From nobody Sat Apr 15 09:13:53 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pz71558Gqz44xSL for ; Sat, 15 Apr 2023 09:14:17 +0000 (UTC) (envelope-from pat@patmaddox.com) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pz7144Zbgz4KP4 for ; Sat, 15 Apr 2023 09:14:16 +0000 (UTC) (envelope-from pat@patmaddox.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=patmaddox.com header.s=fm2 header.b=MTUT8Ryv; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="N L+HCvX"; spf=pass (mx1.freebsd.org: domain of pat@patmaddox.com designates 64.147.123.19 as permitted sender) smtp.mailfrom=pat@patmaddox.com; dmarc=none Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 2520532002D8; Sat, 15 Apr 2023 05:14:15 -0400 (EDT) Received: from imap41 ([10.202.2.91]) by compute2.internal (MEProxy); Sat, 15 Apr 2023 05:14:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=patmaddox.com; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm2; t= 1681550054; x=1681636454; bh=pYaQD2DAdICe5lvcuPs3nXtB/6G890pDvqF s/zbQ8rg=; b=MTUT8RyvfWI8PQtnfzHa6Sj6IKf4tRbxAefh/feo32LUfsXD3f0 9s4y6hzSklVwxrvEc7hMzqAcJR02wnniw1ZSivL1nFu3RD7l3couj4SAnoRPSwT2 CqelRH95jEWGdLK5ZICoQ2Q/eziOqnvIWox5nLN3LdKW2cQw7niINeJeyeB+pq0J 21vQGJc8BSPmqyy1aRPfJiXOKKD6z8QBX5KWiE8tOpIqsX3ye/cCLUERFFZd7ddV WsOG/DtRTgBcnrxYsxP2EMvZvUO0W0xw0WvC/GZR+lVths8DoKpnNZu5FHS0hp6O UbEQEdZQjgf5GbV49uyoZRsZ6F7ojOE1L5A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1681550054; x= 1681636454; bh=pYaQD2DAdICe5lvcuPs3nXtB/6G890pDvqFs/zbQ8rg=; b=N L+HCvXjVILX4cfjkVV8Z60GL2jNbLZamvXT+JSTDTy0XxNK/VnOw8UtCAliNpdRa RRb+qg9N2EMpB3LjJQGhsc+eANnGtv9twQfgJ/9UMuq1nscFe+BpOM9MrtYw4UFF wKSu3N7OCbZ0VLRETpXD6+1cTticQYmH7R1elpOYDu+cgqWveTUy/cXc7Hf2FPsy ovYaJVDDpXnS328qw6M+HtwgCucREYUm5SJGkeJzqFvSuc2DzB09Xpq3MhLR18nF MrA/Ga90cbX+BlLnXYmrKXs2ZlOnoilA5Hpfz5Idt7F2maEieOOsGYw7xyCt5QGX kEo8eJ1/C+pqxdfcJLUSg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdelvddgudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdfrrghtucforgguughogidfuceophgrthesphgrthhm rgguughogidrtghomheqnecuggftrfgrthhtvghrnhephfegieetvdegvedtvdejffdvhf dvteegteeltdfgjeeuheffffeffffgkedttddunecuffhomhgrihhnpehfrhgvvggsshgu rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epphgrthesphgrthhmrgguughogidrtghomh X-ME-Proxy: Feedback-ID: i8b6c40f9:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 70B04234007B; Sat, 15 Apr 2023 05:14:14 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-334-g8c072af647-fm-20230330.001-g8c072af6 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Message-Id: <1d0a7ed1-9330-49df-9b66-9ee4387de511@app.fastmail.com> In-Reply-To: <20230412155252.5e38ea4728bd52dc798852fc@sohara.org> References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <1535315680.2770963.1681309684072@mail.yahoo.com> <20230412155252.5e38ea4728bd52dc798852fc@sohara.org> Date: Sat, 15 Apr 2023 02:13:53 -0700 From: "Pat Maddox" To: questions@freebsd.org Subject: Re: Docker Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.09 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.19]; R_DKIM_ALLOW(-0.20)[patmaddox.com:s=fm2,messagingengine.com:s=fm3]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.19:from]; XM_UA_NO_VERSION(0.01)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[patmaddox.com:+,messagingengine.com:+]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[patmaddox.com]; FREEFALL_USER(0.00)[pat]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4Pz7144Zbgz4KP4 X-Spamd-Bar: ---- X-ThisMailContainsUnwantedMimeParts: N On Wed, Apr 12, 2023, at 7:52 AM, Steve O'Hara-Smith wrote: > Docker is many things - the UI the least important. > > Docker is a mechanism for creating container images from text > descriptions in Dockerfiles each of which defines an overlay to be app= lied > to a base image (either an OS image or one defined in a Dockerfile).