Date: Thu, 13 Apr 2023 17:43:15 +0200 From: Mario Marietto <marietto2008@gmail.com> To: Paul Pathiakis <pathiaki2@yahoo.com> Cc: Miguel C <miguelmclara@gmail.com>, Alejandro Imass <aimass@yabarana.com>, "Steve O'Hara-Smith" <steve@sohara.org>, Tim Preston <tim@timpreston.net>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Docker Message-ID: <CA%2B1FSiicxR1hbd=LO8%2BPMyv7=OmXZGa3Uco1p-rRP3pe1Yf6hA@mail.gmail.com> In-Reply-To: <543289768.3317542.1681394425362@mail.yahoo.com> References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> <CA%2B1FSij9j922Nvv1Vhn43HznwpyGT99UZsU674G9hHWzR=UhvQ@mail.gmail.com> <06be3a1e-9319-1a21-88b9-4f87328ee127@timpreston.net> <CA%2B1FSijc%2B-OLNsyFNdR=jP3VzMi4zUE92i5iv9Pfg6AryDy_KQ@mail.gmail.com> <34b4b76e-1c41-4cfb-9e86-856f01e8abc9@app.fastmail.com> <CA%2B1FSihVrJ8cZ4ZU6mMr0sKJsZ98V4fh2vpDLugw7MGj-%2BEBPg@mail.gmail.com> <CA%2B1FSijL50mQ-HveBA4HZeNkSoaORv=aty-15nNLzn9amzY_nw@mail.gmail.com> <6002f636-310b-a9fd-b82f-346618976983@timpreston.net> <CA%2B1FSigV_pPwVW%2BDd8WZYGcNQVt7%2BYOcsnJFoRhS6jL5A636pg@mail.gmail.com> <20230412150350.12f97eb2c9dd566b8c8702d2@sohara.org> <CA%2B1FSihVPCQ6tp8u=aqnLyyOPpCMrnhYGcC8bCUgRbFHTdY5sA@mail.gmail.com> <1535315680.2770963.1681309684072@mail.yahoo.com> <CAHieY7RFe0P85twcs1NiiAvTTr4oGPJEtXEkufsXswQt3ECGvg@mail.gmail.com> <CA%2B1FSiiCG-iugAbSoNC2r5WXCJvgi6pj3jG74jCwukhNtb_XGA@mail.gmail.com> <CADGo8CXsCYCOi%2Bwk2ED7zpJdFQDhynzD0u1qFDUFS3RveS8wOg@mail.gmail.com> <CA%2B1FSij3VXqsGs5ZTUv%2B9Q2wJ18yCqVqgHAyGfCWc0C%2Bxi=KXw@mail.gmail.com> <543289768.3317542.1681394425362@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000068db5005f93997e7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
For sure not everything,but something that is very requested and that it
has given a solid proof to be a valid and robust tool. I think Docker has
all these requisites.
On Thu, Apr 13, 2023 at 4:00=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.com=
> wrote:
> I guess my opinion at this point is to drop this. I don't see a valid
> point for diverting resources and various other things to accommodate
> 'docker' or many other things that are dependent on 'linuxisms'. Where
> does it stop? Do we start porting everything from Windows as well? My
> point is there are many things in many OSes and variants thereof, that ha=
ve
> hooks into proprietary parts of the kernel that are not 'modular'. By
> modular, I mean that they can be compiled and used on another OS like mos=
t
> things in the ports/pkgs system. Since this is 'kernel' level, I don't
> think FreeBSD should pursue such an endeavor with the limited resources a=
t
> hand. The FreeBSD kernel and userland are a thing of beauty and refineme=
nt
> imho. All I have to do is look at the CVE database to see that in the la=
st
> 10 years there only a couple of hundred bugs. Just the linux KERNEL has
> 1000s as does windows. I would worry that anything that had ties into th=
e
> Linux kernel is probably an issue waiting to happen.
>
> I've been doing system administration and system architecture for over 35
> years... When people ask what the dominant *nix OS is and are expecting
> Linux.... It starts us down the road of all the big boys use FreeBSD
> because they can't afford to have constant patching and vulnerabilities.
>
> So, it's either in a hypervisor and we go from there or drop it. The
> amount of time spent on this discussion is becoming 'trollish'
>
> Paul
>
> On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario Marietto <
> marietto2008@gmail.com> wrote:
>
>
> ---> Couldn't we just run docker on bhyve?
