From nobody Thu Apr 13 15:43:15 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Py3lY5QTBz45J60 for ; Thu, 13 Apr 2023 15:43:53 +0000 (UTC) (envelope-from marietto2008@gmail.com) Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Py3lY3csyz49Vd for ; Thu, 13 Apr 2023 15:43:53 +0000 (UTC) (envelope-from marietto2008@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb33.google.com with SMTP id j10so5669311ybj.1 for ; Thu, 13 Apr 2023 08:43:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681400632; x=1683992632; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=51xi4p2JiTpQ/hFP3LISUzvR/gE65lfc4hZD2PiYNmQ=; b=i8JJEJ4ltqwzFNy0B8whfkC0uAIvm4FlNQO2cWQ6WP7NFwYYaJBwmAicsX/NzvWmEj vARukEJ35I+4by9f+oxiqIFcupofv1uBjxIxR42EcyNvBzvKpd/RSqVqOr+AHxOfgFXU DZqK7bzuUMuNWl17bkzTNcP+ERYL5PhnCUKbb/rqGX1IdMHG7wF9kFnHPPVPud81O60l khZ7wFHEaTKYWGl2hfFgL5/FGCscI8N7eXgnwepaipLPIxn/ABDu3KSK9Uj8pBOI6GyT PTZz6gznYD0RG6sL2/PYNse9e+aUlsn7mGAeHxTH68lq3drs8+cxZohI9jKeY69R4dw7 kUAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681400632; x=1683992632; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=51xi4p2JiTpQ/hFP3LISUzvR/gE65lfc4hZD2PiYNmQ=; b=jorQ196IRJZrIGX/TBtijIViLHCiBDvmDd1t9RFbjGyrCRXdNRiJo7SkkSoO+//r72 qyYthH3B7prggs07c6yehqxqytIcEACKXRgqCIbwtylr4J9SC5q8fbxnbMGzLx+ZmawH Koda1NWGyF7Qz1mwZP69u/bBysVgKIiRQFiFwFIFoh2DpWllk1NMjNtBkQmh/o4wU6F0 BlpJIgHKpf8BZE8nUug/cBpLdcMrBMrMcOE8jWkLsI14WZGArIbLzVwp/98RkX4IAbib rIM/g9O0w7tHcrSPpN1Q6VV/fTXWchV1q42hZK/jod/Sd30abPNBGRBLpPWH9MO7tKDt Fw+w== X-Gm-Message-State: AAQBX9fpzf9uM6wso0RIjRwvZYyZxvRetkWR8+UGzTY06Ei6JIBQW0Ff w1wON7KO1KoWB7FNuecBp1nhQ1y9+D1vhVppHDQ= X-Google-Smtp-Source: AKy350bxSAB5rC2J3Ka9eVDknBp3VStACB5UJUzSk0+4EiuSpzTtZEsCOrioEZaoCthQNiyC0SozjLLM0JhnaGzgB48= X-Received: by 2002:a25:6ed6:0:b0:b68:d117:305b with SMTP id j205-20020a256ed6000000b00b68d117305bmr1398223ybc.10.1681400632235; Thu, 13 Apr 2023 08:43:52 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <1535315680.2770963.1681309684072@mail.yahoo.com> <543289768.3317542.1681394425362@mail.yahoo.com> In-Reply-To: <543289768.3317542.1681394425362@mail.yahoo.com> From: Mario Marietto Date: Thu, 13 Apr 2023 17:43:15 +0200 Message-ID: Subject: Re: Docker To: Paul Pathiakis Cc: Miguel C , Alejandro Imass , "Steve O'Hara-Smith" , Tim Preston , freebsd-questions Content-Type: multipart/alternative; boundary="00000000000068db5005f93997e7" X-Rspamd-Queue-Id: 4Py3lY3csyz49Vd X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --00000000000068db5005f93997e7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable For sure not everything,but something that is very requested and that it has given a solid proof to be a valid and robust tool. I think Docker has all these requisites. On Thu, Apr 13, 2023 at 4:00=E2=80=AFPM Paul Pathiakis wrote: > I guess my opinion at this point is to drop this. I don't see a valid > point for diverting resources and various other things to accommodate > 'docker' or many other things that are dependent on 'linuxisms'. Where > does it stop? Do we start porting everything from Windows as well? My > point is there are many things in many OSes and variants thereof, that ha= ve > hooks into proprietary parts of the kernel that are not 'modular'. By > modular, I mean that they can be compiled and used on another OS like mos= t > things in the ports/pkgs system. Since this is 'kernel' level, I don't > think FreeBSD should pursue such an endeavor with the limited resources a= t > hand. The FreeBSD kernel and userland are a thing of beauty and refineme= nt > imho. All I have to do is look at the CVE database to see that in the la= st > 10 years there only a couple of hundred bugs. Just the linux KERNEL has > 1000s as does windows. I would worry that anything that had ties into th= e > Linux kernel is probably an issue waiting to happen. > > I've been doing system administration and system architecture for over 35 > years... When people ask what the dominant *nix OS is and are expecting > Linux.... It starts us down the road of all the big boys use FreeBSD > because they can't afford to have constant patching and vulnerabilities. > > So, it's either in a hypervisor and we go from there or drop it. The > amount of time spent on this discussion is becoming 'trollish' > > Paul > > On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto < > marietto2008@gmail.com> wrote: > > > ---> Couldn't we just run docker on bhyve? > > more no than yes. You could try to put yourself in other people's shoes. > You are only moving the problem. You are indirectly asking the users that > come from another system to learn bhyve if they want to use docker. Why > should they learn something different to just use what they need ? At thi= s > point they could jump directly to learn jails,instead of bhyve and / or > docker. To learn something different requires time,energy,etc. This is no= t > a good business card for the new users. And it implicitly admits that a > useful and popular tool like docker doesn't work on an efficient operatin= g > system like FreeBSD. Yes there are great tools like docker for freebsd, > but those users don't need it, they just want docker. Maybe they don't ev= en > need to learn bhyve. Just Docker. Your reasoning is typical of someone > who has been using freebsd for some time, you don't think like