Date: Thu, 13 Apr 2023 14:00:25 +0000 (UTC) From: Paul Pathiakis <pathiaki2@yahoo.com> To: Miguel C <miguelmclara@gmail.com>, Mario Marietto <marietto2008@gmail.com> Cc: Alejandro Imass <aimass@yabarana.com>, Steve O'Hara-Smith <steve@sohara.org>, Tim Preston <tim@timpreston.net>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Docker Message-ID: <543289768.3317542.1681394425362@mail.yahoo.com> In-Reply-To: <CA%2B1FSij3VXqsGs5ZTUv%2B9Q2wJ18yCqVqgHAyGfCWc0C%2Bxi=KXw@mail.gmail.com> References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <CA%2B1FSij9j922Nvv1Vhn43HznwpyGT99UZsU674G9hHWzR=UhvQ@mail.gmail.com> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <CA%2B1FSijc%2B-OLNsyFNdR=jP3VzMi4zUE92i5iv9Pfg6AryDy_KQ@mail.gmail.com> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <CA%2B1FSihVrJ8cZ4ZU6mMr0sKJsZ98V4fh2vpDLugw7MGj-%2BEBPg@mail.gmail.com> <CA%2B1FSijL50mQ-HveBA4HZeNkSoaORv=aty-15nNLzn9amzY_nw@mail.gmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <CA%2B1FSigV_pPwVW%2BDd8WZYGcNQVt7%2BYOcsnJFoRhS6jL5A636pg@mail.gmail.com> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <CA%2B1FSihVPCQ6tp8u=aqnLyyOPpCMrnhYGcC8bCUgRbFHTdY5sA@mail.gmail.com> <1535315680.2770963.1681309684072@mail.yahoo.com> <CAHieY7RFe0P85twcs1NiiAvTTr4oGPJEtXEkufsXswQt3ECGvg@mail.gmail.com> <CA%2B1FSiiCG-iugAbSoNC2r5WXCJvgi6pj3jG74jCwukhNtb_XGA@mail.gmail.com > <CADGo8CXsCYCOi%2Bwk2ED7zpJdFQDhynzD0u1qFDUFS3RveS8wOg@mail.gmail.com> <CA%2B1FSij3VXqsGs5ZTUv%2B9Q2wJ18yCqVqgHAyGfCWc0C%2Bxi=KXw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_3317541_1854442059.1681394425359
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I guess my opinion at this point is to drop this.=C2=A0 I don't see a vali=
d point for diverting resources and various other things to accommodate 'do=
cker' or many other things that are dependent on 'linuxisms'.=C2=A0 Where d=
oes it stop?=C2=A0 Do we start porting everything from Windows as well?=C2=
=A0 My point is there are many things in many OSes and variants thereof, th=
at have hooks into proprietary parts of the kernel that are not 'modular'.=
=C2=A0 By modular, I mean that they can be compiled and used on another OS =
like most things in the ports/pkgs system.=C2=A0 Since this is 'kernel' lev=
el, I don't think FreeBSD should pursue such an endeavor with the limited r=
esources at hand.=C2=A0 The FreeBSD kernel and userland are a thing of beau=
ty and refinement imho.=C2=A0 All I have to do is look at the CVE database =
to see that in the last 10 years there only a couple of hundred bugs.=C2=A0=
Just the linux KERNEL has 1000s as does windows.=C2=A0 I would worry that =
anything that had ties into the Linux kernel is probably an issue waiting t=
o happen.
I've been doing system administration and system architecture for over 35 y=
ears...=C2=A0 When people ask what the dominant *nix OS is and are expectin=
g Linux.... It starts us down the road of all the big boys use FreeBSD beca=
use they can't afford to have constant patching and vulnerabilities.
So, it's either in a hypervisor and we go from there or drop it.=C2=A0 The =
amount of time spent on this discussion is becoming 'trollish'
Paul
On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto <marie=
tto2008@gmail.com> wrote: =20
=20
---> Couldn't we just run docker on bhyve?
