From owner-freebsd-virtualization@freebsd.org Thu Jan 24 13:42:01 2019 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2754C14B0702 for ; Thu, 24 Jan 2019 13:42:01 +0000 (UTC) (envelope-from kamil@kieliszczyk.net) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC7216BF2A for ; Thu, 24 Jan 2019 13:41:58 +0000 (UTC) (envelope-from kamil@kieliszczyk.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 1850723225; Thu, 24 Jan 2019 08:41:58 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 24 Jan 2019 08:41:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kieliszczyk.net; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version:content-type; s=mesmtp; bh=x1nu28OUY1DjrMRhQQlxMhO 0kHrj6j7eEz+h4vDfpHc=; b=VxGE75jXFOnkRVzZbbm5/NkwoolnlQu0QF3h9Lq 50HIWmJ4fKyOLOzRAU0Ky9kPTnGur40fVfVB8MvZlYT7pF7IcCpGC5eC2ByQP5o4 eVkfVUYZh6LsZXT00gJUHDuH1dwtWwwDTesNtjuKuhPgssGJ6Ob6J9sJX+J4zlxN MSK0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=x1nu28 OUY1DjrMRhQQlxMhO0kHrj6j7eEz+h4vDfpHc=; b=VjnGvfxsslfRnYrKXbHW9k x+Hj7599S1YQCR7ApZrZE8opqwTEAclMOnLcI0lIBTLU83l+AOT3hSzI4+06ejrg SVjIwCF+ss3XIB6RYuQ7HjroKO43jBo5oS25l+lCR6UPbe7nbOS7R4XuxYpMX/LH sQAnCBXvFmFMaYgSm40LsIc30YSXeXPNhO2HJ9jD7/rbkKXPwM/eSu4jp+yl6c7m Li4LCLTxn8EPT3nWZLOccSFv4zG4EYU8zkkD3A0xs/S0y8hhAh3pZegwWowu82XN gNSbSZzWNwNerHfgi0dVpkBdAOIj0Ajd8X6ajrjaWgz8NPimtRKQpjBcdq3VDT3w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledriedvgdehgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffkjghfuf ggtgesghdtreertddtjeenucfhrhhomhepmfgrmhhilhcumfhivghlihhsiigtiiihkhcu oehkrghmihhlsehkihgvlhhishiitgiihihkrdhnvghtqeenucffohhmrghinhepfhhrvg gvsghsugdrohhrghdpghhithhhuhgsrdgtohhmnecukfhppeehrddujeefrdduiedtrdei necurfgrrhgrmhepmhgrihhlfhhrohhmpehkrghmihhlsehkihgvlhhishiitgiihihkrd hnvghtnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from walter.local.mail (user-5-173-160-6.play-internet.pl [5.173.160.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 0EA241027C; Thu, 24 Jan 2019 08:41:55 -0500 (EST) Date: Thu, 24 Jan 2019 14:41:52 +0100 From: Kamil Kieliszczyk To: ss griffon , Grzegorz Junka , "Patrick M. Hausen" Cc: freebsd-virtualization@freebsd.org Message-ID: In-Reply-To: <5e0f5b46-3508-c29c-2e05-d3e97154512f@gjunka.com> References: <089e330d-2761-2440-3b7f-dd22e9088af5@gjunka.com> <9A01020A-7CC6-4893-A425-11A7BF736F4E@ultra-secure.de> <42f59b63-fdc7-306f-d836-83533741a86c@FreeBSD.org> <5c926314-adce-dba1-f5ce-2fda35e1aeba@gjunka.com> <1548c51e-49ba-4113-5ade-5515b77a3a44@gjunka.com> <4643A871-4AD6-4C25-AEA7-7BA85B873A19@punkt.de> <5e0f5b46-3508-c29c-2e05-d3e97154512f@gjunka.com> Subject: Re: The status of docker MIME-Version: 1.0 Content-Type: multipart/signed; boundary="33FF383B-ACB0-4EF6-8B4E-6A3EFD04C181"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Rspamd-Queue-Id: BC7216BF2A X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=kieliszczyk.net header.s=mesmtp header.b=VxGE75jX; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=VjnGvfxs; spf=pass (mx1.freebsd.org: domain of kamil@kieliszczyk.net designates 66.111.4.29 as permitted sender) smtp.mailfrom=kamil@kieliszczyk.net X-Spamd-Result: default: False [-6.