those user= s > who would like to adopt it and are evaluating the pros and cons. Take als= o > in consideration that running bhyve to run Docker is a waste of resources > on the machine,if I want to run only Docker,because in a normal situation= ,I > shouldn't have the need to use bhyve. Users that have already boarded > FreeBSD have probably already come to appreciate jails and many of them > don't need to run bhyve to get docker. Remember the focus of my > argumentation : it is something like this : I offer a native implementati= on > of docker on FreeBSD and I use it as bait to attract more users. And > between those users maybe there will be also good developers that will lo= ve > FreeBSD even for different reasons than docker. The ultimate goal is to > make freebsd a little more attractive to the industry, because as far as = I > read, it's slowly disappearing. > > > > On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM Miguel C = wrote: > > 100% Agree with this, and the fact is there have been cases where there i= s > that tolerance and there are maintainers making efforts to bring "linux" > things to freeBSD even if via linux emulation. > > Docker has been mentioned many times in mailing lists and forums and ther= e > is always comments like "but why jails are much better" etc, sometimes no= t > only intolerant but rude reply that serve only to drive people away IMHO. > > I also don't get why is that so complicated, is it just cause FreeBSD's > maintainers/community don't want to even consider docker on FreeBSD? > Couldn't we just run docker on bhyve? I'm sure it would serve the "just > want to test this image purpose" but I suspect there will be some issues > with Filesytem/network, not issues per say, but more like it likely takes > some work to get this to run in easy manner, but I think I've seen mentio= ns > of using sshfs or zvols to make this part easier. > > MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is > supported but docker, but they are still using a VM at the end of the day > and handle the filesystem/network stuff for the user. > > I've never tried this my self but I don't think it should be that super > complicated unless you plan to run docker on prod envs, I think here, the > argument that "right tool for the job" is very valid.... I use docker on = my > macOS but I'm not going to run things in prod in macbooks ofc, I will sti= ll > use Linux, K8s etc. > > Perhaps the FreeBSD foundation could invest a bit in getting a tool to > easy the way of running docker through bhyve, I do believe this would be > good for user adoption, but probably there are other priorities. > > > > On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto > wrote: > > The point of my argumentation is not if FreeBSD has or not good tools for > containerizing and securing applications. It has. Point is that the users > that don't know FreeBSD are tied to their own tools and rarely want to > change them. Almost everyone wants to change. But trying,experimenting an= d > changing something in the workflow is important,because every tool has ba= d > and good sides. There are many docker images already to be used on the ne= t > and this will save a lot of time and effort and money for a lot of people= . > This is a fact. And I think that it happened because Docker is...good. > FreeBSD has tools like docker,but the mass production of containerized > images never happened. So,would we ask ourselves the reason ? Maybe > something has not gone well. I use Linux and FreeBSD and I "love" both > these systems. Linux has a larger user base than FreeBSD. A larger user > base may mean more innovations in a small time,a faster bug correction an= d > so on. > > I think that mostly advantages from the implementation of docker on > FreeBSD will come from the user base. Mostly for those users that come fr= om > linux or other OS and that already use docker and kubernetes. I don't thi= nk > those users are a small number. Those users could jump to FreeBSD if Dock= er > / Kubernetes are implemented in FreeBSD. This could be the straw that > broke the camel's back. You argue that the jails are working already > great and that they should use them. I argue that the freebsd community > could have a more tolerant behavior to the users that could jump to the > FreeBSD world and they should not force them to learn only new technologi= es > at first. To have some important tools which work on multiple systems mea= ns > having a good business card. So,in the end I ask to myself and to you : > FreeBSD needs to grow in terms of community ? Does it need to be > populated by a bigger number of users that will come from another OS base > community ? > > On Thu, Apr 13, 2023 at 10:17=E2=80=AFAM Alejandro Imass > wrote: > > > > On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis > wrote: > > I believe the simplest thing would be to wrap jails or iocage in an > interface that looks like and behaves Docker-like. > > > and Bastille! > > > > > > -- > Mario. > > > > -- > Mario. > --=20 Mario. --00000000000068db5005f93997e7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
For sure not everything,but something that is very request= ed and that it has given a solid proof to be a valid and robust tool. I thi= nk Docker has all these requisites.