more no than yes. You could try to put yourself in other people's shoes. Yo=
u are only moving the problem. You are indirectly asking the users that com=
e from another system to learn bhyve if they want to use docker. Why should=
they learn something different to just use what they need ? At this point =
they could jump directly to learn jails,instead of bhyve and / or docker. T=
o learn something different requires time,energy,etc. This is not a good bu=
siness card for the new users. And it implicitly admits that a useful and p=
opular tool like docker doesn't work on an efficient operating system like =
FreeBSD. Yes there are great tools like docker for freebsd, but those users=
don't need it, they just want docker. Maybe they don't even need to learn =
bhyve. Just Docker. Your reasoning is typical of someone who has been using=
freebsd for some time, you don't think like those users who would like to =
adopt it and are evaluating the pros and cons. Take also in consideration t=
hat running bhyve to run Docker is a waste of resources on the machine,if I=
want to run only Docker,because in a normal situation,I shouldn't have the=
need to use bhyve. Users that have already boarded FreeBSD have probably a=
lready come to appreciate jails and many of them don't need to run bhyve to=
get docker. Remember the focus of my argumentation : it is something like =
this : I offer a native implementation of docker on FreeBSD and I use it as=
bait to attract more users. And between those users maybe there will be al=
so good developers that will love FreeBSD even for different reasons than d=
ocker. The ultimate goal is to make freebsd a little more attractive to the=
industry, because as far as I read, it's slowly disappearing.
On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM Miguel C <miguelmclara@gmail.com> w=
rote:
100% Agree with this, and the fact is there have been cases where there is =
that tolerance and there are maintainers making efforts to bring "linux" th=
ings to freeBSD even if via linux emulation.
Docker has been mentioned many times in mailing lists and forums and there =
is always comments like "but why jails are much better" etc, sometimes not =
only intolerant but rude reply that serve only to drive people away IMHO.
I also don't get why is that so complicated, is it just cause FreeBSD's mai=
ntainers/community don't want to even consider docker on FreeBSD? Couldn't =
we just run docker on bhyve? I'm sure it would serve the "just want to test=
this image purpose" but I suspect there will be some issues with Filesytem=
/network, not issues per say, but more like it likely takes some work to ge=
t this to run in easy manner, but I think I've seen mentions of using sshfs=
or zvols to make this part easier.
MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is suppo=
rted but docker, but they are still using a VM at the end of the day and ha=
ndle the filesystem/network stuff for the user.
I've never tried this my self but I don't think it should be that super com=
plicated unless you plan to run docker on prod envs, I think here, the argu=
ment that "right tool for the job" is very valid.... I use docker on my mac=
OS but I'm not going to run things in prod in macbooks ofc, I will still us=
e Linux, K8s etc.
Perhaps the FreeBSD foundation could invest a bit in getting a tool to easy=
the way of running docker through bhyve, I do believe this would be good f=
or user adoption, but probably there are other priorities.
On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto <marietto2008@gmail=
.com> wrote:
The point of my argumentation is not if FreeBSD has or not good tools for c=
ontainerizing and securing applications. It has. Point is that the users th=
at don't know FreeBSD are tied to their own tools and rarely want to change=
them. Almost everyone wants to change. But trying,experimenting and changi=
ng something in the workflow is important,because every tool has bad and go=
od sides. There are many docker images already to be used on the net and th=
is will save a lot of time and effort and money for a lot of people. This i=
s a fact. And I think that it happened because Docker is...good. FreeBSD ha=
s tools like docker,but the mass production of containerized images never h=
appened. So,would we ask ourselves the reason ? Maybe something has not gon=
e well. I use Linux and FreeBSD and I "love" both these systems. Linux has =
a larger user base than FreeBSD. A larger user base may mean more innovatio=
ns in a small time,a faster bug correction and so on.=20
I think that mostly advantages from the implementation of docker on FreeBSD=
will come from the user base. Mostly for those users that come from linux =
or other OS and that already use docker and kubernetes. I don't think those=
users are a small number. Those users could jump to FreeBSD if Docker / Ku=
bernetes are implemented in FreeBSD. This could be the straw that broke the=
camel's back. You argue that the jails are working already great and that =
they should use them. I argue that the freebsd community could have a more =
tolerant behavior to the users that could jump to the FreeBSD world and the=
y should not force them to learn only new technologies at first. To have so=
me important tools which work on multiple systems means having a good busin=
ess card. So,in the end I ask to myself and to you : FreeBSD needs to grow =
in terms of community ? Does it need to be populated by a bigger number of =
users that will come from another OS base community ?=20
On Thu, Apr 13, 2023 at 10:17=E2=80=AFAM Alejandro Imass <aimass@yabarana.c=
om> wrote:
On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.com=
> wrote:
I believe the simplest thing would be to wrap jails or iocage in an interf=
ace that looks like and behaves Docker-like.
and Bastille!=C2=A0
--=20
Mario.
--=20
Mario.
