The status of docker

classic Classic list List threaded Threaded
42 messages Options
123
Reply | Threaded
Open this post in threaded view
|

The status of docker

Grzegorz Junka-2
Hello, does anyone know the current status of docker on FreeBSD? Wiki
https://wiki.freebsd.org/Docker states it's experimental. The last
commit in https://github.com/kvasdopil/docker/tree/freebsd-compat is
also from 2015.

There in fact are two ports, freebsd-docker (from 2015) and docker
(18.06). What's the difference between them and which one should I use
to run docker images on FreeBSD host?

Has this project been completed and now only needs testing, or has it
been abandoned, or maybe the approach has changed and I am looking in a
wrong place?

Thanks,
GrzegorzJ

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Rainer Duffner


> Am 19.01.2019 um 15:24 schrieb Grzegorz Junka <[hidden email]>:
>
> Has this project been completed and now only needs testing, or has it been abandoned, or maybe the approach has changed and I am looking in a wrong place?




AFAIK, it’s dead.

Docker is a Linux-thing.

Your best bet is to run Linux in bhyve.



_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Frank Leonhardt (m)


On 19 January 2019 15:31:11 GMT, Rainer Duffner <[hidden email]> wrote:

>
>
>> Am 19.01.2019 um 15:24 schrieb Grzegorz Junka <[hidden email]>:
>>
>> Has this project been completed and now only needs testing, or has it
>been abandoned, or maybe the approach has changed and I am looking in a
>wrong place?
>
>
>
>
>AFAIK, it’s dead.
>
>Docker is a Linux-thing.
>
>Your best bet is to run Linux in bhyve.
>

IIRC there have been two projects to port docker. One was using jails for containerisation, the other was doing it the Linux way somehow. Given the way Docker is used (for running downloaded preconfigured binary containers) that it's not really a BSD ethos thing.

Anyway, both Docker ports stopped. Docker is a moving target, and I think that had a lot to do with it.

As Duffner said -  bhyve. It you're containerising BSD applications just unpack a tarball into a jail. Unless you want K8S functionally. Last time I looked there was nothing doing on that front.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Grzegorz Junka-2
On 19/01/2019 21:56, Frank Leonhardt wrote:

> On 19 January 2019 15:31:11 GMT, Rainer Duffner <[hidden email]> wrote:
>>
>>> Am 19.01.2019 um 15:24 schrieb Grzegorz Junka <[hidden email]>:
>>>
>>> Has this project been completed and now only needs testing, or has it
>> been abandoned, or maybe the approach has changed and I am looking in a
>> wrong place?
>>
>>
>> AFAIK, it’s dead.
>>
>> Docker is a Linux-thing.
>>
>> Your best bet is to run Linux in bhyve.
>>
> IIRC there have been two projects to port docker. One was using jails for containerisation, the other was doing it the Linux way somehow. Given the way Docker is used (for running downloaded preconfigured binary containers) that it's not really a BSD ethos thing.
>
> Anyway, both Docker ports stopped. Docker is a moving target, and I think that had a lot to do with it.
>
> As Duffner said -  bhyve. It you're containerising BSD applications just unpack a tarball into a jail. Unless you want K8S functionally. Last time I looked there was nothing doing on that front.


I will be working with a team that uses docker for development, i.e.
they have docker containers preconfigured with dependencies in
particular versions that they install with docker in order to reduce
amount of time needed to configure the development. I was trying to see
if I could use FreeBSD with docker support or I will have to switch to
Linux.

I did use bhyve with CentOS in another project but that approach
wouldn't quite work in this situation as for my understanding, unless
you propose that I run docker on a Linux distribution running in bhyve?

Thanks
GrzegorzJ

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Rainer Duffner


> Am 20.01.2019 um 11:53 schrieb Grzegorz Junka <[hidden email]>:
>
> I did use bhyve with CentOS in another project but that approach wouldn't quite work in this situation as for my understanding, unless you propose that I run docker on a Linux distribution running in bhyve?


