Antranig Vartanian

July 1, 2023

A customer asked me to help them setup a tiny lab with many open-source tools. They are planning to move from corporate services to open-source alternatives such as NextCloud, Gitea, etc.

Unfortunately, they run only Linux, Ubuntu to be more specific, and as a UNIX gentlemen, I didn’t want to put everything into a single host, so I decided to use containers, in this case, LXC, a.k.a Linux Containers.

How hard could it be?

Oh god, layers of abstraction on within the system that have no idea about each other.

Like, who would assume that LXC would automatically download and install dnsmasq and assign IP addresses without my knowledge, or that it would push rules into the firewall?

The more I use Linux Container, the more I understand why FreeBSD Jails / illumos Zones didn’t win.

People don’t want automation or control, they want “please do this for me as I don’t wanna do it myself” tools.

I’d expect at least a message post-installation that says “We have installed and configured dnsmasq, reconfigured some systemd things, modified the following file (which is not mentioned in any man page, so you can use Google instead of man/apropos) and will use IP address ranges that you didn’t approve”

Is this why Docker won? Is it because people DIDN’T want to learn how to do software packaging? I hope not. I wanna believe its because developers wanted to “think operationally”

Oh, and from a FreeBSD perspective, what’s even more weird is that

  1. there are no proper manual pages.
  2. the documentation is weird. It talks about a utility named lxc but I’m using 20 utilities named lxc-*, and I still cannot find the proper documentation for that
  3. it’s very much segmented. For example, on FreeBSD, we talk about which is better, jail.conf, BastilleBSD, pot, AppJail or Jailer. Here the same utility (lxc) that has multiple config files with no proper versioning, pretty complex manual pages and the not even examples or HowTos.

I’m looking at this and thinking ”oh well, if we build a proper tool, I bet we can win some of the market” until you realize, of course, that when people hear FreeBSD, they will be thinking ”it’s not Linux? maybe it’s not worth it, otherwise I would’ve heard about it”

I’m just angry here. Please ignore my rants.

Cheers y’all.

Reply via email.

5 thoughts on “

  1. Pete Wright

    @antranigv I think you hit the nail on the head with docker. It’s so frustrating as someone who fought packaging on Linux for a long time, only to see all the anti patterns wrapped up with a big marketing budget blow the little bit of traction on portability in Linux away.Also…you didn’t mention the mess that’s iptables 😅

  2. Dan McDonald

    @antranigv 1. You just earned a follow.2. #illumos distro #smartos does more than the stock illumos zones. I didn't understand why until I went to Joyent; people really don't wanna think about it.3. I believe you can do it cleanly, but move-fast-break-things seems to be very evident in LXC.

  3. The Psychotic Network Ferret

    @antranigv Systems administration is a dying art. I'm the way way, I use FreeBSD jails and Illumos zones to engineer proper solutions that are reliable and scrabble.Docker is a dumpster fire waiting for ignition, but hey, at least you don't have to actually learn anything to use it.

  4. Jeff Rizzo

    @antranigv Of *course* people want "do this for me". I'm certainly not going to put myself in a position to explain to someone "here's all these details which, if I did my job correctly, you shouldn't need to care about"There is, however, an ethical responsibility of those building tools to make them 1) safe to use by their intended audience and 2) comprehensible to those who would maintain and extend them. How we solve this problem as a community is the Big Question. As a *BSD person who now mostly (but not entirely! I still install NetBSD when I can) uses Linux based tools, I've had to come to the "better to light a candle than curse the darkness" side of things. Improve where you can, point out flaws where they're apparent. It's the best we can do.

  5. Anonymous

    @antranigv yeah docker is a typical example of it works and I don't want to know why.This has the advantage that you just have to read a 3 page how-to to get started, but than you are committed to something you don't fully understand.With jails it's the other way around. To use it you have to first understand FreeBSD and all its networking and filesystem features, and then you also need to figure out how to package your program.Docker is like quicksand, easy to get in difficult to get out.

Comments are closed.