>
> more no than yes. You could try to put yourself in other people's shoes.
> You are only moving the problem. You are indirectly asking the users that
> come from another system to learn bhyve if they want to use docker. Why
> should they learn something different to just use what they need ? At thi=
s
> point they could jump directly to learn jails,instead of bhyve and / or
> docker. To learn something different requires time,energy,etc. This is no=
t
> a good business card for the new users. And it implicitly admits that a
> useful and popular tool like docker doesn't work on an efficient operatin=
g
> system like FreeBSD. Yes there are great tools like docker for freebsd,
> but those users don't need it, they just want docker. Maybe they don't ev=
en
> need to learn bhyve. Just Docker. Your reasoning is typical of someone
> who has been using freebsd for some time, you don't think like those user=
s
> who would like to adopt it and are evaluating the pros and cons. Take als=
o
> in consideration that running bhyve to run Docker is a waste of resources
> on the machine,if I want to run only Docker,because in a normal situation=
,I
> shouldn't have the need to use bhyve. Users that have already boarded
> FreeBSD have probably already come to appreciate jails and many of them
> don't need to run bhyve to get docker. Remember the focus of my
> argumentation : it is something like this : I offer a native implementati=
on
> of docker on FreeBSD and I use it as bait to attract more users. And
> between those users maybe there will be also good developers that will lo=
ve
> FreeBSD even for different reasons than docker. The ultimate goal is to
> make freebsd a little more attractive to the industry, because as far as =
I
> read, it's slowly disappearing.
>
>
>
> On Thu, Apr 13, 2023 at 2:59=E2=80=AFPM Miguel C <miguelmclara@gmail.com>=
wrote:
>
> 100% Agree with this, and the fact is there have been cases where there i=
s
> that tolerance and there are maintainers making efforts to bring "linux"
> things to freeBSD even if via linux emulation.
>
> Docker has been mentioned many times in mailing lists and forums and ther=
e
> is always comments like "but why jails are much better" etc, sometimes no=
t
> only intolerant but rude reply that serve only to drive people away IMHO.
>
> I also don't get why is that so complicated, is it just cause FreeBSD's
> maintainers/community don't want to even consider docker on FreeBSD?
> Couldn't we just run docker on bhyve? I'm sure it would serve the "just
> want to test this image purpose" but I suspect there will be some issues
> with Filesytem/network, not issues per say, but more like it likely takes
> some work to get this to run in easy manner, but I think I've seen mentio=
ns
> of using sshfs or zvols to make this part easier.
>
> MacOS and Windows use virtualization anyway, sure Docker "DESKTOP" is
> supported but docker, but they are still using a VM at the end of the day
> and handle the filesystem/network stuff for the user.
>
> I've never tried this my self but I don't think it should be that super
> complicated unless you plan to run docker on prod envs, I think here, the
> argument that "right tool for the job" is very valid.... I use docker on =
my
> macOS but I'm not going to run things in prod in macbooks ofc, I will sti=
ll
> use Linux, K8s etc.
>
> Perhaps the FreeBSD foundation could invest a bit in getting a tool to
> easy the way of running docker through bhyve, I do believe this would be
> good for user adoption, but probably there are other priorities.
>
>
>
> On Thu, Apr 13, 2023 at 12:32=E2=80=AFPM Mario Marietto <marietto2008@gma=
il.com>
> wrote:
>
> The point of my argumentation is not if FreeBSD has or not good tools for
> containerizing and securing applications. It has. Point is that the users
> that don't know FreeBSD are tied to their own tools and rarely want to
> change them. Almost everyone wants to change. But trying,experimenting an=
d
> changing something in the workflow is important,because every tool has ba=
d
> and good sides. There are many docker images already to be used on the ne=
t
> and this will save a lot of time and effort and money for a lot of people=
.
> This is a fact. And I think that it happened because Docker is...good.
> FreeBSD has tools like docker,but the mass production of containerized
> images never happened. So,would we ask ourselves the reason ? Maybe
> something has not gone well. I use Linux and FreeBSD and I "love" both
> these systems. Linux has a larger user base than FreeBSD. A larger user
> base may mean more innovations in a small time,a faster bug correction an=
d
> so on.