Yes, that would be the outcome.

Anyway, docker in itself is pretty much relegated to development.
Kubernetes is the new hot shit in Linux land, for most production setups.


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Jochen Neumeister-4
In reply to this post by Rainer Duffner

On 19.01.19 16:31, Rainer Duffner wrote:

>
>> Am 19.01.2019 um 15:24 schrieb Grzegorz Junka <[hidden email]>:
>>
>> Has this project been completed and now only needs testing, or has it been abandoned, or maybe the approach has changed and I am looking in a wrong place?
>
>
>
> AFAIK, it’s dead.
>
> Docker is a Linux-thing.
>
> Your best bet is to run Linux in bhyve.
>
Not quite. I took over the docker freebsd port. Currently I am trying to
change him to moby project on GH.

Also, I'll take a closer look at Kubernetes for FreeBSD in the near future.


Greetings

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Grzegorz Junka-2

On 21/01/2019 12:48, Jochen Neumeister wrote:

>
> On 19.01.19 16:31, Rainer Duffner wrote:
>>
>>> Am 19.01.2019 um 15:24 schrieb Grzegorz Junka <[hidden email]>:
>>>
>>> Has this project been completed and now only needs testing, or has
>>> it been abandoned, or maybe the approach has changed and I am
>>> looking in a wrong place?
>>
>>
>>
>> AFAIK, it’s dead.
>>
>> Docker is a Linux-thing.
>>
>> Your best bet is to run Linux in bhyve.
>>
> Not quite. I took over the docker freebsd port. Currently I am trying
> to change him to moby project on GH.
>
> Also, I'll take a closer look at Kubernetes for FreeBSD in the near
> future.
>

Hi Jochen,

That's good to hear. Which ports from the tree will you support? Docker
or freebsd-docker (relating to the approach discussed earlier in the
thread).

Also, there seem to be some other ports related to tools, like
docker-machine. Will those be also included?

Thanks

GrzegorzJ

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Craig Rodrigues-2
In reply to this post by Jochen Neumeister-4
On Mon, Jan 21, 2019 at 4:50 AM Jochen Neumeister <[hidden email]>
wrote:

>
> Not quite. I took over the docker freebsd port. Currently I am trying to
> change him to moby project on GH.
>
> Also, I'll take a closer look at Kubernetes for FreeBSD in the near future.
>
>
>
Jochen,

Thank you for taking on the Docker FreeBSD port.
If you can get this to work on FreeBSD, that would be a very good thing.

I hope I am wrong, but unfortunately I think getting Docker to work on
natively on FreeBSD is ultimately a losing battle,
unless you can get a team of several developers to work on it full time.

Docker is heavily Linux-based, and makes very serious use of Linux-specific
features at
the file system (aufs, overlayfs, etc.) and at the networking level
(iptables).  FreeBSD lacks a
solid union file system which could be used in place of aufs and
overlayfs.  At the networking level
it might be possible to port the iptable stuff to equivalent firewall
features in FreeBSD, but that would be a lot of work.

If you look at this picture: https://www.docker.com/company

you will see that Docker is supported by a company which employees a lot of
people.
The team at Docker is moving very fast, and tweaking, tuning, and adding
new features.
The team works on userland, and Linux kernel stuff.
So getting all the features to work on FreeBSD *plus* catching up to all
the new stuff being
done is a huge task.

If you can get Docker and Kubernetes to work natively on FreeBSD, that
would be a huge win, and I hope
you get it to work.

However, for people who just need to run Docker and have it work,
running Linux (Centos, Ubuntu, whatever) in a VM (bhyve or whatever), will
probably get you something workable.

But if you are going down that path, you might as well just run Linux
natively on hardware, and use Docker in that.

