Date: Thu, 13 Apr 2023 17:43:15 +0200 From: Mario Marietto <marietto2008@gmail.com> To: Paul Pathiakis <pathiaki2@yahoo.com> Cc: Miguel C <miguelmclara@gmail.com>, Alejandro Imass <aimass@yabarana.com>, "Steve O'Hara-Smith" <steve@sohara.org>, Tim Preston <tim@timpreston.net>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Docker Message-ID: <CA%2B1FSiicxR1hbd=LO8%2BPMyv7=OmXZGa3Uco1p-rRP3pe1Yf6hA@mail.gmail.com> In-Reply-To: <543289768.3317542.1681394425362@mail.yahoo.com> References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <CA%2B1FSij9j922Nvv1Vhn43HznwpyGT99UZsU674G9hHWzR=UhvQ@mail.gmail.com> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <CA%2B1FSijc%2B-OLNsyFNdR=jP3VzMi4zUE92i5iv9Pfg6AryDy_KQ@mail.gmail.com> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <CA%2B1FSihVrJ8cZ4ZU6mMr0sKJsZ98V4fh2vpDLugw7MGj-%2BEBPg@mail.gmail.com> <CA%2B1FSijL50mQ-HveBA4HZeNkSoaORv=aty-15nNLzn9amzY_nw@mail.gmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <CA%2B1FSigV_pPwVW%2BDd8WZYGcNQVt7%2BYOcsnJFoRhS6jL5A636pg@mail.gmail.com> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <CA%2B1FSihVPCQ6tp8u=aqnLyyOPpCMrnhYGcC8bCUgRbFHTdY5sA@mail.gmail.com> <1535315680.2770963.1681309684072@mail.yahoo.com> <CAHieY7RFe0P85twcs1NiiAvTTr4oGPJEtXEkufsXswQt3ECGvg@mail.gmail.com> <CA%2B1FSiiCG-iugAbSoNC2r5WXCJvgi6pj3jG74jCwukhNtb_XGA@mail.gmail.com> <CADGo8CXsCYCOi%2Bwk2ED7zpJdFQDhynzD0u1qFDUFS3RveS8wOg@mail.gmail.com> <CA%2B1FSij3VXqsGs5ZTUv%2B9Q2wJ18yCqVqgHAyGfCWc0C%2Bxi=KXw@mail.gmail.com> <543289768.3317542.1681394425362@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000068db5005f93997e7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable For sure not everything,but something that is very requested and that it has given a solid proof to be a valid and robust tool. I think Docker has all these requisites. On Thu, Apr 13, 2023 at 4:00=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.com= > wrote: > I guess my opinion at this point is to drop this. I don't see a valid > point for diverting resources and various other things to accommodate > 'docker' or many other things that are dependent on 'linuxisms'. Where > does it stop? Do we start porting everything from Windows as well? My > point is there are many things in many OSes and variants thereof, that ha= ve > hooks into proprietary parts of the kernel that are not 'modular'. By > modular, I mean that they can be compiled and used on another OS like mos= t > things in the ports/pkgs system. Since this is 'kernel' level, I don't > think FreeBSD should pursue such an endeavor with the limited resources a= t > hand. The FreeBSD kernel and userland are a thing of beauty and refineme= nt > imho. All I have to do is look at the CVE database to see that in the la= st > 10 years there only a couple of hundred bugs. Just the linux KERNEL has > 1000s as does windows. I would worry that anything that had ties into th= e > Linux kernel is probably an issue waiting to happen. > > I've been doing system administration and system architecture for over 35 > years... When people ask what the dominant *nix OS is and are expecting > Linux.... It starts us down the road of all the big boys use FreeBSD > because they can't afford to have constant patching and vulnerabilities. > > So, it's either in a hypervisor and we go from there or drop it. The > amount of time spent on this discussion is becoming 'trollish' > > Paul > > On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto < > marietto2008@gmail.com> wrote: > > > ---> Couldn't we just run docker on bhyve? > > more no than yes. You could try to put yourself in other people's shoes. > You are only moving the problem. You are indirectly asking the users that > come from another system to learn bhyve if they want to use docker. Why > should they learn something different to just use what they need ? At thi= s > point they could jump directly to learn jails,instead of bhyve and / or > docker. To learn something different requires time,energy,etc. This is no= t > a good business card for the new users. And it implicitly admits that a > useful and popular tool like docker doesn't work on an efficient operatin= g > system like FreeBSD. Yes there are great tools like docker for freebsd, > but those users don't need it, they just want docker. Maybe they don't ev= en > need to