Re: Docker

For sure not everything,but something that is very requested and that it
has given a solid proof to be a valid and robust tool. I think Docker has
all these requisites.

On Thu, Apr 13, 2023 at 4:00 PM Paul Pathiakis <pathiaki2@yahoo.com> wrote:

> I guess my opinion at this point is to drop this.  I don't see a valid
> point for diverting resources and various other things to accommodate
> 'docker' or many other things that are dependent on 'linuxisms'.  Where
> does it stop?  Do we start porting everything from Windows as well?  My
> point is there are many things in many OSes and variants thereof, that have
> hooks into proprietary parts of the kernel that are not 'modular'.  By
> modular, I mean that they can be compiled and used on another OS like most
> things in the ports/pkgs system.  Since this is 'kernel' level, I don't
> think FreeBSD should pursue such an endeavor with the limited resources at
> hand.  The FreeBSD kernel and userland are a thing of beauty and refinement
> imho.  All I have to do is look at the CVE database to see that in the last
> 10 years there only a couple of hundred bugs.  Just the linux KERNEL has
> 1000s as does windows.  I would worry that anything that had ties into the
> Linux kernel is probably an issue waiting to happen.
>
> I've been doing system administration and system architecture for over 35
> years...  When people ask what the dominant *nix OS is and are expecting
> Linux.... It starts us down the road of all the big boys use FreeBSD
> because they can't afford to have constant patching and vulnerabilities.
>
> So, it's either in a hypervisor and we go from there or drop it.  The
> amount of time spent on this discussion is becoming 'trollish'
>
> Paul
>
> On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto <
> marietto2008@gmail.com> wrote:
>
>
> ---> Couldn't we just run docker on bhyve?
>
> more no than yes. You could try to put yourself in other people's shoes.
> You are only moving the problem. You are indirectly asking the users that
> come from another system to learn bhyve if they want to use docker. Why
> should they learn something different to just use what they need ? At this
> point they could jump directly to learn jails,instead of bhyve and / or
> docker. To learn something different requires time,energy,etc. This is not
> a good business card for the new users. And it implicitly admits that a
> useful and popular tool like docker doesn't work on an efficient operating
> system like FreeBSD. Yes there are great tools like docker for freebsd,
> but those users don't need it, they just want docker. Maybe they don't even
> need to learn bhyve. Just Docker. Your reasoning is typical of someone
> who has been using freebsd for some time, you don't think like those users
> who would like to adopt it and are evaluating the pros and cons. Take also
> in consideration that running bhyve to run Docker is a waste of resources
> on the machine,if I want to run only Docker,because in a normal situation,I
> shouldn't have the need to use bhyve. Users that have already boarded
> FreeBSD have probably already come to appreciate jails and many of them
> don't need to run bhyve to get docker. Remember the focus of my
> argumentation : it is something like this : I offer a native implementation
> of docker on FreeBSD and I use it as bait to attract more users. And
> between those users maybe there will be also good developers that will love
> FreeBSD even for different reasons than docker. The ultimate goal is to
> make freebsd a little more attractive to the industry, because as far as I
> read, it's slowly disappearing.
>
>
>
> On Thu, Apr 13, 2023 at 2:59 PM Miguel C <miguelmclara@gmail.com> wrote:
>
> 100% Agree with this, and the fact is there have been cases where there is
> that tolerance and there are maintainers making efforts to bring "linux"
> things to freeBSD even if via linux emulation.
>
> Docker has been mentioned many times in mailing lists and forums and there
> is always comments like "but why jails are much better" etc, sometimes not
> only intolerant but rude reply that serve only to drive people away IMHO.
>
> I also don't get why is that so complicated, is it just cause FreeBSD's
> maintainers/community don't want to even consider docker on FreeBSD?
> Couldn't we just run docker on bhyve? I'm sure it would serve the "just
> want to test this image purpose" but I suspect there will be some issues
> with Filesytem/network, not issues per say, but more like it likely takes
> some work to get this to run in easy manner, but I think I've seen mentions
> of using sshfs or zvols to make this part easier.
>
> MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is
> supported but docker, but they are still using a VM at the end of the day
> and handle the filesystem/network stuff for the user.
>
> I've never tried this my self but I don't think it should be that super
> complicated unless you plan to run docker on prod envs, I think here, the
> argument that "right tool for the job" is very valid.... I use docker on my
> macOS but I'm not going to run things in prod in macbooks ofc, I will still
> use Linux, K8s etc.
>
> Perhaps the FreeBSD foundation could invest a bit in getting a tool to
> easy the way of running docker through bhyve, I do believe this would be
> good for user adoption, but probably there are other priorities.
>
>
>
> On Thu, Apr 13, 2023 at 12:32 PM Mario Marietto <marietto2008@gmail.com>
> wrote:
>
> The point of my argumentation is not if FreeBSD has or not good tools for
> containerizing and securing applications. It has. Point is that the users
> that don't know FreeBSD are tied to their own tools and rarely want to
> change them. Almost everyone wants to change. But trying,experimenting and
> changing something in the workflow is important,because every tool has bad
> and good sides. There are many docker images already to be used on the net
> and this will save a lot of time and effort and money for a lot of people.
> This is a fact. And I think that it happened because Docker is...good.
> FreeBSD has tools like docker,but the mass production of containerized
> images never happened. So,would we ask ourselves the reason ? Maybe
> something has not gone well. I use Linux and FreeBSD and I "love" both
> these systems. Linux has a larger user base than FreeBSD. A larger user
> base may mean more innovations in a small time,a faster bug correction and
> so on.
>
> I think that mostly advantages from the implementation of docker on
> FreeBSD will come from the user base. Mostly for those users that come from
> linux or other OS and that already use docker and kubernetes. I don't think
> those users are a small number. Those users could jump to FreeBSD if Docker
> / Kubernetes are implemented in FreeBSD. This could be the straw that
> broke the camel's back. You argue that the jails are working already
> great and that they should use them. I argue that the freebsd community
> could have a more tolerant behavior to the users that could jump to the
> FreeBSD world and they should not force them to learn only new technologies
> at first. To have some important tools which work on multiple systems means
> having a good business card. So,in the end I ask to myself and to you :
> FreeBSD needs to grow in terms of community ? Does it need to be
> populated by a bigger number of users that will come from another OS base
> community ?
>
> On Thu, Apr 13, 2023 at 10:17 AM Alejandro Imass <aimass@yabarana.com>
> wrote:
>
>
>
> On Wed, Apr 12, 2023 at 4:28 PM Paul Pathiakis <pathiaki2@yahoo.com>
> wrote:
>
> I believe the simplest thing would be to wrap jails or iocage in an
> interface that looks like and behaves Docker-like.
>
>
> and Bastille!
>
>
>
>
>
> --
> Mario.
>
>
>
> --
> Mario.
>


-- 
Mario.