Re: Docker
- Reply: Paul Pathiakis : "Re: Docker"
- Reply: Tomek CEDRO : "Re: Docker"
- In reply to: Paul Pathiakis : "Re: Docker"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Apr 2023 22:45:12 UTC
So,let me understand : docker images aren't compatible with FreeBSD. Imagine that the FreeBSD jails will be not compatible with Linux. Wow,this is true interoperability. On Sat, Apr 15, 2023 at 12:36 AM Paul Pathiakis <pathiaki2@yahoo.com> wrote: > Hi, > > Personally, I think jails are brilliant and their evolution has also been > brilliant. > > Gee, a complete operating system contained as a process running under the > parent process that behaves just like the parent OS. > You can upgrade the OS, the pkgs, etc. > > I really don't think it would be hard to create a 'library' of jails. > > Here's a postfix jail > Here's a DNS jail > Here's a PostGreSQL jail > > You can run your jails via the "Master Jailer" > You can create your/library of jails via "Jailer Key" > You could put them in the "Jail Cell" of repositories > > I actually created this on my server when I was running my now defunct > company. > > Literally, 40-50 jails that were running on my server that was a couple of > Opteron chips on a SuperMicro system. It never so much had a load on it of > 2-3 and it was doing so much. > > It was so easy to upgrade the OS versions on the jails and the ports (had > to run ports for bug fixes) > > I had some serious 'white hat' friends that offered to do pen testing.... > (I was running PF with redirects to the ports in the jails and nothing else > was open on them)... I got so many beers when they gave up. :) > > Truly, believe podman and containerd are going to be a serious > improvement/change. However, at home, on my machines, FreeBSD 13.1 and > 13.2 will be this weekend. > > My gf and her 85 y.o mom are running GhostBSD right now. THEY HAVE LOVED > IT for the last 5 years. > > Paul > > On Friday, April 14, 2023 at 03:12:56 PM PDT, infoomatic < > infoomatic@gmx.at> wrote: > > > I think docker is a good example of how to NOT do things. There is a > reason why it is dying, lots of bad things have happened in docker land. > > However, let me post my opinion. We can distinguish between two > different types of containerizations: system level containers and > applications level containers. Linux LXC and FreeBSD jails fall into the > former category. > > OCI containers fall into the application level container category and > are moving away from the awkward Docker stack to sane solutions: podman, > containerd, cri-o etc. > The basic idea is: I have a repository which provides signed images for > the users to pull and use as a running container. For software vendors, > I can create an image which is basically a tar with the files and > layered filesystems that can be pushed to the repository. Just like a > jail, all the needed software, libraries are contained in one image, but > easier accessible for users. The container consists of filesystem layers > identified by a hash, which can be referenced to by other containers > (e.g. a Debian Linux container in its minimal edition might be the base > for the Kali Linux penetration testing container). Files that should > persist are mounted via mount_nullfs into the container. The cool thing > about that is: the images are created using a declarative manner, a yaml > file. > > FreeBSD already provides lots of the technology necessary to build that > (I am not talking about running Linux containers, but FreeBSD > application level containers), however, it just lacks some glue like a > system for defining a config file from which such a container is built, > a repo, and I have no idea about how stable/performant unionfs is. > Unfortunately I have not yet had time to look at the proposed projects > of this thread. > > A few use cases come to mind (well, actually much more since I have > worked with OCI/"Docker" since the beginning): "I want to host a simple > public jitsi server, do not want to go through all the config. Someone > made such a setup already and pushed that container to some repo, oh > nice, let's just pull it and run it", or maybe: "oh, I do want to use > keepass as password manager, but do not want it to be able to make > network connections. Fine, just download the container and forbid > network access." I am a lazy guy, I prefer spending my time on creating > stuff and pushing it to a repository instead of fumbling around with > ansible scripts to deploy that stuff when pushing and pulling an upgrade > is so much easier via providing self-contained images. > > So, yes, I would absolutely love to see application level containers, or > such a slick framework built around the great jail solution we already > have. Passing around containers as a single binary package for FreeBSD - > one may dream ;-) > > Regards, > Robert > > > On 13.04.23 17:43, Mario Marietto wrote: > > For sure not everything,but something that is very requested and that it > > has given a solid proof to be a valid and robust tool. I think Docker > > has all these requisites. > > > > > -- Mario.