Re: Docker

 Simply put, Linux could have done the same thing as jails but opted to not go in a standardized direction.
Instead, they went into a direction proprietary kernel hooks.  The people in the BSD world are always doing project review before even thinking of writing code.
Look at how jails are designed.  There are no proprietary hooks in my mind.  They just create a process that is nothing more than a process in the kernel's process table.  Simple.  Straightforward.
IF Linux had adopted a 'jail-like' design, there would be interoperability to some degree.  Imagine that Linux had a real packaging system and ports system that didn't land the user in dependency hell on a constant basis.  It could do a lot of things that jails do.  Linux community could choose to do something like docker/podman but instead, have everything that would make calls to package repos, OS versions, etc.
I can run 4 different versions of PostgreSQL on 4 different versions of FreeBSD in 4 jails....  I could choose to upgrade any of the 4 versions of the operating system to something more recent (I tend to stay with -RELEASEs) and I could choose to stay with the OS versions and upgrade the versions of PostGreSQL... mix, match, it all works
FreeBSD does research, design and they take their time.  I have no problems running on anything when it first releases.  I have actually seen Linux kernels go through security and operation patches of as many as 20-30 in the first 3 months of release.  That's not proper design.  That's not proper engineering.
Again, someone stated before that the Linux community thinks 'containers' are the latest thing.... BSD people see them as mature 20 y.o. code.  *shrug*
Creating their hypervisor, BHYVE, I watched this community discuss it almost ad infinitum before starting the work.
These are some of the prevalent differences between the philosophies of the two communities.  The are more and maybe my interpretations are 100% good/accurate.
Also, remember, the BSD license is WIDE OPEN.... the Linux community could have, at any time, borrowed the jails code and started a jails project... 20 YEARS AGO.
How about databases?  There was mySQL and MariaDB and MongoDB and CouchDB... etc etc etc.....  And there is Oracle.... and Sybase... oh... I mean MS-SQL....  25 years ago.... PostGreSQL...  Free!!!  OPEN!!!! Still is!!!  Bigger, better, stronger and faster than all of them.  People want to reinvent the wheel.  They should be applauded for that.
However, after seeing round wheels, why in the heck would someone say "I want to start with my own SQUARE wheel" when there's someone giving away round ones??  Well, I have yet to figure out if that's stupidity, arrogance or just plain lack of discipline and training and ego to not ask for help.
Paul
    On Friday, April 14, 2023 at 03:45:49 PM PDT, Mario Marietto <marietto2008@gmail.com> wrote:  
 
 So,let me understand : docker images aren't compatible with FreeBSD. Imagine that the FreeBSD jails will be not compatible with Linux. Wow,this is true interoperability.
On Sat, Apr 15, 2023 at 12:36 AM Paul Pathiakis <pathiaki2@yahoo.com> wrote:

 Hi,
Personally, I think jails are brilliant and their evolution has also been brilliant.
Gee, a complete operating system contained as a process running under the parent process that behaves just like the parent OS.You can upgrade the OS, the pkgs, etc.
I really don't think it would be hard to create a 'library' of jails.
Here's a postfix jailHere's a DNS jailHere's a PostGreSQL jail
You can run your jails via the "Master Jailer"You can create your/library of jails via "Jailer Key"You could put them in the "Jail Cell" of repositories
I actually created this on my server when I was running my now defunct company.
Literally, 40-50 jails that were running on my server that was a couple of Opteron chips on a SuperMicro system.  It never so much had a load on it of 2-3 and it was doing so much.
It was so easy to upgrade the OS versions on the jails and the ports (had to run ports for bug fixes)  
I had some serious 'white hat' friends that offered to do pen testing....  (I was running PF with redirects to the ports in the jails and nothing else was open on them)... I got so many beers when they gave up. :)
Truly, believe podman and containerd are going to be a serious improvement/change.  However, at home, on my machines, FreeBSD 13.1 and 13.2 will be this weekend.
My gf and her 85 y.o mom are running GhostBSD right now.  THEY HAVE LOVED IT for the last 5 years.
Paul
    On Friday, April 14, 2023 at 03:12:56 PM PDT, infoomatic <infoomatic@gmx.at> wrote:  
 
 I think docker is a good example of how to NOT do things. There is a
reason why it is dying, lots of bad things have happened in docker land.

However, let me post my opinion. We can distinguish between two
different types of containerizations: system level containers and
applications level containers. Linux LXC and FreeBSD jails fall into the
former category.

OCI containers fall into the application level container category and
are moving away from the awkward Docker stack to sane solutions: podman,
containerd, cri-o etc.
The basic idea is: I have a repository which provides signed images for
the users to pull and use as a running container. For software vendors,
I can create an image which is basically a tar with the files and
layered filesystems that can be pushed to the repository. Just like a
jail, all the needed software, libraries are contained in one image, but
easier accessible for users. The container consists of filesystem layers
identified by a hash, which can be referenced to by other containers
(e.g. a Debian Linux container in its minimal edition might be the base
for the Kali Linux penetration testing container). Files that should
persist are mounted via mount_nullfs into the container. The cool thing
about that is: the images are created using a declarative manner, a yaml
file.

FreeBSD already provides lots of the technology necessary to build that
(I am not talking about running Linux containers, but FreeBSD
application level containers), however, it just lacks some glue like a
system for defining a config file from which such a container is built,
a repo, and I have no idea about how stable/performant unionfs is.
Unfortunately I have not yet had time to look at the proposed projects
of this thread.

A few use cases come to mind (well, actually much more since I have
worked with OCI/"Docker" since the beginning): "I want to host a simple
public jitsi server, do not want to go through all the config. Someone
made such a setup already and pushed that container to some repo, oh
nice, let's just pull it and run it", or maybe: "oh, I do want to use
keepass as password manager, but do not want it to be able to make
network connections. Fine, just download the container and forbid
network access." I am a lazy guy, I prefer spending my time on creating
stuff and pushing it to a repository instead of fumbling around with
ansible scripts to deploy that stuff when pushing and pulling an upgrade
is so much easier via providing self-contained images.

So, yes, I would absolutely love to see application level containers, or
such a slick framework built around the great jail solution we already
have. Passing around containers as a single binary package for FreeBSD -
one may dream ;-)

Regards,
Robert


On 13.04.23 17:43, Mario Marietto wrote:
> For sure not everything,but something that is very requested and that it
> has given a solid proof to be a valid and robust tool. I think Docker
> has all these requisites.
>


  


-- 
Mario.