learn bhyve. Just Docker. Your reasoning is typical of someone > who has been using freebsd for some time, you don't think like those user= s > who would like to adopt it and are evaluating the pros and cons. Take als= o > in consideration that running bhyve to run Docker is a waste of resources > on the machine,if I want to run only Docker,because in a normal situation= ,I > shouldn't have the need to use bhyve. Users that have already boarded > FreeBSD have probably already come to appreciate jails and many of them > don't need to run bhyve to get docker. Remember the focus of my > argumentation : it is something like this : I offer a native implementati= on > of docker on FreeBSD and I use it as bait to attract more users. And > between those users maybe there will be also good developers that will lo= ve > FreeBSD even for different reasons than docker. The ultimate goal is to > make freebsd a little more attractive to the industry, because as far as = I > read, it's slowly disappearing. > > > > On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM Miguel C <miguelmclara@gmail.com>= wrote: > > 100% Agree with this, and the fact is there have been cases where there i= s > that tolerance and there are maintainers making efforts to bring "linux" > things to freeBSD even if via linux emulation. > > Docker has been mentioned many times in mailing lists and forums and ther= e > is always comments like "but why jails are much better" etc, sometimes no= t > only intolerant but rude reply that serve only to drive people away IMHO. > > I also don't get why is that so complicated, is it just cause FreeBSD's > maintainers/community don't want to even consider docker on FreeBSD? > Couldn't we just run docker on bhyve? I'm sure it would serve the "just > want to test this image purpose" but I suspect there will be some issues > with Filesytem/network, not issues per say, but more like it likely takes > some work to get this to run in easy manner, but I think I've seen mentio= ns > of using sshfs or zvols to make this part easier. > > MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is > supported but docker, but they are still using a VM at the end of the day > and handle the filesystem/network stuff for the user. > > I've never tried this my self but I don't think it should be that super > complicated unless you plan to run docker on prod envs, I think here, the > argument that "right tool for the job" is very valid.... I use docker on = my > macOS but I'm not going to run things in prod in macbooks ofc, I will sti= ll > use Linux, K8s etc. > > Perhaps the FreeBSD foundation could invest a bit in getting a tool to > easy the way of running docker through bhyve, I do believe this would be > good for user adoption, but probably there are other priorities. > > > > On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto <marietto2008@gma= il.com> > wrote: > > The point of my argumentation is not if FreeBSD has or not good tools for > containerizing and securing applications. It has. Point is that the users > that don't know FreeBSD are tied to their own tools and rarely want to > change them. Almost everyone wants to change. But trying,experimenting an= d > changing something in the workflow is important,because every tool has ba= d > and good sides. There are many docker images already to be used on the ne= t > and this will save a lot of time and effort and money for a lot of people= . > This is a fact. And I think that it happened because Docker is...good. > FreeBSD has tools like docker,but the mass production of containerized > images never happened. So,would we ask ourselves the reason ? Maybe > something has not gone well. I use Linux and FreeBSD and I "love" both > these systems. Linux has a larger user base than FreeBSD. A larger user > base may mean more innovations in a small time,a faster bug correction an= d > so on. > > I think that mostly advantages from the implementation of docker on > FreeBSD will come from the user base. Mostly for those users that come fr= om > linux or other OS and that already use docker and kubernetes. I don't thi= nk > those users are a small number. Those users could jump to FreeBSD if Dock= er > / Kubernetes are implemented in FreeBSD. This could be the straw that > broke the camel's back. You argue that the jails are working already > great and that they should use them. I argue that the freebsd community > could have a more tolerant behavior to the users that could jump to the > FreeBSD world and they should not force them to learn only new technologi= es > at first. To have some important tools which work on multiple systems mea= ns > having a good business card. So,in the end I ask to myself and to you : > FreeBSD needs to grow in terms of community ? Does it need to be > populated by a bigger number of users that will come from another OS base > community ? > > On Thu, Apr 13, 2023 at 10:17=E2=80=AFAM Alejandro Imass <aimass@yabarana= .com> > wrote: > > > > On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.c= om> > wrote: > > I believe the simplest thing would be to wrap jails or iocage in an > interface that looks like and behaves Docker-like. > > > and Bastille! > > > > > > -- > Mario. > > > > -- > Mario. > --=20 Mario. --00000000000068db5005f93997e7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">For sure not everything,but something that is very request= ed and that it has given a solid proof to be a valid and robust tool. I thi= nk Docker has all these requisites. <br></div><br><div class=3D"gmail_quote= "><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Apr 13, 2023 at 4:00=E2=80= =AFPM Paul Pathiakis <<a href=3D"mailto:pathiaki2@yahoo.com">pathiaki2@y= ahoo.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D= "margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le= ft:1ex"><div><div style=3D"font-family:Helvetica Neue,Helvetica,Arial,sans-= serif;font-size:13px"><div></div> <div dir=3D"ltr">I guess my opinion at this point is to drop this.= =C2=A0 I don't see a valid point for diverting resources and various ot= her things to accommodate 'docker' or many other things that are de= pendent on 'linuxisms'.=C2=A0 Where does it stop?=C2=A0 Do we start= porting everything from Windows as well?=C2=A0 My point is there are many = things in many OSes and variants thereof, that have hooks into proprietary = parts of the kernel that are not 'modular'.=C2=A0 By modular, I mea= n that they can be compiled and used on another OS like most things in the = ports/pkgs system.=C2=A0 Since this is 'kernel' level, I don't = think FreeBSD should pursue such an endeavor with the limited resources at = hand.=C2=A0 The FreeBSD kernel and userland are a thing of beauty and refin= ement imho.=C2=A0 All I have to do is look at the CVE database to see that = in the last 10 years there only a couple of hundred bugs.=C2=A0 Just the li= nux KERNEL has 1000s as does windows.=C2=A0 I would worry that anything tha= t had ties into the Linux kernel is probably an issue waiting to happen.</d= iv><div dir=3D"ltr"><br></div><div dir=3D"ltr">I've been doing system a= dministration and system architecture for over 35 years...=C2=A0 When peopl= e ask what the dominant *nix OS is and are expecting Linux.... It starts us= down the road of all the big boys use FreeBSD because they can't affor= d to have constant patching and vulnerabilities.</div><div dir=3D"ltr"><br>= </div><div dir=3D"ltr">So, it's either in a hypervisor and we go from t= here or drop it.=C2=A0 The amount of time spent on this discussion is becom= ing 'trollish'</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Pau= l<br></div><div><br></div> =20 </div><div id=3D"m_4979611009078108437ydpa1dd3db9yahoo_quoted_14759= 40968"> <div style=3D"font-family:"Helvetica Neue",Helvetica,= Arial,sans-serif;font-size:13px;color:rgb(38,40,42)"> =20 <div> On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario= Marietto <<a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">m= arietto2008@gmail.com</a>> wrote: </div> <div><br></div> <div><br></div> <div><div id=3D"m_4979611009078108437ydpa1dd3db9yiv64275332= 93"><div><div dir=3D"ltr"><div>---> Couldn't we just run docker on b= hyve?</div><div><br clear=3D"none"></div><div>more no than yes.<span lang= =3D"en"> You could try to put yourself in other people's shoes. You are= only moving the problem. You are indirectly asking the users that come fro= m another system to learn bhyve if they want to use docker. Why should they= learn something different to just use what they need ? At this point they = could jump directly to learn jails,instead of bhyve and / or docker. To lea= rn something different requires time,energy,etc. This is not a good busines= s card for the new users. And</span><span lang=3D"en"> it implicitly admits= that a useful and popular tool like docker doesn't work on an efficien= t operating system like FreeBSD.