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(0.00)[+ip4:66.111.4.29]; DKIM_MIXED(0.00)[]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[kieliszczyk.net:~,messagingengine.com:+]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[6.160.173.5.zen.spamhaus.org : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[29.4.111.66.list.dnswl.org : 127.0.5.1]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_XBL(3.00)[6.160.173.5.zen.spamhaus.org : 127.0.0.4]; R_DKIM_ALLOW(-0.20)[messagingengine.com:s=fm1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; DMARC_NA(0.00)[kieliszczyk.net]; BAD_REP_POLICIES(0.10)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_DKIM_PERMFAIL(0.00)[kieliszczyk.net:s=mesmtp]; IP_SCORE(-3.63)[ip: (-9.70), ipnet: 66.111.4.0/24(-4.69), asn: 11403(-3.66), country: US(-0.08)] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2019 13:42:01 -0000 --33FF383B-ACB0-4EF6-8B4E-6A3EFD04C181 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline My 2c on running Docker on =46reeBSD: 1) I=E2=80=99m using Docker and Kubernetes quite extensively during my wo= rk days so I tried to run Docker on =46reeBSD in my free time because.. w= hy not=3F =46irst I tried to run boot2docker project in VirtualBox as I remember th= at it was the way to run Docker on OSX a long time ago. Unfortunately, I = had too much problems with it so I switched to running boot2docker inside= bhyve. It was running alright, no major issues, no crashes so I went dow= n that path. I improved a little bit my setup and wrote down a small tuto= rial for myself. You can find it here:=C2=A0 https://github.com/kiela/kiela.github.io/blob/master/Docker%20on%20=46ree= BSD%20-%20%5Bpart%204%5D%20Using%20vm-bhyve.md I=E2=80=99ve been using this as a Docker Swarm cluster running Nextcloud,= PostgreSQL and a bunch of other containers inside it. Upgrading =46reeBS= D (host) or boot2docker (guest) or containers worked like a charm. And I=E2= =80=99ve been using this for last 6+ months. Maybe this will help someone= to start playing with Docker on =46reeBSD and save some time figuring ou= t how to do it. 2) Docker is not just running single image, managing volumes and networks= - it=E2=80=99s much more. =46or example Docker Swarm which allows cluste= ring and running whole application stack (multiple apps, DB, cache, logs = etc) in a cluster which hosts are running on =46reeBSD. I=E2=80=99m not t= rying to=C2=A0discourage anyone from porting Docker to =46reeBSD. I would= love to have Docker natively supported in =46reeBSD. I just think that i= f one wants to just get up and running Docker on =46reeBSD for developmen= t/tests/personal use, boot2docker+bhyve should be enough. Maybe wrapping = it in a nice tool like vm-bhyve did with bhyve. If one wants to use Docke= r in production, one should strongly consider running Kubernetes cluster = and use Docker images there. -- Kamil Kieliszczyk On 23 January 2019 at 22:09:32, Grzegorz Junka (list1=40gjunka.com) wrote= : On 23/01/2019 03:21, ss griffon wrote: > I'm a bit late to the game, but I wanted to add my 2 cents.=C2=A0 I don= 't =20 > see the benefit of implementing =22docker=22 in =46reeBSD.