--
Craig
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Patrick M. Hausen
Good morning,

> Am 22.01.2019 um 03:57 schrieb Craig Rodrigues <[hidden email]>:
> I hope I am wrong, but unfortunately I think getting Docker to work on
> natively on FreeBSD is ultimately a losing battle,
> unless you can get a team of several developers to work on it full time.

I have the same gut feeling, but unless somebody actually tries, we can’t
tell for sure, can we? ;-)

Thanks for making the effort.

Now what I wanted to throw in: possibly getting in touch with some of the
people at Joyent who implemented Docker support for Illumos/Solaris
zones might help:

https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds <https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds>

Kind regards
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Grzegorz Junka-2
On 22/01/2019 08:28, Patrick M. Hausen wrote:

> Good morning,
>
>> Am 22.01.2019 um 03:57 schrieb Craig Rodrigues <[hidden email]>:
>> I hope I am wrong, but unfortunately I think getting Docker to work on
>> natively on FreeBSD is ultimately a losing battle,
>> unless you can get a team of several developers to work on it full time.
> I have the same gut feeling, but unless somebody actually tries, we can’t
> tell for sure, can we? ;-)
>
> Thanks for making the effort.
>
> Now what I wanted to throw in: possibly getting in touch with some of the
> people at Joyent who implemented Docker support for Illumos/Solaris
> zones might help:
>
> https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds <https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds>

I think the question is how much should be implemented by a freebsd port
and how much should come from the native linux/docker implementation.
There are two extremes:

1. Linux in bhyve, docker is running completely in Linux environment

2. A docker container in a jail with no native linux kernel, docker is
running completely in FreeBSD environment

1 is the least convenient because it requires all the hurdles related to
setting up a bhyve host, including proper network configuration for
containers and pre-allocating disk space. But it also requires no
implementation in freebsd-related docker ports apart from maybe adding
support to docker tools, like docker-machine for example

2 would be most convenient but also most difficult as all smallest
docker features would need to be ported natively to FreeBSD

I believe docker and freebsd-docker ports were trying different
approaches somewhere in between these extremes. Maybe the correct
approach would be to start with 1 and make running docker in bhyve as
convenient as possible, then slowly move to 2 as much as
interest/resources allow?

GrzegorzJ


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Patrick M. Hausen
Hi all,

> Am 22.01.2019 um 20:48 schrieb Grzegorz Junka <[hidden email]>:
> 2. A docker container in a jail with no native linux kernel, docker is running completely in FreeBSD environment
>
> 2 would be most convenient but also most difficult as all smallest docker features would need to be ported natively to FreeBSD


IIRC the Joyent approach was to port the Linux system call API to an
extent that made it possible to „simply“ run Linux Docker in zones without
a Linux kernel …

Kind regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Grzegorz Junka-2
On 22/01/2019 20:01, Patrick M. Hausen wrote:

> Hi all,
>
>> Am 22.01.2019 um 20:48 schrieb Grzegorz Junka <[hidden email]
>> <mailto:[hidden email]>>:
>> 2. A docker container in a jail with no native linux kernel, docker
>> is running completely in FreeBSD environment
>>
>> 2 would be most convenient but also most difficult as all smallest
>> docker features would need to be ported natively to FreeBSD
>
> IIRC the Joyent approach was to port the Linux system call API to an
> extent that made it possible to „simply“ run Linux Docker in zones without
> a Linux kernel …
>

So option 2? That's nice, good to know. Maybe it isn't as difficult.
Docker is quite popular in the industry so maybe some sponsorship would
be possible?

BTW is Joyent is any way related to Oracle? Why would they want to
support zones? Is the support they implemented open sourced?

