From owner-freebsd-virtualization@freebsd.org Wed Jan 23 18:29:56 2019 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E071714AF252 for ; Wed, 23 Jan 2019 18:29:55 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from webmail5.jnielsen.net (webmail5.jnielsen.net [69.87.218.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "webmail2.jnielsen.net", Issuer "freebsdsolutions.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B0EBD856F5 for ; Wed, 23 Jan 2019 18:29:52 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from [10.3.135.15] (50-207-240-162-static.hfc.comcastbusiness.net [50.207.240.162]) (authenticated bits=0) by webmail5.jnielsen.net (8.15.2/8.15.2) with ESMTPSA id x0NITmKn027672 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 23 Jan 2019 11:29:50 -0700 (MST) (envelope-from lists@jnielsen.net) X-Authentication-Warning: webmail5.jnielsen.net: Host 50-207-240-162-static.hfc.comcastbusiness.net [50.207.240.162] claimed to be [10.3.135.15] From: John Nielsen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: The status of docker Date: Wed, 23 Jan 2019 11:29:47 -0700 References: <089e330d-2761-2440-3b7f-dd22e9088af5@gjunka.com> <9A01020A-7CC6-4893-A425-11A7BF736F4E@ultra-secure.de> <42f59b63-fdc7-306f-d836-83533741a86c@FreeBSD.org> <03689819-B542-4F83-9E36-0E64739E019B@jnielsen.net> To: freebsd-virtualization@freebsd.org In-Reply-To: <03689819-B542-4F83-9E36-0E64739E019B@jnielsen.net> Message-Id: <0F16ACB4-9DF3-416D-B1F8-87DA8888DCD5@jnielsen.net> X-Mailer: Apple Mail (2.3445.102.3) X-Rspamd-Queue-Id: B0EBD856F5 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of lists@jnielsen.net designates 69.87.218.172 as permitted sender) smtp.mailfrom=lists@jnielsen.net X-Spamd-Result: default: False [-1.07 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.77)[-0.767,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.79)[-0.787,0]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MX_GOOD(-0.01)[mx0.freebsdsolutions.net,mx1.freebsdsolutions.net,mx2.freebsdsolutions.net,mx3.freebsdsolutions.net]; DMARC_NA(0.00)[jnielsen.net]; NEURAL_SPAM_SHORT(0.19)[0.185,0]; IP_SCORE(0.11)[asn: 6364(0.63), country: US(-0.08)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6364, ipnet:69.87.218.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2019 18:29:56 -0000 > On Jan 23, 2019, at 11:26 AM, John Nielsen wrote: >=20 >> On Jan 22, 2019, at 11:54 PM, Sergey Zakharchenko = wrote: >>=20 >> Hello there guys, >>=20 >>> Not quite. I took over the docker freebsd port. Currently I am = trying to >>> change him to moby project on GH. >>=20 >> Jochen, I wish you the best of luck. As a couple of cents, and on >> behalf of Digital Loggers, Inc., I've uploaded some old patches that >> we use to run an ancient version of Docker on FreeBSD: >> https://github.com/digitalloggers/docker-zfs-patches . They speed up >> building of large containers by not iterating over all container = files >> at every single stage, using ZFS diffs instead. No warranty, express >> or implied, is provided on those patches; I'm sure you'll find some >> edge cases where they'll break your container builds; you have been >> warned. Also, forgive my Go: that was the first and hopefully the = last >> time I wrote something in it. >>=20 >> That's not much; the real problems are with volume (e.g. single-file >> "volumes" which are hard links) and networking support; they were >> solved (kind of) by us by dynamically generating Dockerfiles and >> adding container startup wrappers, to the point that most would say >> it's too mutilated to be named Docker, so I'm afraid we aren't = sharing >> those for the time being. >>=20 >> My answers to why on earth one would run Docker under FreeBSD instead >> of using plain (or wrapped in yet another wrapper unknown to >> non-FreeBSD) jails would be uniformity, simplicity, skill reuse, etc. >> of quite a broad range of operations. However, Docker/Moby is really >> too tied to Linux; there seem to be random attempts at overcoming = that >> but they don't receive enough mind share. Jetpack >> (https://github.com/3ofcoins/jetpack/) could probably also benefit >> from the patches (with appropriate adjustments). Interested people >> willing to invest time in this should gather and decide how to move >> on. >=20 > Responding to a random message to share a random-ish thought: has = anyone looked at Firecracker? >=20 > https://firecracker-microvm.github.io/ > = https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-fo= r-serverless-computing/ >=20 > It's the now-open-source basis of AWS's Fargate service. The idea is = to be more secure and flexible than Docker for Kubernetes-like = workloads. Linux-only at the moment I'm sure but I don't see any reason = that FreeBSD couldn't run inside a Firecracker microVM (using a = stripped-down kernel with virtio_blk, if_vtnet, uart and either atkbdc = or a custom driver for the 1-button keyboard. It's also feasible that = FreeBSD could be a Firecracker host (and able to unmodified pre-packaged = Linux or other microVMs) if someone with the right Go skills wanted to = port the KVM bits to use VMM/bhyve. S/Go/Rust