=C2=A0 If you= are just =20 > implementing the linux system calls i.e. using the linuxulator, then =20 > you lose any benefits of running on =46reeBSD.=C2=A0 It seems like =20 > implementing the docker interfaces, like a Dockerfile, registry =20 > support and networking switches using =46reeBSD specific implementation= s =20 > would be extremely helpful.=C2=A0 Especially for the CI/CD workflow. > > =46or example: > =23Dockerfile > > =23Pull a image from registry and create a new dataset with snapshot. > =23Registry could be http, ftp or any other transfer protocol. > =46ROM =46reeBSD:RELEASE-11.2 > > =23Copy app directory into the jailed directory.=C2=A0 Perhaps setting = system =20 > immutable flag. > COPY ./app /app > > =23Use pf to route to port 80 from the host.=C2=A0 Or use vnet > EXPOSE 80 > > =23Run a command in the jail to prepare the new image. > RUN env ASSUME=5FALWAYS=5FYES=3Dyes pkg install bash nginx uwsgi py36-f= lask > > =23Mark the startup command > CMD /bin/sh /etc/rc > > > The above would be very familiar to docker users and can be used to =20 > generate a standards compliant image (I believe there was a project =20 > jetpack that did something like this). Creating a OCI compliant image =20 > would probably be the first step to using kubernetes, but I haven't =20 > really spent any time looking at kubernetes. > > We could also add extensions for using resource limits, capsicum, =20 > devd, security levels etc.=C2=A0 The other cool thing is this could all= be =20 > run inside a jail using heirarchical jails. > Isn't implementing =22docker=22 on =46reeBSD the same as implementing OCI= =20 specification, i.e. runtime-spec=3F Seeing that OCI was founded by Docker= =20 I would have thought they align the docker implementation with the spec=3F= Then to extend that question, wouldn't adding support for docker to =20 =46reeBSD mean to add OCI compliance layer to jails=3F I don't think the = =20 plan is to add support for Linux containers, or =22containerization=22, t= o =20 =46reeBSD kernel=3F GrzegorzJ =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F freebsd-virtualization=40freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to =22freebsd-virtualization-unsubscribe=40= freebsd.org=22 --33FF383B-ACB0-4EF6-8B4E-6A3EFD04C181 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using AMPGpg -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEf/xj3KgRohcB9E87n+xu6AaoRjwFAlxJwKEACgkQn+xu6Aao RjyYLhAAz17lOuhaM1BlQptC11t8QMabqp6173G1PVRMHycrI69NznYLkR6ZMzUT 412+z+PF81E+RR9F9ko5XaEuQ11zrfGWcxHwZmRK3PX59yFTOn+EijuGbo9Q294Y 1uodfEFh62w1DRCxGzvjx3A4jb/SSDeF/2/x44Z8mb9dmzyR5yLLj19YQNlLBUkv D3tFrDKWujIwcsXY3sxqPthkYf0O4bpQeFr2jkHnIbdvcwwaNy7ZH9GLe/fh0jqp TOyonA9trcBQodDjc2AB8uhP4LpXYFvw0uAVPYIT3dxa0/W9Kauzlz8NFhEZYKqD N3VFz+o0KWDCNqU+GHl+lSNKxxjGjIgkAr0K2hpM8Kj/rM+30R9a62Er/peLC0YO 8tJl6H/6GKN8J/DWNvTjhJRbrXRz3l5H+G09VXTthsw6pWZa38NghlEKQ6ljadU2 WSjMgtxyZQey4pHGpnEOWWVOEpe2q/Le+BDP+sIktPE0YD6VHZCnlbsCXFKdKn8/ /nMjCmyAUzY6ocq3elzivbsgo+/UToFFCDzVrt6DAPP1ZXAfuyf+Zl0FEfoAMXL7 USiXC+qml4P0s5rr3KklwWAZOPkOHwWNRpvxMSOpVpMDHB8X0UkTxERsd8qqx6ve TmECpJjh9zUYkHzkJyy6DiSZ3Rgul6XqDgwT5TyFUd4O/vnXyXE= =/w15 -----END PGP SIGNATURE----- --33FF383B-ACB0-4EF6-8B4E-6A3EFD04C181--