GrzegorzJ

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Rodney W. Grimes-4
> On 22/01/2019 20:01, Patrick M. Hausen wrote:
> > Hi all,
> >
> >> Am 22.01.2019 um 20:48 schrieb Grzegorz Junka <[hidden email]
> >> <mailto:[hidden email]>>:
> >> 2. A docker container in a jail with no native linux kernel, docker
> >> is running completely in FreeBSD environment
> >>
> >> 2 would be most convenient but also most difficult as all smallest
> >> docker features would need to be ported natively to FreeBSD
> >
> > IIRC the Joyent approach was to port the Linux system call API to an
> > extent that made it possible to ?simply? run Linux Docker in zones without
> > a Linux kernel ?
> >
>
> So option 2? That's nice, good to know. Maybe it isn't as difficult.
> Docker is quite popular in the industry so maybe some sponsorship would
> be possible?
>
> BTW is Joyent is any way related to Oracle? Why would they want to
> support zones? Is the support they implemented open sourced?

Joyent is running on Illumos which is based on OpenSolaris which
is open source.

Illumos can also run KVM and bhyve and zones all at the same time,
its rather nice in they have done some things that support this,
some of which I am working with Joyent on bringing to FreeBSD
(mainly the ability to have more than one type II hypevisor running.)

But first there is some cruft cleaning being done for both
FreeBSD and Illumos, removal of constant VM_MAXCPU so you
can run bhyve guests with as many threads as your host has.

--
Rod Grimes                                                 [hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Patrick M. Hausen
In reply to this post by Grzegorz Junka-2
Hi!

> Am 22.01.2019 um 21:09 schrieb Grzegorz Junka <[hidden email]>:
> BTW is Joyent is any way related to Oracle? Why would they want to support zones? Is the support they implemented open sourced?

Sorry, I don’t know many details. Their cloud is built on Open Solaris,
hence the connection. IIRC the company was founded by some
bright people who left Sun after the acquisition by Oracle.

Bryan Cantrill is sort of a net.personality. Sean Chittenden presented
at EuroBSDCon 2018:
https://2018.eurobsdcon.org/talks-speakers/#SeanChittenden <https://2018.eurobsdcon.org/talks-speakers/#SeanChittenden>

Kind regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

ssgriffonuser
I'm a bit late to the game, but I wanted to add my 2 cents.  I don't see
the benefit of implementing "docker" in FreeBSD.  If you are just
implementing the linux system calls i.e. using the linuxulator, then you
lose any benefits of running on FreeBSD.  It seems like implementing the
docker interfaces, like a Dockerfile, registry support and networking
switches using FreeBSD specific implementations would be extremely
helpful.  Especially for the CI/CD workflow.

For example:
#Dockerfile

#Pull a image from registry and create a new dataset with snapshot.
#Registry could be http, ftp or any other transfer protocol.
FROM FreeBSD:RELEASE-11.2

#Copy app directory into the jailed directory.  Perhaps setting system
immutable flag.
COPY ./app /app

#Use pf to route to port 80 from the host.  Or use vnet
EXPOSE 80

#Run a command in the jail to prepare the new image.
RUN env ASSUME_ALWAYS_YES=yes pkg install bash nginx uwsgi py36-flask

#Mark the startup command
CMD /bin/sh /etc/rc


The above would be very familiar to docker users and can be used to
generate a standards compliant image (I believe there was a project jetpack
that did something like this).  Creating a OCI compliant image would
probably be the first step to using kubernetes, but I haven't really spent
any time looking at kubernetes.

We could also add extensions for using resource limits, capsicum, devd,
security levels etc.  The other cool thing is this could all be run inside
a jail using heirarchical jails.

Shane

On Tue, Jan 22, 2019 at 2:32 PM Patrick M. Hausen <[hidden email]> wrote:

