alt Hacker NewsBack to FreeBSD – Part 2 – Jails
Comments
I'll bite: how do we take advantage of ZFS layering if not via the docker-style layering?
I find dockerfile layering to be unsatisfying because step 5 might depend on step 2 but not 3 or 4... the linearisation of a DAG makes them harder to maintain and harder to cache cleanly (with us also having monster single-line CMDs all in the main of image results).
So is there a better way that people are using?
one thing that bit me with LXC: anything that needs its own kernel module won't work. jails have the same limitation — shared host kernel. ran into this trying to run a VPN server (needs DKMS for a custom wireguard fork) in an LXC container — module can't load, period. ended up on a full KVM VM.
Remote kernel execution should not be the bitter problem of development i.e. the identification of "human" capitol.
Perhaps formalisation lends values, which deploy in the analysis of field research.
The article is written by the people who created jail.run [0]
Ten years in with Docker and Linux containers I felt something was very wrong so I looked at how Solaris and FreeBSD were doing it and I saw the light (too).
I would agree with them: bringing the Dockerfile format to jails doesn't make any sense, unless you just want to attract curious Linux users.
Dockerfiles are useful and familiar but are also an abomination.
What we need is solid way to do configuration management. I guess this is what they are trying to do with their own configuration system [1] but I am not sold on it yet.
Anyway those people are doing some good work !
- [0] https://jail.run/
The main drawback I saw on jails is that they are FreeBSD. The owner doesn’t mention, and I have not researched it, but can you run any Linux distribution in a FreeBSD jail?
Failed to verify your browser
Code 11
I would like to explore the interoperability/compatibility limits of LXC and OCI support in FreeBSD 15. Both with FreeBSD as an OCI container and Linux OCI containers within FreeBSD.
Our report concludes SQL as "mostly" inept, pivoting to the following:
Identification of C++ develeopers
Compilation of C++ code into Python
Recursive .py scripts that are sector-enframings of the general "neural" framework deployment.
I think they understate the importance of accepting OCI and Dockerfile semantics as a path to an external "run one of these" and having it actually emerge as a jail based outcome.
I get saying "we don't need these additional layers/abstractions" but what it ignores is me saying "I want to run this code, and what I have is a suite of Docker based behaviour and I want a low friction path to use that Docker compose method, to get where I want"
They also haven't yet addressed how things re-scale sideways. Pods, and scaling is why people wind up behind traefik or caddy, fronting a service. It's not because the service lies in RFC1918 (how I wish they had written kubernetes to V6 native) it's because the service is being delivered by multiple discrete runtime states "inside" and scales horizontally.