# Better default experience with Docker from FreeBSD hosts



## Andrew Pennebaker (Oct 16, 2017)

The Docker package for FreeBSD requires some manual configuration in order to work:

* The ca_root_nss package is necessary, but for some reason the docker package does not currently mark ca_root_nss as a dependency.
* The Docker service is not enabled by default. Would be nice for docker_enable="YES" to be concatenated to /etc/rc.conf as a post-install step for the docker package.
* The /usr/docker mountpoint is necessary for the Docker service to start, but this mountpoint is missing out of the box. Would be nice for the docker package to automatically run "zfs create -o mountpoint=/usr/docker zroot/docker" as a post-install step.

So with three minor tweaks, the docker package would become much easier to use by default. Currently, I'm running a bootstrap.sh script to automate these steps.

https://github.com/mcandre/hello-docker-freebsd/blob/master/bootstrap.sh

But I'd love to see this configuration managed by pkg for me


----------



## rigoletto@ (Oct 17, 2017)

Hi Andrew Pennebaker !

As far I know most of FreeBSD folks are not really interested sysutils/docker, but bhyve. I believe it is more a FreeNAS endevour.

Due to apparent lack of specific mailing list and irc channel, you may would like to contact the sysutils/docker maintainer directly.

EDIT: anyway, about your 2nd point, it is not a practice to ports/packages automatically add/start services in FreeBSD. Most likely to be against the rules...

Same can be said, I think, about your 3rd point, something like that should be made by the software it self, ever if it will do that automatically, during the first usage.

You could take a look at ports-mgmt/poudriere or sysutils/iocell (among others) what does create zfs filesystems for its own usage.

EDIT_2: that said, nothing is holding you to create a FreeBSD docker manager, like sysutils/iocell is for FreeBSD Jails, and sysutils/iohyve for Bhyve, or sysutils/cbsd for both, and like many others similar tools. 

Cheers!


----------



## Oko (Oct 17, 2017)

lebarondemerde said:


> Hi Andrew Pennebaker !
> 
> As far I know most of FreeBSD folks are not really interested sysutils/docker, but bhyve.


sysutils/docker, and Bhyve are completely unrelated technologies. Bhyve is an immature (IMHO) attempt in the Type 2 Hypervisor for FreeBSD (OpenBSD similarly has equally immature VMM). Comparable Red Hat Linux technology would be KVM. I always thought that FreeBSD would have being better server by porting mature Type 1 Hypevisor Xen Dom0 (please don't point me to the port. It is experimental and not production ready). NetBSD can act as Dom0 but the port was never properly completed (MP is still not possible on Dom0 after 10 years in the pkgsrc). So my recommendation for Dom0 would be Alpine Linux  which accidentally takes us to docker. Docker is essentially a version of PBI of now terminated PC-BSD project which coincidentally is very commonly based on Alpine Linux images due to their small size. (Linux Containers would be equivalent of Jails) . Due to the wide spread incompetency among Linux crowd and super low quality documentation Docker became very popular tool for delivering complex pieces of software. Many government agencies want deliverable these days in the form of Docker images. I am dealing at work with those people on the daily base. People who need that thing have no business using BSDs period.

Since sooner or later somebody is going to mention I will also say that proprietary SmartOS (I consider FreeNAS and PFSense also proprietary freeware) based of Illyminus supports Solaris Zones (much more mature and polished equivalent of FreeBSD jails for Solaris with sophisticated virtual network Crossbow) and  KVM so it is good for people familiar with Solaris but irrelevant for the Docker discussion.

Edit: Apparently SmartOS (I am not sure how is that possible) supports Docker. I was oblivious to that fact so it might have everything one needs for visualization


----------



## rigoletto@ (Oct 17, 2017)

Yep, I know docker and Bhyve are very different technologies since Bhyve is a Hypervisor, but while not the same both share similar user cases.

What I was willing to explain is if some folk will spend time develop one of them, most folks certainly would go to Bhyve.


----------



## SirDice (Oct 17, 2017)

Andrew Pennebaker said:


> The Docker package for FreeBSD requires some manual configuration in order to work:


Pretty much everything you install on FreeBSD needs configuration.



> * The ca_root_nss package is necessary, but for some reason the docker package does not currently mark ca_root_nss as a dependency.


It's not necessary for the port to function. It's only required if you use SSL with a properly signed certificate. People who only use self-signed certificates or don't use SSL don't need it.



> * The Docker service is not enabled by default. Would be nice for docker_enable="YES" to be concatenated to /etc/rc.conf as a post-install step for the docker package.


This is by design. All ports/packages that have services are required to be disabled by default.



> * The /usr/docker mountpoint is necessary for the Docker service to start, but this mountpoint is missing out of the box. Would be nice for the docker package to automatically run "zfs create -o mountpoint=/usr/docker zroot/docker" as a post-install step.


This is left for the implementer (that means you) to do. And loops back to the premise that nothing is configured automatically.


----------



## ShelLuser (Oct 18, 2017)

Andrew Pennebaker said:


> * The ca_root_nss package is necessary, but for some reason the docker package does not currently mark ca_root_nss as a dependency.
> * The Docker service is not enabled by default. Would be nice for docker_enable="YES" to be concatenated to /etc/rc.conf as a post-install step for the docker package.
> * The /usr/docker mountpoint is necessary for the Docker service to start, but this mountpoint is missing out of the box. Would be nice for the docker package to automatically run "zfs create -o mountpoint=/usr/docker zroot/docker" as a post-install step.


As others said, this is by design. The last thing I would want is for packages to become "smart" and start to decide for me what to do, there really is no need for any of that, and generally speaking this will always be highly counter-productive.

As to the service not being enabled: there's also no need. `# service docker onestart` can be used to start something without it being enabled in /etc/rc.conf. Note that this is often a bad idea, especially when you're dealing with services which require extra configuration options to be specified. Still, it works 

The ZFS issue: why assume that people use zroot or want to use that in the first place?  When I messed with Docker (quite briefly, I'm not really a fan to be honest) I resorted to using zdata, which is my second ZFS pool.

But yeah, packages not trying to be smart and automatically trying to mess things up is what I consider to be a major pro for FreeBSD.

Maybe a tip: `pkg info -Dx <package>`. If you need to check a package installation message(s) then that's the way to do that.


----------

