
BSDploy – FreeBSD jail provisioning - HugoDaniel
http://docs.bsdploy.net/en/latest/
======
ianai
Why doesn't *BSD have a greater market share? I just set up an openbsd
firewall and loved it. Plus I have experience with zfs on FreeBSD-also loved
it.

~~~
junk_disposal
In my opinion (mostly Debian user with a bit of FreeBSD playing), people use
Debian as a server for the same reason a lot of people like MacOS over Linux -
It Just Works.

1\. For many years, the only way to install software was ports. Now if you're
a full time sysadmin with time on his hands, it's great. But if you just need
something up and running fast (and if you don't know your software internals,
and don't know if you'll need perl's FLAG_ABC) , it's horrible.

It just feels like Linux in the 90's (been there), where recompiling the
kernel/freex86 was a right-of-passage into Linux hackerdom. Nowadays, most of
the time it's just not worth it.

2\. apt vs ports/pkg. This is actually the biggest thing keeping me on Debian
- stable + backports.

If I'm running my server, I want things to be stable. Now I know that there's
no other project the size of Debian, which can backport security fixes to two
year old software (and sometimes four year old software), but there's nothing
like apt update && apt upgrade and 99% of the time have everything update
without a hitch.

Yes, FreeBSD is more elegant (why couldn't GNU/RedHat have just modeled
ifconfig rather than ifconfig, ifup, ip, etc.). Yes, FreeBSD's man pages are
amazing (which is quite important, as there's not as many FreeBSD blogs
around), but if you're learning a new system (coming from Windows), Linux
isn't that much harder to learn than FreeBSD.

 __EDIT __

And RedHat?

They work like Oracle - You pay them, and they'll hold your hand, and (unlike
Oracle) they release their software under an OS license.

If you're a non-tech Fortune 500, that's _very_ important.

Note, by the way, that those two distros have the vast majority of GNU/Linux
installs.

~~~
chrisper
Debian doesn't always just work, because a lot of packages are very old. I
think Ubuntu is (or is supposed to be) more "just works." But I think this is
a personal point of view thing.

Also I think the FreeBSD handbook is awesome, even for newcomers. Is there
something like that for Debian?

~~~
junk_disposal
>Debian doesn't always just work, because a lot of packages are very old.

If you need new packages, you don't run stable.

You run stable if you need things, well, stable and "just works".

~~~
chrisper
My point is that Debian does not always just work. That is my argument. It
very well may "just work" in your use case, but it doesn't "just work" for all
cases like your original comment seem to point out.

Also, there is a difference between new, like bleeding edge (e.g. Fedora), or
newer (like Ubuntu or Debian Testing).

I don't know if *BSD "just works" either, but that is not what I am arguing
here. I am making a point against your statement that Debian "just works."

------
tete
A similar amazing project in my opinion is iohyve. It has a fairly large
portion of what you need to become a vserver provider in one command, easy to
use:

[https://github.com/pr1ntf/iohyve](https://github.com/pr1ntf/iohyve)

~~~
Mordak
Also vm-bhyve, which I've been happily using since 2015. Also amazing, also
dead simple.

[https://github.com/churchers/vm-bhyve](https://github.com/churchers/vm-bhyve)

It is nice that there are multiple wrappers around bhyve - competition is
good, and it shows a healthy community.

------
jimktrains2
I've never understood why jails didn't take off. I guess maybe since linux
took off and the bsds didn't, but they're just nice and elegant.

~~~
icebraining
Linux "containers" didn't take off before Docker either, despite existing for
many years (first in the form of OpenVZ, then as LXC).

~~~
unethical_ban
I can't get my head around docker, and LXC is so much easier to understand.
It's a lightweight VM, administered traditionally. It's easy!

~~~
reacharavindh
There There! I think the same way. I feel like LXC is super powerful and
flexible at the same time. Docker and all its terminology around(docker file,
compose, swarm and many more) just feels like unnecessary complexity.. A few
unixy scripts to automate LXC commands and The infrastructure should be set.
The less wheels to grease the better at this level.

------
johnsmith21006
To me the separation of kernel and OS with Linux versus all together with BSD
makes the container solution cleaner.

Take Google that is rumored to be using the same kernel in their cloud,
ChromeOS and Android.

They concievably could have the same kernel from iOT, wearables, phone,
tablet, 2 in 1, laptops, TV and cloud.

Google now is using the container functionality in ChromeOS to enable Android.
Now if they give access I can run my cloud service on a laptop or a tablet.
Instead of spending a fortune for a Swift version and a copy in Java.

But I also could develop once and deploy. Google has the containers like!E
this on ARM and X86 and in their cloud on Power.

Now the containers are arch specific but not far from fixing that.

Google needs to allow a second SSD that is walled from the system SSD and give
us access to launching containers. We get such storage in something like the
M3 with rumored 16gb Samsung Pros but it is flash.

It is just not possible to do the same in BSD based on my very old experience.
Has it changed?

------
thecolorblue
Is this docker for BSD or is there more going on here?

~~~
djsumdog
Docker for FreeBSD is over a year out of date and not production ready. I
tried to use it for some things and it does work, but doesn't support any of
the newer APIs in newer versions of docker compose and other orchestration
tools.

I really wish the Docker team would have made FreeBSD a first-class citizen,
considering the native zfs support in FreeBSD. Currently the only thing Docker
runs on natively is Linux. Even with the newest MacOS/Win variants, it still
running in a hypervisor.

~~~
justincormack
Docker runs natively on Windows as well as Linux, with no hypervisor. There is
a Solaris port being worked on (unless it got cancelled). We would love an
upstream FreeBSD port, I have talked to a few people who are interested in
working on it. The ZFS side should be fine as there is already support, and
the old port should be useful as a basis.

~~~
johnsmith21006
Containers use the Linux kernel. How does a Linux container run native on
Windows? Are the entry points mapped? How does Windows enable shared read
between containers? With Linux it is the dir path and then inodes. How does
Windows pull this off? How does SElinux work?

What is exposed inside Windows?

~~~
justincormack
Windows containers use the Windows kernel. Windows does not have SELinux so of
course that is not supported. It runs Windows program not Linux programs, so
there is no mapping of entry points. There is lots of docs from Microsoft eg
[https://docs.microsoft.com/en-
us/virtualization/windowsconta...](https://docs.microsoft.com/en-
us/virtualization/windowscontainers/quick-start/quick-start-windows-server)

------
twic
> BSDploy’s scope is quite ambitious, so naturally it does not attempt to do
> all of the work on its own. In fact, BSDPloy is just a fairly thin, slightly
> opinionated wrapper around existing excellent tools.

But how is the author going to become rich and famous and be invited to all
those conferences doing that? They need to drop this silliness and write the
whole thing from the ground up! Get cracking, we want to see AT LEAST 30 000
lines of Go, or 10 000 of OCaml!

~~~
ianai
S/he threw about 100,000 lines of fortran in for rendering a completely CGI
cat gif.

~~~
jmspring
He needs to integrate it with systemd

~~~
kchoudhu
FreeBSD, thank god.