>
> I think that mostly advantages from the implementation of docker on
> FreeBSD will come from the user base. Mostly for those users that come fr=
om
> linux or other OS and that already use docker and kubernetes. I don't thi=
nk
> those users are a small number. Those users could jump to FreeBSD if Dock=
er
> / Kubernetes are implemented in FreeBSD. This could be the straw that
> broke the camel's back. You argue that the jails are working already
> great and that they should use them. I argue that the freebsd community
> could have a more tolerant behavior to the users that could jump to the
> FreeBSD world and they should not force them to learn only new technologi=
es
> at first. To have some important tools which work on multiple systems mea=
ns
> having a good business card. So,in the end I ask to myself and to you :
> FreeBSD needs to grow in terms of community ? Does it need to be
> populated by a bigger number of users that will come from another OS base
> community ?
>
> On Thu, Apr 13, 2023 at 10:17=E2=80=AFAM Alejandro Imass <aimass@yabarana=
.com>
> wrote:
>
>
>
> On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <pathiaki2@yahoo.c=
om>
> wrote:
>
> I believe the simplest thing would be to wrap jails or iocage in an
> interface that looks like and behaves Docker-like.
>
>
> and Bastille!
>
>
>
>
>
> --
> Mario.
>
>
>
> --
> Mario.
>
--=20
Mario.
--00000000000068db5005f93997e7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">For sure not everything,but something that is very request=
ed and that it has given a solid proof to be a valid and robust tool. I thi=
nk Docker has all these requisites. <br></div><br><div class=3D"gmail_quote=
"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Apr 13, 2023 at 4:00=E2=80=
=AFPM Paul Pathiakis <<a href=3D"mailto:pathiaki2@yahoo.com">pathiaki2@y=
ahoo.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex"><div><div style=3D"font-family:Helvetica Neue,Helvetica,Arial,sans-=
serif;font-size:13px"><div></div>
<div dir=3D"ltr">I guess my opinion at this point is to drop this.=
=C2=A0 I don't see a valid point for diverting resources and various ot=
her things to accommodate 'docker' or many other things that are de=
pendent on 'linuxisms'.=C2=A0 Where does it stop?=C2=A0 Do we start=
porting everything from Windows as well?=C2=A0 My point is there are many =
things in many OSes and variants thereof, that have hooks into proprietary =
parts of the kernel that are not 'modular'.=C2=A0 By modular, I mea=
n that they can be compiled and used on another OS like most things in the =
ports/pkgs system.=C2=A0 Since this is 'kernel' level, I don't =
think FreeBSD should pursue such an endeavor with the limited resources at =
hand.=C2=A0 The FreeBSD kernel and userland are a thing of beauty and refin=
ement imho.=C2=A0 All I have to do is look at the CVE database to see that =
in the last 10 years there only a couple of hundred bugs.=C2=A0 Just the li=
nux KERNEL has 1000s as does windows.=C2=A0 I would worry that anything tha=
t had ties into the Linux kernel is probably an issue waiting to happen.</d=
iv><div dir=3D"ltr"><br></div><div dir=3D"ltr">I've been doing system a=
dministration and system architecture for over 35 years...=C2=A0 When peopl=
e ask what the dominant *nix OS is and are expecting Linux.... It starts us=
down the road of all the big boys use FreeBSD because they can't affor=
d to have constant patching and vulnerabilities.</div><div dir=3D"ltr"><br>=
</div><div dir=3D"ltr">So, it's either in a hypervisor and we go from t=
here or drop it.=C2=A0 The amount of time spent on this discussion is becom=
ing 'trollish'</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Pau=
l<br></div><div><br></div>
=20
</div><div id=3D"m_4979611009078108437ydpa1dd3db9yahoo_quoted_14759=
40968">
<div style=3D"font-family:"Helvetica Neue",Helvetica,=
Arial,sans-serif;font-size:13px;color:rgb(38,40,42)">
=20
<div>
On Thursday, April 13, 2023 at 08:23:35 AM GMT-5, Mario=
Marietto <<a href=3D"mailto:marietto2008@gmail.com" target=3D"_blank">m=
arietto2008@gmail.com</a>> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id=3D"m_4979611009078108437ydpa1dd3db9yiv64275332=
93"><div><div dir=3D"ltr"><div>---> Couldn't we just run docker on b=
hyve?</div><div><br clear=3D"none"></div><div>more no than yes.<span lang=
=3D"en"> You could try to put yourself in other people's shoes. You are=