On Thu, Apr 13, 2023 at 4:00=E2=80= =AFPM Paul Pathiakis <pathiaki2@y= ahoo.com> wrote:
I guess my opinion at this point is to drop this.= =C2=A0 I don't see a valid point for diverting resources and various ot= her things to accommodate 'docker' or many other things that are de= pendent on 'linuxisms'.=C2=A0 Where does it stop?=C2=A0 Do we start= porting everything from Windows as well?=C2=A0 My point is there are many = things in many OSes and variants thereof, that have hooks into proprietary = parts of the kernel that are not 'modular'.=C2=A0 By modular, I mea= n that they can be compiled and used on another OS like most things in the = ports/pkgs system.=C2=A0 Since this is 'kernel' level, I don't = think FreeBSD should pursue such an endeavor with the limited resources at = hand.=C2=A0 The FreeBSD kernel and userland are a thing of beauty and refin= ement imho.=C2=A0 All I have to do is look at the CVE database to see that = in the last 10 years there only a couple of hundred bugs.=C2=A0 Just the li= nux KERNEL has 1000s as does windows.=C2=A0 I would worry that anything tha= t had ties into the Linux kernel is probably an issue waiting to happen.

I've been doing system a= dministration and system architecture for over 35 years...=C2=A0 When peopl= e ask what the dominant *nix OS is and are expecting Linux.... It starts us= down the road of all the big boys use FreeBSD because they can't affor= d to have constant patching and vulnerabilities.

=
So, it's either in a hypervisor and we go from t= here or drop it.=C2=A0 The amount of time spent on this discussion is becom= ing 'trollish'

Pau= l

=20
=20
On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario= Marietto <m= arietto2008@gmail.com> wrote:


---> Couldn't we just run docker on b= hyve?

more no than yes. You could try to put yourself in other people's shoes. You are= only moving the problem. You are indirectly asking the users that come fro= m another system to learn bhyve if they want to use docker. Why should they= learn something different to just use what they need ? At this point they = could jump directly to learn jails,instead of bhyve and / or docker. To lea= rn something different requires time,energy,etc. This is not a good busines= s card for the new users. And it implicitly admits= that a useful and popular tool like docker doesn't work on an efficien= t operating system like FreeBSD. Yes there are gre= at tools like docker for freebsd, but those users don't need it, they j= ust want docker. Maybe they don't even need to learn bhyve. Just Docker= . Your reasoning is typical of someone who has bee= n using freebsd for some time, you don't think like those users who wou= ld like to adopt it and are evaluating the pros and cons. Take also in cons= ideration that running bhyve to run Docker is a waste of resources on the m= achine,if I want to run only Docker,because in a normal situation,I shouldn= 't have the need to use bhyve. Users that have= already boarded FreeBSD have probably already come to appreciate jails and= many of them don't need to run bhyve to get docker. Remember the focus= of my argumentation : it is something like this : I offer a native impleme= ntation of docker on FreeBSD and I use it as bait to attract more users. An= d between those users maybe there will be also good developers that will lo= ve FreeBSD even for different reasons than docker. The ultimate goal is to<= /span> make freebsd a little more attractive to the indus= try, because as far as I read, it's slowly disappearing.