</span><span lang=3D"en"> Yes there are gre= at tools like docker for freebsd, but those users don't need it, they j= ust want docker. Maybe they don't even need to learn bhyve. Just Docker= . Your</span><span lang=3D"en"> reasoning is typical of someone who has bee= n using freebsd for some time, you don't think like those users who wou= ld like to adopt it and are evaluating the pros and cons. Take also in cons= ideration that running bhyve to run Docker is a waste of resources on the m= achine,if I want to run only Docker,because in a normal situation,I shouldn= 't have the need to use bhyve. Users that</span><span lang=3D"en"> have= already boarded FreeBSD have probably already come to appreciate jails and= many of them don't need to run bhyve to get docker. Remember the focus= of my argumentation : it is something like this : I offer a native impleme= ntation of docker on FreeBSD and I use it as bait to attract more users. An= d between those users maybe there will be also good developers that will lo= ve FreeBSD even for different reasons than docker. The ultimate goal is to<= /span><span lang=3D"en"> make freebsd a little more attractive to the indus= try, because as far as I read, it's slowly disappearing.</span><span la= ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span><span la= ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span><span la= ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span></div><d= iv><span lang=3D"en"><br clear=3D"none"></span></div><div><br clear=3D"none= "></div></div><br clear=3D"none"><div id=3D"m_4979611009078108437ydpa1dd3db= 9yiv6427533293yqt99158"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 2:59= =E2=80=AFPM Miguel C <<a shape=3D"rect" href=3D"mailto:miguelmclara@gmai= l.com" rel=3D"nofollow" target=3D"_blank">miguelmclara@gmail.com</a>> wr= ote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;= border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><= div><div><div>100% Agree with this, and the fact is there have been cases w= here there is that tolerance and there are maintainers making efforts to br= ing "linux" things to freeBSD even if via linux emulation.</div><= div><br clear=3D"none"></div><div>Docker has been mentioned many times in m= ailing lists and forums and there is always comments like "but why jai= ls are much better" etc, sometimes not only intolerant but rude reply = that serve only to drive people away IMHO.</div><div><br clear=3D"none"></d= iv><div>I also don't get why is that so complicated, is it just cause F= reeBSD's maintainers/community don't want to even consider docker o= n FreeBSD? Couldn't we just run docker on bhyve? I'm sure it would = serve the "just want to test this image purpose" but I suspect th= ere will be some issues with Filesytem/network, not issues per say, but mor= e like it likely takes some work to get this to run in easy manner, but I t= hink I've seen mentions of using sshfs or zvols to make this part easie= r.</div><div><br clear=3D"none"></div><div>MacOS and Windows use virtualiza= tion anyway, sure Docker "DESKTOP" is supported but docker, but t= hey are still using a VM at the end of the day and handle the filesystem/ne= twork stuff for the user.<br clear=3D"none"><br clear=3D"none"></div><div>I= 've never tried this my self but I don't think it should be that su= per complicated unless you plan to run docker on prod envs, I think here, t= he argument that "right tool for the job" is very valid.... I use= docker on my macOS but I'm not going to run things in prod in macbooks= ofc, I will still use Linux, K8s etc.<br clear=3D"none"></div><br clear=3D= "none"></div>Perhaps the FreeBSD foundation could invest a bit in getting a= tool to easy the way of running docker through bhyve, I do believe this wo= uld be good for user adoption, but probably there are other priorities.