only moving the problem. You are indirectly asking the users that come fro=
m another system to learn bhyve if they want to use docker. Why should they=
learn something different to just use what they need ? At this point they =
could jump directly to learn jails,instead of bhyve and / or docker. To lea=
rn something different requires time,energy,etc. This is not a good busines=
s card for the new users. And</span><span lang=3D"en"> it implicitly admits=
that a useful and popular tool like docker doesn't work on an efficien=
t operating system like FreeBSD.</span><span lang=3D"en"> Yes there are gre=
at tools like docker for freebsd, but those users don't need it, they j=
ust want docker. Maybe they don't even need to learn bhyve. Just Docker=
. Your</span><span lang=3D"en"> reasoning is typical of someone who has bee=
n using freebsd for some time, you don't think like those users who wou=
ld like to adopt it and are evaluating the pros and cons. Take also in cons=
ideration that running bhyve to run Docker is a waste of resources on the m=
achine,if I want to run only Docker,because in a normal situation,I shouldn=
't have the need to use bhyve. Users that</span><span lang=3D"en"> have=
already boarded FreeBSD have probably already come to appreciate jails and=
many of them don't need to run bhyve to get docker. Remember the focus=
of my argumentation : it is something like this : I offer a native impleme=
ntation of docker on FreeBSD and I use it as bait to attract more users. An=
d between those users maybe there will be also good developers that will lo=
ve FreeBSD even for different reasons than docker. The ultimate goal is to<=
/span><span lang=3D"en"> make freebsd a little more attractive to the indus=
try, because as far as I read, it's slowly disappearing.</span><span la=
ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span><span la=
ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span><span la=
ng=3D"en"></span><span lang=3D"en"></span><span lang=3D"en"></span></div><d=
iv><span lang=3D"en"><br clear=3D"none"></span></div><div><br clear=3D"none=
"></div></div><br clear=3D"none"><div id=3D"m_4979611009078108437ydpa1dd3db=
9yiv6427533293yqt99158"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 2:59=
=E2=80=AFPM Miguel C <<a shape=3D"rect" href=3D"mailto:miguelmclara@gmai=
l.com" rel=3D"nofollow" target=3D"_blank">miguelmclara@gmail.com</a>> wr=
ote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;=
border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><=
div><div><div>100% Agree with this, and the fact is there have been cases w=
here there is that tolerance and there are maintainers making efforts to br=
ing "linux" things to freeBSD even if via linux emulation.</div><=
div><br clear=3D"none"></div><div>Docker has been mentioned many times in m=
ailing lists and forums and there is always comments like "but why jai=
ls are much better" etc, sometimes not only intolerant but rude reply =
that serve only to drive people away IMHO.</div><div><br clear=3D"none"></d=
iv><div>I also don't get why is that so complicated, is it just cause F=
reeBSD's maintainers/community don't want to even consider docker o=
n FreeBSD? Couldn't we just run docker on bhyve? I'm sure it would =
serve the "just want to test this image purpose" but I suspect th=
ere will be some issues with Filesytem/network, not issues per say, but mor=
e like it likely takes some work to get this to run in easy manner, but I t=
hink I've seen mentions of using sshfs or zvols to make this part easie=
r.</div><div><br clear=3D"none"></div><div>MacOS and Windows use virtualiza=
tion anyway, sure Docker "DESKTOP" is supported but docker, but t=
hey are still using a VM at the end of the day and handle the filesystem/ne=
twork stuff for the user.<br clear=3D"none"><br clear=3D"none"></div><div>I=
've never tried this my self but I don't think it should be that su=
per complicated unless you plan to run docker on prod envs, I think here, t=
he argument that "right tool for the job" is very valid.... I use=
docker on my macOS but I'm not going to run things in prod in macbooks=
ofc, I will still use Linux, K8s etc.<br clear=3D"none"></div><br clear=3D=
"none"></div>Perhaps the FreeBSD foundation could invest a bit in getting a=
tool to easy the way of running docker through bhyve, I do believe this wo=
uld be good for user adoption, but probably there are other priorities.<br =
clear=3D"none"><br clear=3D"none"></div><div><br clear=3D"none"></div></div=