=20
------=_Part_3317541_1854442059.1681394425359
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<html><head></head><body><div class=3D"ydpc40fde39yahoo-style-wrap" style=
=3D"font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px=
;"><div></div>
<div dir=3D"ltr" data-setdir=3D"false">I guess my opinion at this p=
oint is to drop this. I don't see a valid point for diverting resourc=
es and various other things to accommodate 'docker' or many other things th=
at are dependent on 'linuxisms'. Where does it stop? Do we star=
t porting everything from Windows as well? My point is there are many=
things in many OSes and variants thereof, that have hooks into proprietary=
parts of the kernel that are not 'modular'. By modular, I mean that =
they can be compiled and used on another OS like most things in the ports/p=
kgs system. Since this is 'kernel' level, I don't think FreeBSD shoul=
d pursue such an endeavor with the limited resources at hand. The Fre=
eBSD kernel and userland are a thing of beauty and refinement imho. A=
ll I have to do is look at the CVE database to see that in the last 10 year=
s there only a couple of hundred bugs. Just the linux KERNEL has 1000=
s as does windows. I would worry that anything that had ties into the=
Linux kernel is probably an issue waiting to happen.</div><div dir=3D"ltr"=
data-setdir=3D"false"><br></div><div dir=3D"ltr" data-setdir=3D"false">I'v=
e been doing system administration and system architecture for over 35 year=
s... When people ask what the dominant *nix OS is and are expecting L=
inux.... It starts us down the road of all the big boys use FreeBSD because=
they can't afford to have constant patching and vulnerabilities.</div><div=
dir=3D"ltr" data-setdir=3D"false"><br></div><div dir=3D"ltr" data-setdir=
=3D"false">So, it's either in a hypervisor and we go from there or drop it.=
The amount of time spent on this discussion is becoming 'trollish'</=
div><div dir=3D"ltr" data-setdir=3D"false"><br></div><div dir=3D"ltr" data-=
setdir=3D"false">Paul<br></div><div><br></div>
=20
</div><div id=3D"ydpa1dd3db9yahoo_quoted_1475940968" class=3D"ydpa1=
dd3db9yahoo_quoted">
<div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s=
ans-serif;font-size:13px;color:#26282a;">
=20
<div>
On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario=
Marietto <marietto2008@gmail.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id=3D"ydpa1dd3db9yiv6427533293"><div><div dir=3D"=
ltr"><div>---> Couldn't we just run docker on bhyve?</div><div><br clear=
=3D"none"></div><div>more no than yes.<span class=3D"ydpa1dd3db9yiv64275332=
93gmail-Y2IQFc" lang=3D"en"> You could try to put yourself in other people'=
s shoes. You are only moving the problem. You are indirectly asking the use=
rs that come from another system to learn bhyve if they want to use docker.=
Why should they learn something different to just use what they need ? At =
this point they could jump directly to learn jails,instead of bhyve and / o=
r docker. To learn something different requires time,energy,etc. This is no=
t a good business card for the new users. And</span><span class=3D"ydpa1dd3=
db9yiv6427533293gmail-Y2IQFc" lang=3D"en"> it implicitly admits that a usef=
ul and popular tool like docker doesn't work on an efficient operating syst=
em like FreeBSD.</span><span class=3D"ydpa1dd3db9yiv6427533293gmail-Y2IQFc"=
lang=3D"en"> Yes there are great tools like docker for freebsd, but those =
users don't need it, they just want docker. Maybe they don't even need to l=
earn bhyve. Just Docker. Your</span><span class=3D"ydpa1dd3db9yiv6427533293=
gmail-Y2IQFc" lang=3D"en"> reasoning is typical of someone who has been usi=
ng freebsd for some time, you don't think like those users who would like t=
o adopt it and are evaluating the pros and cons. Take also in consideration=
that running bhyve to run Docker is a waste of resources on the machine,if=
I want to run only Docker,because in a normal situation,I shouldn't have t=
he need to use bhyve. Users that</span><span class=3D"ydpa1dd3db9yiv6427533=
293gmail-Y2IQFc" lang=3D"en"> have already boarded FreeBSD have probably al=
ready come to appreciate jails and many of them don't need to run bhyve to =
get docker. Remember the focus of my argumentation : it is something like t=
his : I offer a native implementation of docker on FreeBSD and I use it as =