On Thu, Apr 13, 2023 at 2:59= =E2=80=AFPM Miguel C <miguelmclara@gmail.com> wr= ote:
<= div>
100% Agree with this, and the fact is there have been cases w= here there is that tolerance and there are maintainers making efforts to br= ing "linux" things to freeBSD even if via linux emulation.
<= div>
Docker has been mentioned many times in m= ailing lists and forums and there is always comments like "but why jai= ls are much better" etc, sometimes not only intolerant but rude reply = that serve only to drive people away IMHO.

I also don't get why is that so complicated, is it just cause F= reeBSD's maintainers/community don't want to even consider docker o= n FreeBSD? Couldn't we just run docker on bhyve? I'm sure it would = serve the "just want to test this image purpose" but I suspect th= ere will be some issues with Filesytem/network, not issues per say, but mor= e like it likely takes some work to get this to run in easy manner, but I t= hink I've seen mentions of using sshfs or zvols to make this part easie= r.

MacOS and Windows use virtualiza= tion anyway, sure Docker "DESKTOP" is supported but docker, but t= hey are still using a VM at the end of the day and handle the filesystem/ne= twork stuff for the user.

I= 've never tried this my self but I don't think it should be that su= per complicated unless you plan to run docker on prod envs, I think here, t= he argument that "right tool for the job" is very valid.... I use= docker on my macOS but I'm not going to run things in prod in macbooks= ofc, I will still use Linux, K8s etc.

Perhaps the FreeBSD foundation could invest a bit in getting a= tool to easy the way of running docker through bhyve, I do believe this wo= uld be good for user adoption, but probably there are other priorities.



On Thu, Apr 13, 2023 at 12:32=E2= =80=AFPM Mario Marietto <marietto2008@gmail.com>= wrote:
The point of my argumentation is not if FreeBSD has or not good tool= s for containerizing and securing applications. It has. Point is that the u= sers that don't know FreeBSD are tied to their own tools and rarely wan= t to change them. Almost everyone wants to change. But trying,experimenting= and changing something in the workflow is important,because every tool has= bad and good sides. There are many docker images already to be used on the= net and this will save a lot of time and effort and money for a lot of peo= ple. This is a fact. And I think that it happened because Docker is...good.= FreeBSD has tools like docker,but the mass production of containerized ima= ges never happened. So,would we ask ourselves the reason ? Maybe something = has not gone well. I use Linux and FreeBSD and I "love" both thes= e systems. Linux has a larger user base than FreeBSD. A larger user base ma= y mean more innovations in a small time,a faster bug correction and so on. =

I think that mo= stly advantages from the implementation of docker on FreeBSD will come from= the user base. Mostly=20 for those users that come from linux or other OS and that already use=20 docker and kubernetes. I don't think those users are a small number.=20 Those users could jump to FreeBSD if Docker / Kubernetes are implemented in FreeBSD. This could be the straw that broke the camel= 's back. You argue that the jails are working already great and = that they should use them. I argue that the freebsd community could have a = more tolerant behavior to the users that could jump to the FreeBSD world and th= ey should not force them to learn only new technologies at first. To have s= ome important tools which work on multiple systems means having a good business card. So,in the=20 end I ask to myself and to you : FreeBSD needs to grow in terms of co= mmunity ? Does it need to be populated by a bigger number of users t= hat will come from another OS base community ?

On Thu, Apr 13, 2023 at 10:17= =E2=80=AFAM Alejandro Imass <aimass@yabarana.com> w= rote:
=


On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.com> wrote:
I believe the simplest thing would be to wrap jail= s or iocage in an interface that looks like and behaves Docker-like.
<= div dir=3D"ltr">

and Bastille!
=C2=A0



--
Mario.


--
Mario.


--
Mario.
--00000000000068db5005f93997e7--