<br = clear=3D"none"><br clear=3D"none"></div><div><br clear=3D"none"></div></div= ><br clear=3D"none"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 12:32=E2= =80=AFPM Mario Marietto <<a shape=3D"rect" href=3D"mailto:marietto2008@g= mail.com" rel=3D"nofollow" target=3D"_blank">marietto2008@gmail.com</a>>= wrote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8= ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr= "><div>The point of my argumentation is not if FreeBSD has or not good tool= s for containerizing and securing applications. It has. Point is that the u= sers that don't know FreeBSD are tied to their own tools and rarely wan= t to change them. Almost everyone wants to change. But trying,experimenting= and changing something in the workflow is important,because every tool has= bad and good sides. There are many docker images already to be used on the= net and this will save a lot of time and effort and money for a lot of peo= ple. This is a fact. And I think that it happened because Docker is...good.= FreeBSD has tools like docker,but the mass production of containerized ima= ges never happened. So,would we ask ourselves the reason ? Maybe something = has not gone well. I use Linux and FreeBSD and I "love" both thes= e systems. Linux has a larger user base than FreeBSD. A larger user base ma= y mean more innovations in a small time,a faster bug correction and so on. = <br clear=3D"none"></div><div><br clear=3D"none"></div><div>I think that mo= stly advantages from the implementation of docker on FreeBSD will come from= the user base. Mostly=20 for those users that come from linux or other OS and that already use=20 docker and kubernetes. I don't think those users are a small number.=20 Those users could jump to FreeBSD if Docker / Kubernetes are implemented in FreeBSD. This could be the <span lang=3D"en">straw that broke the camel= 's back</span>. You argue that the jails are working already great and = that they should use them. I argue that the freebsd community could have a = more<span lang=3D"en"> tolerant behavior to the users that could jump to the FreeBSD world and th= ey should not force them to learn only new technologies at first. To have s= ome important tools which work on multiple systems means</span><span lang= =3D"en"> having a good business card.</span><span lang=3D"en"> So,in the=20 end I ask to myself and to you : FreeBSD needs to grow in terms of <span>co= mmunity</span> ? Does it need to be populated by a bigger number of users t= hat will come from another OS base <span>community</span> ? </span></div></= div><br clear=3D"none"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 10:17= =E2=80=AFAM Alejandro Imass <<a shape=3D"rect" href=3D"mailto:aimass@yab= arana.com" rel=3D"nofollow" target=3D"_blank">aimass@yabarana.com</a>> w= rote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8ex= ;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">= <div dir=3D"ltr"><br clear=3D"none"></div><br clear=3D"none"><div><div dir= =3D"ltr">On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <<a shap= e=3D"rect" href=3D"mailto:pathiaki2@yahoo.com" rel=3D"nofollow" target=3D"_= blank">pathiaki2@yahoo.com</a>> wrote:<br clear=3D"none"></div><blockquo= te style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)= ;padding-left:1ex"><div><div style=3D"font-family:Helvetica,Arial,sans-seri= f;font-size:13px"><div></div> <div dir=3D"ltr">I believe the simplest thing would be to wrap jail= s or iocage in an interface that looks like and behaves Docker-like.</div><= div dir=3D"ltr"><br clear=3D"none"></div></div></div></blockquote><div><br = clear=3D"none"></div><div>and Bastille!</div><div>=C2=A0</div><blockquote s= tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad= ding-left:1ex"><div><div style=3D"font-family:Helvetica,Arial,sans-serif;fo= nt-size:13px"><div dir=3D"ltr"></div><div dir=3D"ltr"><br clear=3D"none"></= div></div></div></blockquote></div></div> </blockquote></div><br clear=3D"all"><br clear=3D"none"><span>-- </span><br= clear=3D"none"><div dir=3D"ltr">Mario.<br clear=3D"none"></div> </blockquote></div> </blockquote></div></div><br clear=3D"all"><br clear=3D"none"><span>-- </sp= an><br clear=3D"none"><div dir=3D"ltr">Mario.<br clear=3D"none"></div> </div></div></div> </div> </div></div></blockquote></div><br clear=3D"all"><br><span class=3D= "gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_sign= ature">Mario.<br></div> --00000000000068db5005f93997e7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B1FSiicxR1hbd=LO8%2BPMyv7=OmXZGa3Uco1p-rRP3pe1Yf6hA>