bait to attract more users. And between those users maybe there will be als=
o good developers that will love FreeBSD even for different reasons than do=
cker. The ultimate goal is to</span><span class=3D"ydpa1dd3db9yiv6427533293=
gmail-Y2IQFc" lang=3D"en"> make freebsd a little more attractive to the ind=
ustry, because as far as I read, it's slowly disappearing.</span><span clas=
s=3D"ydpa1dd3db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=
=3D"ydpa1dd3db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D=
"ydpa1dd3db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"yd=
pa1dd3db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"ydpa1=
dd3db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"ydpa1dd3=
db9yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"ydpa1dd3db9=
yiv6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"ydpa1dd3db9yiv=
6427533293gmail-Y2IQFc" lang=3D"en"></span><span class=3D"ydpa1dd3db9yiv642=
7533293gmail-Y2IQFc" lang=3D"en"></span></div><div><span class=3D"ydpa1dd3d=
b9yiv6427533293gmail-Y2IQFc" lang=3D"en"><br clear=3D"none"></span></div><d=
iv><br clear=3D"none"></div></div><br clear=3D"none"><div id=3D"ydpa1dd3db9=
yiv6427533293yqt99158" class=3D"ydpa1dd3db9yiv6427533293yqt7709318201"><div=
class=3D"ydpa1dd3db9yiv6427533293gmail_quote"><div dir=3D"ltr" class=3D"yd=
pa1dd3db9yiv6427533293gmail_attr">On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM M=
iguel C <<a shape=3D"rect" href=3D"mailto:miguelmclara@gmail.com" rel=3D=
"nofollow" target=3D"_blank">miguelmclara@gmail.com</a>> wrote:<br clear=
=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-left:1=
px solid rgb(204,204,204);padding-left:1ex;" class=3D"ydpa1dd3db9yiv6427533=
293gmail_quote"><div dir=3D"ltr"><div><div><div>100% Agree with this, and t=
he fact is there have been cases where there is that tolerance and there ar=
e maintainers making efforts to bring "linux" things to freeBSD even if via=
linux emulation.</div><div><br clear=3D"none"></div><div>Docker has been m=
entioned many times in mailing lists and forums and there is always comment=
s like "but why jails are much better" etc, sometimes not only intolerant b=
ut rude reply that serve only to drive people away IMHO.</div><div><br clea=
r=3D"none"></div><div>I also don't get why is that so complicated, is it ju=
st cause FreeBSD's maintainers/community don't want to even consider docker=
on FreeBSD? Couldn't we just run docker on bhyve? I'm sure it would serve =
the "just want to test this image purpose" but I suspect there will be some=
issues with Filesytem/network, not issues per say, but more like it likely=
takes some work to get this to run in easy manner, but I think I've seen m=
entions of using sshfs or zvols to make this part easier.</div><div><br cle=
ar=3D"none"></div><div>MacOS and Windows use virtualization anyway, sure Do=
cker "DESKTOP" is supported but docker, but they are still using a VM at th=
e end of the day and handle the filesystem/network stuff for the user.<br c=
lear=3D"none"><br clear=3D"none"></div><div>I've never tried this my self b=
ut I don't think it should be that super complicated unless you plan to run=
docker on prod envs, I think here, the argument that "right tool for the j=
ob" is very valid.... I use docker on my macOS but I'm not going to run thi=
ngs in prod in macbooks ofc, I will still use Linux, K8s etc.<br clear=3D"n=
one"></div><br clear=3D"none"></div>Perhaps the FreeBSD foundation could in=
vest a bit in getting a tool to easy the way of running docker through bhyv=
e, I do believe this would be good for user adoption, but probably there ar=
e other priorities.<br clear=3D"none"><br clear=3D"none"></div><div><br cle=
ar=3D"none"></div></div><br clear=3D"none"><div class=3D"ydpa1dd3db9yiv6427=
533293gmail_quote"><div dir=3D"ltr" class=3D"ydpa1dd3db9yiv6427533293gmail_=
attr">On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto <<a shape=
=3D"rect" href=3D"mailto:marietto2008@gmail.com" rel=3D"nofollow" target=3D=
"_blank">marietto2008@gmail.com</a>> wrote:<br clear=3D"none"></div><blo=
ckquote style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204=
,204);padding-left:1ex;" class=3D"ydpa1dd3db9yiv6427533293gmail_quote"><div=
dir=3D"ltr"><div>The point of my argumentation is not if FreeBSD has or no=