> Hi!
>
> > Am 22.01.2019 um 21:09 schrieb Grzegorz Junka <[hidden email]>:
> > BTW is Joyent is any way related to Oracle? Why would they want to
> support zones? Is the support they implemented open sourced?
>
> Sorry, I don’t know many details. Their cloud is built on Open Solaris,
> hence the connection. IIRC the company was founded by some
> bright people who left Sun after the acquisition by Oracle.
>
> Bryan Cantrill is sort of a net.personality. Sean Chittenden presented
> at EuroBSDCon 2018:
> https://2018.eurobsdcon.org/talks-speakers/#SeanChittenden <
> https://2018.eurobsdcon.org/talks-speakers/#SeanChittenden>
>
> Kind regards,
> Patrick
> --
> punkt.de GmbH                   Internet - Dienstleistungen - Beratung
> Kaiserallee 13a                 Tel.: 0721 9109-0 Fax: -100
> 76133 Karlsruhe                 [hidden email]   http://punkt.de
> AG Mannheim 108285              Gf: Juergen Egeling
>
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to "
> [hidden email]"
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Jürgen Ofner
In reply to this post by Grzegorz Junka-2

Am 22.01.19 um 20:48 schrieb Grzegorz Junka:

> On 22/01/2019 08:28, Patrick M. Hausen wrote:
>> Good morning,
>>
>>> Am 22.01.2019 um 03:57 schrieb Craig Rodrigues <[hidden email]>:
>>> I hope I am wrong, but unfortunately I think getting Docker to work on
>>> natively on FreeBSD is ultimately a losing battle,
>>> unless you can get a team of several developers to work on it full
>>> time.
>> I have the same gut feeling, but unless somebody actually tries, we
>> can’t
>> tell for sure, can we? ;-)
>>
>> Thanks for making the effort.
>>
>> Now what I wanted to throw in: possibly getting in touch with some of
>> the
>> people at Joyent who implemented Docker support for Illumos/Solaris
>> zones might help:
>>
>> https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds
>> <https://www.joyent.com/blog/triton-docker-and-the-best-of-all-worlds>
>
> I think the question is how much should be implemented by a freebsd
> port and how much should come from the native linux/docker
> implementation. There are two extremes:
>
> 1. Linux in bhyve, docker is running completely in Linux environment
>
> 2. A docker container in a jail with no native linux kernel, docker is
> running completely in FreeBSD environment
>
> 1 is the least convenient because it requires all the hurdles related
> to setting up a bhyve host, including proper network configuration for
> containers and pre-allocating disk space. But it also requires no
> implementation in freebsd-related docker ports apart from maybe adding
> support to docker tools, like docker-machine for example
>
> 2 would be most convenient but also most difficult as all smallest
> docker features would need to be ported natively to FreeBSD
>
> I believe docker and freebsd-docker ports were trying different
> approaches somewhere in between these extremes. Maybe the correct
> approach would be to start with 1 and make running docker in bhyve as
> convenient as possible, then slowly move to 2 as much as
> interest/resources allow?
>
> GrzegorzJ
>

3. A Docker Hub Forge with Container basis on Free-BSD

>  

--
------------------------------------------------------------------------
technische Universität München
WWW & Online Service
Systemadministrator
Jürgen Ofner
Tel.  : 089 289 25266
Fax   : 089 289 25257

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Sergey Zakharchenko
In reply to this post by Jochen Neumeister-4
Hello there guys,

> Not quite. I took over the docker freebsd port. Currently I am trying to
> change him to moby project on GH.

Jochen, I wish you the best of luck. As a couple of cents, and on
behalf of Digital Loggers, Inc., I've uploaded some old patches that
we use to run an ancient version of Docker on FreeBSD:
https://github.com/digitalloggers/docker-zfs-patches . They speed up
building of large containers by not iterating over all container files
at every single stage, using ZFS diffs instead. No warranty, express
or implied, is provided on those patches; I'm sure you'll find some
edge cases where they'll break your container builds; you have been
warned. Also, forgive my Go: that was the first and hopefully the last
time I wrote something in it.

That's not much; the real problems are with volume (e.g. single-file
"volumes" which are hard links) and networking support; they were
solved (kind of) by us by dynamically generating Dockerfiles and
adding container startup wrappers, to the point that most would say
it's too mutilated to be named Docker, so I'm afraid we aren't sharing
those for the time being.

