Technological advantages over Linux

Steve O'Hara-Smith steve at sohara.org
Fri Jul 24 17:56:13 UTC 2020 

On Fri, 24 Jul 2020 12:00:16 -0400
Paul Mather <paul at gromit.dlib.vt.edu> wrote:

> Whenever Docker comes up, it seems to me that in the FreeBSD world the
> cry that goes up is "they're just like jails."  In my experience, though,
> FreeBSD jails are more heavyweight than Docker containers.  Jails in
> FreeBSD are more analogous to using LXD in Linux---lightweight OS
> virtualisation.

	I think you mean LXC in Linux - Docker the engine is a built on top
of LXC and filesystem layering. These days LXC is fronted by containerd in
Docker which I believe allows for using other container technologies.

> Tools like iocage (which I use), Bastille, Pot, etc. reinforce this
> notion because they base their jails on FreeBSD releases.  So, you get a

	Yes they do, and while it is hard to strip down a FreeBSD release
to a single process it is not difficult at all to jail a statically linked
binary and its associated data, and only a little more difficult to do so
with a dynamically linked one. The trick is to start with too little and
add only what is necessary to make it work. Jailing a beast like CUPS this
way is a nightmare (I failed!), mainly because it uses pretty much
everything an OS has to offer.

	The docker community has the advantage that a lot of people have
done the equivalent work for many things and shared the results. Adding
filesystem layers to containers was the clever bit that made this
sustainable because you could start from a base and add a layer to
customise or extend it.

> The basic Docker paradigm is you execute one process in a container and
> when that process ends the container exits.

	If that process is PostgresQL or Nginx then the container will be
around for a while.

>  Where I work, it's common
> for people to use the Docker container version of the "aws" [i.e.,
> FreeBSD devel/awscli] command (with its gazillion build dependencies)
> rather than install the software natively.

	Yes that is one use case for Docker, another common one is large
distributed, load-balanced, load-adaptive web services with Docker Swarm and
Kubernetes managing the whole thing out of a YAML definition. That's
awesome.

> The great success of Docker, in my mind, is that it forged a
> community and a standardisation around use of containers.

	Yes indeed that is the great success of Docker.

> I think the other aspect of Docker containers you perhaps overlook is
> that they are based on immutable images.  That makes it very good for
> application deployment.  The "if what you need is one-off servers and you
> want complete control over what's on them and what they do" that you
> mention is rarely a use case for Docker containers in my experience.

	It's not the use case that Docker was designed for. It is my use
case and why plain containers are enough for me.

> (What you say sounds like LXD OS containers to me.)  What people want

	LXC == jails. Docker is a layer built on top of LXC and layered
VFS mounts. It is perfectly possible to build something like Docker on top
of jails, it is probably even possible to make Docker use jails. Of course
the library of LXC based images would be useless but the stack on up to
swarm and Kubernetes would all work.

> from Docker containers is a known application build that they can roll
> forward to or roll back to.

	Yep images of every kind handily provided by the community. It's a
great thing - so is trust.

> I agree entirely with this.  That's why I have been loathe to contribute
> to this sort of thread until today.  But, I think with jails there's a
> conceit in the FreeBSD community that there's an element of "we had
> Docker containers years ago but we call them jails."  I don't think the
> comparison is 100% accurate.

	You are absolutely correct, FreeBSD had jails years before Linux
had LXC, but nobody built anything like Docker on top of them. Docker is
not containers, it is a massive infrastructure to take advantage of
containers along with a community that produces endless quantities of
images for people to use like Lego bricks.

-- 
Steve O'Hara-Smith <steve at sohara.org>

More information about the freebsd-questions mailing list