t good tools for containerizing and securing applications. It has. Point is=
that the users that don't know FreeBSD are tied to their own tools and rar=
ely want to change them. Almost everyone wants to change. But trying,experi=
menting and changing something in the workflow is important,because every t=
ool has bad and good sides. There are many docker images already to be used=
on the net and this will save a lot of time and effort and money for a lot=
of people. This is a fact. And I think that it happened because Docker is.=
..good. FreeBSD has tools like docker,but the mass production of containeri=
zed images never happened. So,would we ask ourselves the reason ? Maybe som=
ething has not gone well. I use Linux and FreeBSD and I "love" both these s=
ystems. Linux has a larger user base than FreeBSD. A larger user base may m=
ean more innovations in a small time,a faster bug correction and so on. <br=
clear=3D"none"></div><div><br clear=3D"none"></div><div>I think that mostl=
y advantages from the implementation of docker on FreeBSD will come from th=
e user base. Mostly=20
for those users that come from linux or other OS and that already use=20
docker and kubernetes. I don't think those users are a small number.=20
Those users could jump to FreeBSD if Docker / Kubernetes are implemented
in FreeBSD. This could be the <span lang=3D"en">straw that broke the camel=
's back</span>. You argue that the jails are working already great and that=
they should use them. I argue that the freebsd community could have a more=
<span lang=3D"en">
tolerant behavior to the users that could jump to the FreeBSD world and th=
ey should not force them to learn only new technologies at first. To have s=
ome important tools which work on multiple systems means</span><span lang=
=3D"en"> having a good business card.</span><span lang=3D"en"> So,in the=20
end I ask to myself and to you : FreeBSD needs to grow in terms of <span>co=
mmunity</span> ? Does it need to be populated by a bigger number of users t=
hat will come from another OS base <span>community</span> ? </span></div></=
div><br clear=3D"none"><div class=3D"ydpa1dd3db9yiv6427533293gmail_quote"><=
div dir=3D"ltr" class=3D"ydpa1dd3db9yiv6427533293gmail_attr">On Thu, Apr 13=
, 2023 at 10:17=E2=80=AFAM Alejandro Imass <<a shape=3D"rect" href=3D"ma=
ilto:aimass@yabarana.com" rel=3D"nofollow" target=3D"_blank">aimass@yabaran=
a.com</a>> wrote:<br clear=3D"none"></div><blockquote style=3D"margin:0p=
x 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;" c=
lass=3D"ydpa1dd3db9yiv6427533293gmail_quote"><div dir=3D"ltr"><div dir=3D"l=
tr"><br clear=3D"none"></div><br clear=3D"none"><div class=3D"ydpa1dd3db9yi=
v6427533293gmail_quote"><div dir=3D"ltr" class=3D"ydpa1dd3db9yiv6427533293g=
mail_attr">On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <<a sh=
ape=3D"rect" href=3D"mailto:pathiaki2@yahoo.com" rel=3D"nofollow" target=3D=
"_blank">pathiaki2@yahoo.com</a>> wrote:<br clear=3D"none"></div><blockq=
uote style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex;" class=3D"ydpa1dd3db9yiv6427533293gmail_quote"><div><d=
iv style=3D"font-family:Helvetica, Arial, sans-serif;font-size:13px;"><div>=
</div>
<div dir=3D"ltr">I believe the simplest thing would be to wrap jail=
s or iocage in an interface that looks like and behaves Docker-like.</div><=
div dir=3D"ltr"><br clear=3D"none"></div></div></div></blockquote><div><br =
clear=3D"none"></div><div>and Bastille!</div><div> </div><blockquote s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex;" class=3D"ydpa1dd3db9yiv6427533293gmail_quote"><div><div sty=
le=3D"font-family:Helvetica, Arial, sans-serif;font-size:13px;"><div dir=3D=
"ltr"></div><div dir=3D"ltr"><br clear=3D"none"></div></div></div></blockqu=
ote></div></div>
</blockquote></div><br clear=3D"all"><br clear=3D"none"><span>-- </span><br=
clear=3D"none"><div dir=3D"ltr">Mario.<br clear=3D"none"></div>
</blockquote></div>
</blockquote></div></div><br clear=3D"all"><br clear=3D"none"><span class=
=3D"ydpa1dd3db9yiv6427533293gmail_signature_prefix">-- </span><br clear=3D"=
none"><div dir=3D"ltr" class=3D"ydpa1dd3db9yiv6427533293gmail_signature">Ma=
rio.<br clear=3D"none"></div>
</div></div></div>
</div>
</div></body></html>
------=_Part_3317541_1854442059.1681394425359--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?543289768.3317542.1681394425362>