My answers to why on earth one would run Docker under FreeBSD instead
of using plain (or wrapped in yet another wrapper unknown to
non-FreeBSD) jails would be uniformity, simplicity, skill reuse, etc.
of quite a broad range of operations. However, Docker/Moby is really
too tied to Linux; there seem to be random attempts at overcoming that
but they don't receive enough mind share. Jetpack
(https://github.com/3ofcoins/jetpack/) could probably also benefit
from the patches (with appropriate adjustments). Interested people
willing to invest time in this should gather and decide how to move
on.

Best regards,

--
DoubleF
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

John Nielsen
> On Jan 22, 2019, at 11:54 PM, Sergey Zakharchenko <[hidden email]> wrote:
>
> Hello there guys,
>
>> Not quite. I took over the docker freebsd port. Currently I am trying to
>> change him to moby project on GH.
>
> Jochen, I wish you the best of luck. As a couple of cents, and on
> behalf of Digital Loggers, Inc., I've uploaded some old patches that
> we use to run an ancient version of Docker on FreeBSD:
> https://github.com/digitalloggers/docker-zfs-patches . They speed up
> building of large containers by not iterating over all container files
> at every single stage, using ZFS diffs instead. No warranty, express
> or implied, is provided on those patches; I'm sure you'll find some
> edge cases where they'll break your container builds; you have been
> warned. Also, forgive my Go: that was the first and hopefully the last
> time I wrote something in it.
>
> That's not much; the real problems are with volume (e.g. single-file
> "volumes" which are hard links) and networking support; they were
> solved (kind of) by us by dynamically generating Dockerfiles and
> adding container startup wrappers, to the point that most would say
> it's too mutilated to be named Docker, so I'm afraid we aren't sharing
> those for the time being.
>
> My answers to why on earth one would run Docker under FreeBSD instead
> of using plain (or wrapped in yet another wrapper unknown to
> non-FreeBSD) jails would be uniformity, simplicity, skill reuse, etc.
> of quite a broad range of operations. However, Docker/Moby is really
> too tied to Linux; there seem to be random attempts at overcoming that
> but they don't receive enough mind share. Jetpack
> (https://github.com/3ofcoins/jetpack/) could probably also benefit
> from the patches (with appropriate adjustments). Interested people
> willing to invest time in this should gather and decide how to move
> on.

Responding to a random message to share a random-ish thought: has anyone looked at Firecracker?

https://firecracker-microvm.github.io/
https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/

It's the now-open-source basis of AWS's Fargate service. The idea is to be more secure and flexible than Docker for Kubernetes-like workloads. Linux-only at the moment I'm sure but I don't see any reason that FreeBSD couldn't run inside a Firecracker microVM (using a stripped-down kernel with virtio_blk, if_vtnet, uart and either atkbdc or a custom driver for the 1-button keyboard. It's also feasible that FreeBSD could be a Firecracker host (and able to unmodified pre-packaged Linux or other microVMs) if someone with the right Go skills wanted to port the KVM bits to use VMM/bhyve.