><br clear=3D"none"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 12:32=E2=
=80=AFPM Mario Marietto <<a shape=3D"rect" href=3D"mailto:marietto2008@g=
mail.com" rel=3D"nofollow" target=3D"_blank">marietto2008@gmail.com</a>>=
wrote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr=
"><div>The point of my argumentation is not if FreeBSD has or not good tool=
s for containerizing and securing applications. It has. Point is that the u=
sers that don't know FreeBSD are tied to their own tools and rarely wan=
t to change them. Almost everyone wants to change. But trying,experimenting=
and changing something in the workflow is important,because every tool has=
bad and good sides. There are many docker images already to be used on the=
net and this will save a lot of time and effort and money for a lot of peo=
ple. This is a fact. And I think that it happened because Docker is...good.=
FreeBSD has tools like docker,but the mass production of containerized ima=
ges never happened. So,would we ask ourselves the reason ? Maybe something =
has not gone well. I use Linux and FreeBSD and I "love" both thes=
e systems. Linux has a larger user base than FreeBSD. A larger user base ma=
y mean more innovations in a small time,a faster bug correction and so on. =
<br clear=3D"none"></div><div><br clear=3D"none"></div><div>I think that mo=
stly advantages from the implementation of docker on FreeBSD will come from=
the user base. Mostly=20
for those users that come from linux or other OS and that already use=20
docker and kubernetes. I don't think those users are a small number.=20
Those users could jump to FreeBSD if Docker / Kubernetes are implemented
in FreeBSD. This could be the <span lang=3D"en">straw that broke the camel=
's back</span>. You argue that the jails are working already great and =
that they should use them. I argue that the freebsd community could have a =
more<span lang=3D"en">
tolerant behavior to the users that could jump to the FreeBSD world and th=
ey should not force them to learn only new technologies at first. To have s=
ome important tools which work on multiple systems means</span><span lang=
=3D"en"> having a good business card.</span><span lang=3D"en"> So,in the=20
end I ask to myself and to you : FreeBSD needs to grow in terms of <span>co=
mmunity</span> ? Does it need to be populated by a bigger number of users t=
hat will come from another OS base <span>community</span> ? </span></div></=
div><br clear=3D"none"><div><div dir=3D"ltr">On Thu, Apr 13, 2023 at 10:17=
=E2=80=AFAM Alejandro Imass <<a shape=3D"rect" href=3D"mailto:aimass@yab=
arana.com" rel=3D"nofollow" target=3D"_blank">aimass@yabarana.com</a>> w=
rote:<br clear=3D"none"></div><blockquote style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">=
<div dir=3D"ltr"><br clear=3D"none"></div><br clear=3D"none"><div><div dir=
=3D"ltr">On Wed, Apr 12, 2023 at 4:28=E2=80=AFPM Paul Pathiakis <<a shap=
e=3D"rect" href=3D"mailto:pathiaki2@yahoo.com" rel=3D"nofollow" target=3D"_=
blank">pathiaki2@yahoo.com</a>> wrote:<br clear=3D"none"></div><blockquo=
te style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)=
;padding-left:1ex"><div><div style=3D"font-family:Helvetica,Arial,sans-seri=
f;font-size:13px"><div></div>
<div dir=3D"ltr">I believe the simplest thing would be to wrap jail=
s or iocage in an interface that looks like and behaves Docker-like.</div><=
div dir=3D"ltr"><br clear=3D"none"></div></div></div></blockquote><div><br =
clear=3D"none"></div><div>and Bastille!</div><div>=C2=A0</div><blockquote s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex"><div><div style=3D"font-family:Helvetica,Arial,sans-serif;fo=
nt-size:13px"><div dir=3D"ltr"></div><div dir=3D"ltr"><br clear=3D"none"></=
div></div></div></blockquote></div></div>
</blockquote></div><br clear=3D"all"><br clear=3D"none"><span>-- </span><br=
clear=3D"none"><div dir=3D"ltr">Mario.<br clear=3D"none"></div>
</blockquote></div>
</blockquote></div></div><br clear=3D"all"><br clear=3D"none"><span>-- </sp=
an><br clear=3D"none"><div dir=3D"ltr">Mario.<br clear=3D"none"></div>
</div></div></div>
</div>
</div></div></blockquote></div><br clear=3D"all"><br><span class=3D=
"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_sign=
ature">Mario.<br></div>
--00000000000068db5005f93997e7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B1FSiicxR1hbd=LO8%2BPMyv7=OmXZGa3Uco1p-rRP3pe1Yf6hA>