[tclug-list] Linux Containers and Docker on FreeBSD

Sun Sep 4 15:02:49 CDT 2016

On Sep 4, 2016 1:38 PM, "Iznogoud" <iznogoud at nobelware.com> wrote:
>
> As I had said earlier (just last week) in this list, FreeBSD is a great
> platform for the near expert unix user,

I started FreeBSD right around when I first started getting serious with
Linux. I was quite the novice then and although I prefer it over Linux for
certain things, I  would run it in a production environment in a heart
beat; though, I don't nearly come close to the expertise of most of the
subscribers on this list. That being said, if I can do it, anyone who
enjoys Linux would definitely find it enjoyable and easy to learn.

and there are many reasons for it.
> ZFS was very recently added, and ZFS itself is under constant development,
> so anyone going down that path is really almost on their own when it comes
> to solving problems.
>
> Having said that, I confess that I just heard of Docker at the last
Penguins
> meeting (thanks Lloyd) and as a Linux user I err on the side of LXC/LXD.
> I certainly cannot advise on what is a good path forward with BSD over
Docket
> or even LXC. However, I am interested to follow on your experience (both
for
> Docker <-> FreeBSD and ZFS) and light-weight OSs for deploying containers.

The reason I've chosen Atomic is weight on the side of features, personal
interest and career. One great feature that I don't think the other light
weight OSs' offer is the atomic scan feature which let's you scan inside
the image for known CVEs'. There's another feature and it may only come in
the enterprise version called deep container inspection that am also
interested in learning. A side from that, it Atomic uses kubernetes for
managing clusters, so it's an additional plus.

> Whether it is Atomic, Xen, LXC, Docket and combinations of those container
> infrastructures and hypervisiors, I am after a very transparent
virtualization
> solution, about which I should not try to elaborate on this list but I
welcome
> questions over personal email.
>
> And here is my question. I need an answer to this question:
>
https://lists.linuxcontainers.org/pipermail/lxc-users/2016-March/011188.html

I read though it and although I'm not familiar with lxc, I had a similar
experience with a Linux container where the version we're running doesn't
allow you to permanently set the container host name. There is a flag you
can pass in *Docker* when starting the container so that you can attach the
host's network stack; thus inherenting the hostname, dns, interfaces,
etc... I would assume this might be what I would look at if running Docker
in your case? However, this is not considered security best practices and
there may be a new better and more secure feature in the newest release of
Docker.

> I have emailed the OP and have got no response on their experience. I am
> interested in pushing Infiniband transparently (to do RDMA from within the
> container to other containers). If that can be done, I am buying you a
lot of
> beer.

I don't see this being impossible with what I mentioned above, but I don't
have that infrastructure to validate.

-SDA
_______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20160904/fa49203b/attachment-0001.html>