JN

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

John Nielsen


> On Jan 23, 2019, at 11:26 AM, John Nielsen <[hidden email]> wrote:
>
>> On Jan 22, 2019, at 11:54 PM, Sergey Zakharchenko <[hidden email]> wrote:
>>
>> Hello there guys,
>>
>>> Not quite. I took over the docker freebsd port. Currently I am trying to
>>> change him to moby project on GH.
>>
>> Jochen, I wish you the best of luck. As a couple of cents, and on
>> behalf of Digital Loggers, Inc., I've uploaded some old patches that
>> we use to run an ancient version of Docker on FreeBSD:
>> https://github.com/digitalloggers/docker-zfs-patches . They speed up
>> building of large containers by not iterating over all container files
>> at every single stage, using ZFS diffs instead. No warranty, express
>> or implied, is provided on those patches; I'm sure you'll find some
>> edge cases where they'll break your container builds; you have been
>> warned. Also, forgive my Go: that was the first and hopefully the last
>> time I wrote something in it.
>>
>> That's not much; the real problems are with volume (e.g. single-file
>> "volumes" which are hard links) and networking support; they were
>> solved (kind of) by us by dynamically generating Dockerfiles and
>> adding container startup wrappers, to the point that most would say
>> it's too mutilated to be named Docker, so I'm afraid we aren't sharing
>> those for the time being.
>>
>> My answers to why on earth one would run Docker under FreeBSD instead
>> of using plain (or wrapped in yet another wrapper unknown to
>> non-FreeBSD) jails would be uniformity, simplicity, skill reuse, etc.
>> of quite a broad range of operations. However, Docker/Moby is really
>> too tied to Linux; there seem to be random attempts at overcoming that
>> but they don't receive enough mind share. Jetpack
>> (https://github.com/3ofcoins/jetpack/) could probably also benefit
>> from the patches (with appropriate adjustments). Interested people
>> willing to invest time in this should gather and decide how to move
>> on.
>
> Responding to a random message to share a random-ish thought: has anyone looked at Firecracker?
>
> https://firecracker-microvm.github.io/
> https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/
>
> It's the now-open-source basis of AWS's Fargate service. The idea is to be more secure and flexible than Docker for Kubernetes-like workloads. Linux-only at the moment I'm sure but I don't see any reason that FreeBSD couldn't run inside a Firecracker microVM (using a stripped-down kernel with virtio_blk, if_vtnet, uart and either atkbdc or a custom driver for the 1-button keyboard. It's also feasible that FreeBSD could be a Firecracker host (and able to unmodified pre-packaged Linux or other microVMs) if someone with the right Go skills wanted to port the KVM bits to use VMM/bhyve.

S/Go/Rust

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: The status of docker

Grzegorz Junka-2
In reply to this post by ssgriffonuser

On 23/01/2019 03:21, ss griffon wrote:

> I'm a bit late to the game, but I wanted to add my 2 cents.  I don't
> see the benefit of implementing "docker" in FreeBSD.  If you are just
> implementing the linux system calls i.e. using the linuxulator, then
> you lose any benefits of running on FreeBSD.  It seems like
> implementing the docker interfaces, like a Dockerfile, registry
> support and networking switches using FreeBSD specific implementations
> would be extremely helpful.  Especially for the CI/CD workflow.
>
> For example:
> #Dockerfile
>
> #Pull a image from registry and create a new dataset with snapshot.
> #Registry could be http, ftp or any other transfer protocol.
> FROM FreeBSD:RELEASE-11.2
>
> #Copy app directory into the jailed directory.  Perhaps setting system
> immutable flag.
> COPY ./app /app
>
> #Use pf to route to port 80 from the host.  Or use vnet
> EXPOSE 80
>
> #Run a command in the jail to prepare the new image.
> RUN env ASSUME_ALWAYS_YES=yes pkg install bash nginx uwsgi py36-flask
>
> #Mark the startup command
> CMD /bin/sh /etc/rc
>
>
> The above would be very familiar to docker users and can be used to
> generate a standards compliant image (I believe there was a project
> jetpack that did something like this). Creating a OCI compliant image
> would probably be the first step to using kubernetes, but I haven't
> really spent any time looking at kubernetes.
>
> We could also add extensions for using resource limits, capsicum,
> devd, security levels etc.  The other cool thing is this could all be
> run inside a jail using heirarchical jails.
>

Isn't implementing "docker" on FreeBSD the same as implementing OCI
specification, i.e. runtime-spec? Seeing that OCI was founded by Docker
I would have thought they align the docker implementation with the spec?

Then to extend that question, wouldn't adding support for docker to
FreeBSD mean to add OCI compliance layer to jails? I don't think the
plan is to add support for Linux containers, or "containerization", to
FreeBSD kernel?

GrzegorzJ


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
123