=20 > > A common use for this mechanism is to assemble servers by picking an > off-the-shelf image with the right service(s) and building a custom > configuration/application layer on top of it. Rinse, repeat until every > element of a stack is defined and get swarm or kubernetes to deploy and > manage it. This use depends strongly on the rich public library of > application layers. In order to have this in FreeBSD we'd either have = to be > able to use the Linux images directly or we'd need a similar library of > FreeBSD images (OCI compliant if we want kubernetes) - which is an awf= ul lot > of playing catch up. When people advocate for incorporating this aspect of Docker in to FreeB= SD, I have to ask: why? I believe the main points are: - packaging and distribution - layer caching - third-party tool / vendor support. Docker addresses the proliferation of Linux distros and package managers= . Maintainers don=E2=80=99t want to try to build for every possible comb= ination, so they decide the distro for users as part of the image. It=E2= =80=99s pretty common to skip the package manager completely in that cas= e, and just stuff the binary and config files wherever they feel like th= at day. It=E2=80=99s the one package format that (in theory) works the s= ame across all Linux distros. We, of course, have the ports tree. Install a package, and you can edit = the config file with /usr/local/etc/pkg-name and there=E2=80=99s a = > 80% chance you=E2=80=99ve got it right. Run `service start pkg-name` i= n the case of a service and it=E2=80=99s up-and-running. I love this con= sistency - it makes it a lot easier to understand what=E2=80=99s going o= n in a system. DHH popularized the term =E2=80=9Cconvention over configu= ration.=E2=80=9D Well, FreeBSD has extraordinarily strong conventions - = including where to place configuration files! What about distribution? Docker seems to have the upper hand here=E2=80=A6= until you realize that a FreeBSD jail is just a bunch of files on the f= ile system, that the host kernel isolates. You want to distribute a jail= ? Zip it up, and extract it somewhere else. zfs send if you=E2=80=99re f= ancy. If you can do it with files, you can do it with jails. Layer caching is a non-issue to me. I=E2=80=99ve spent as much time re-o= rganizing Dockerfile so it doesn=E2=80=99t build more than I want, as it= has saved me in build time. I don=E2=80=99t deploy to enough servers th= at caching makes an appreciable difference - and the over all complexity= trade off is far worse. As far as third-party support=E2=80=A6 yep, Docker is king here. I absol= utely believe we can, should, and will apply many of the principles from= the Docker ecosystem to FreeBSD. It=E2=80=99s only a matter of time bef= ore someone is sufficiently motivated to design an automated deployment = and scaling system like what=E2=80=99s currently done with Docker. For a= ll we know, there are orgs out there with killer jail deployments that j= ust aren=E2=80=99t talking about it [1]. For me, FreeBSD wins big on operational simplicity. Yes, we don=E2=80=99= t have some of the gadgetry that Docker has. We also don=E2=80=99t have = anywhere near the same kind of financial investment as Docker has had. Y= ou think FreeBSD=E2=80=99s market share is small? Well I think it is rem= arkably high and packs a lot of bang for the buck compared to the enormo= us amounts of money that have been poured into Linux and Docker. Everything I=E2=80=99ve seen of FreeBSD so far - and what strongly attra= cts me to it - is that its user base skews heavily pragmatic, which is r= eflected in its ongoing development and ecosystem. People will continue = to experiment with jails, develop new conventions and techniques for wor= king with them, and share their efforts with others. The useful stuff wi= ll stick around and evolve, same as it has done since the beginning of B= SD. We don=E2=80=99t need Docker=E2=80=99s tools. We can apply some of its p= rinciples. Perhaps most of all, we can see in it many shining examples o= f what NOT to do. Pat [1] Allan Jude has written about deploying system images with ZFS: http= s://papers.freebsd.org/2019/asiabsdcon/jude-managing_system_images_with_= zfs/