts to bring "linux" things to freeBSD even if via= linux emulation.

Docker has been m= entioned many times in mailing lists and forums and there is always comment= s like "but why jails are much better" etc, sometimes not only intolerant b= ut rude reply that serve only to drive people away IMHO.

I also don't get why is that so complicated, is it ju= st cause FreeBSD's maintainers/community don't want to even consider docker= on FreeBSD? Couldn't we just run docker on bhyve? I'm sure it would serve = the "just want to test this image purpose" but I suspect there will be some= issues with Filesytem/network, not issues per say, but more like it likely= takes some work to get this to run in easy manner, but I think I've seen m= entions of using sshfs or zvols to make this part easier.

MacOS and Windows use virtualization anyway, sure Do= cker "DESKTOP" is supported but docker, but they are still using a VM at th= e end of the day and handle the filesystem/network stuff for the user.

I've never tried this my self b= ut I don't think it should be that super complicated unless you plan to run= docker on prod envs, I think here, the argument that "right tool for the j= ob" is very valid.... I use docker on my macOS but I'm not going to run thi= ngs in prod in macbooks ofc, I will still use Linux, K8s etc.

Perhaps the FreeBSD foundation could in= vest a bit in getting a tool to easy the way of running docker through bhyv= e, I do believe this would be good for user adoption, but probably there ar= e other priorities.



On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto <marietto2008@gmail.com> wrote:
The point of my argumentation is not if FreeBSD has or no= t good tools for containerizing and securing applications. It has. Point is= that the users that don't know FreeBSD are tied to their own tools and rar= ely want to change them. Almost everyone wants to change. But trying,experi= menting and changing something in the workflow is important,because every t= ool has bad and good sides. There are many docker images already to be used= on the net and this will save a lot of time and effort and money for a lot= of people. This is a fact. And I think that it happened because Docker is.= ..good. FreeBSD has tools like docker,but the mass production of containeri= zed images never happened. So,would we ask ourselves the reason ? Maybe som= ething has not gone well. I use Linux and FreeBSD and I "love" both these s= ystems. Linux has a larger user base than FreeBSD. A larger user base may m= ean more innovations in a small time,a faster bug correction and so on.

I think that mostl= y advantages from the implementation of docker on FreeBSD will come from th= e user base. Mostly=20 for those users that come from linux or other OS and that already use=20 docker and kubernetes. I don't think those users are a small number.=20 Those users could jump to FreeBSD if Docker / Kubernetes are implemented in FreeBSD. This could be the straw that broke the camel= 's back. You argue that the jails are working already great and that= they should use them. I argue that the freebsd community could have a more= tolerant behavior to the users that could jump to the FreeBSD world and th= ey should not force them to learn only new technologies at first. To have s= ome important tools which work on multiple systems means having a good business card. So,in the=20 end I ask to myself and to you : FreeBSD needs to grow in terms of co= mmunity ? Does it need to be populated by a bigger number of users t= hat will come from another OS base community ?

<= div dir=3D"ltr" class=3D"ydpa1dd3db9yiv6427533293gmail_attr">On Thu, Apr 13= , 2023 at 10:17=E2=80=AFAM Alejandro Imass <aimass@yabaran= a.com> wrote:


On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.com> wrote:
=
I believe the simplest thing would be to wrap jail= s or iocage in an interface that looks like and behaves Docker-like.
<= div dir=3D"ltr">

and Bastille!
 



--
Mario.


--
Ma= rio.
------=_Part_3317541_1854442059.1681394425359--