I believe its not the first time – that when I post some article and it contains FreeBSD Jails and Containers in one sentence – it sparks vigorous discussions about it.
They were these at least:
- Minecraft Server in FreeBSD Jails Container
- Secure Containerized Browser
- FreeBSD Jails Containers
- RabbitMQ Cluster on FreeBSD Containers
Some people agree with me – that FreeBSD Jails are Containers – and some really do not.
Today I will try to find the last and only answer to that case.
IMHO the term Containers is not reserved to Linux Podman/Docker solutions. The term Containers was in the BSD/UNIX land long before Docker or Podman saw any light of day – and yet – now the new kids on the block are to decide what to call a Container or not?
The FreeBSD Jails were introduced in year 2000 as a Container technology – some called it improved chroot(8) on steroids also.
Well known to everybody not only in the FreeBSD world Allan Jude recently told in the Changelog Interviews – 574 – Lets Talk FreeBSD episode the following things.
“FreeBSD pioneered the practical implementation of containers in the year 2000, whereas we only saw containers and namespaces on Linux come much, much later. Now, it’s gotten maybe a lot more built on top of it since then, but the concept came originally from BSD.”
… and later in the same interview …
“FreeBSD’s container concept is called Jails. They basically are a chroot(8) that contains a different install of the OS, that can have other packages, and so on. And they have a restriction on which IP addresses it can use, and you can lock it down. It’s since grown a bunch of features, like the network namespaces, kind of like on Linux, where you can have this basically be almost like a lightweight VM. It has its own network stack, its own files, everything… and that’s how I run Plex on my FreeBSD ZFS machine, is I just have a Jail, and then inside that Jail I install the Plex package from FreeBSD‘s package system.”
… and more …
“And that concept has continued to grow, and Sun saw that concept and built their concept of Zones based on top of that… and that’s why ZFS has specific support for delegating datasets to a container. Because Solaris had its own concept that they borrowed the idea from FreeBSD. And then full circle, eventually ZFS comes back to FreeBSD and Linux, and support for those has landed.”
… and later …
“But it also has a concept called VNET, where you can have a completely isolated separate copy of the FreeBSD network stack. So in those containers, they can have their own complete network stack; that means they can have their own firewall. So each container can have its own complete separate firewall, with its own firewall rules. They can even have conflicting IP addresses. So you have two containers that have the same IP addresses, and as long as you don’t link them together, they won’t see each other and won’t have a conflict.”
In other words – Allan Jude referred to the FreeBSD Jails as Containers all the time.
In 2004 Sun introduced Solaris Containers (also known as Solaris Zones) – they were introduced 4 years after FreeBSD Jails happened and they both do exactly the same OS Level Virtualization.
HP with its HP-UX system – which last 11i v3 (B.11.31) official release was in 2007 (there were some patches after that) has HP-UX Virtual Partitions which are also officially called vPars Containers and it also has HP-UX Containers (SRP) and also HP 9000 Containers solution.
Only IBM within its AIX system named their OS Level Virtualization solution as WPAR – a Workload Partition – not a Container – maybe because of potential lawsuits …
It seems that even Microsoft uses term Containers when it comes to Windows systems – did not knew that before – referring to their own Windows Containers solution.
Lets compare that to cars for a moment … for example Ford Mustang is defined as Pony Car with large 2.8L-4.7L I6-V8 engines from 1964. Now in 1990 Honda starts to call its 1.4L I4 engine based Civic a Pony Car and says that from now on the cars from the 60s/70s that were earlier called Pony Cars will be called Trucks instead … I do not like this kind of rewriting of the history.
Other quote from johnklos for it:
“So does the popular usage of container outweigh the proper definition? Does the popular usage of Linux outweigh the proper definition?”
More quote from satanist here:
“I say Docker/Podman/… is not a container (solution). It’s container management (or something like this). Yes when someone explain how you build something like Jails with cgroups and namespaces on Linux I would also accept this has Container in the title. I also accept when some other article go there and use the industry definition for there article.
Another quote from satanist later:
“I can understand that it’s might be surprising to hear someone claim that Jails are containers, when only know the OCI Container idea. But on FreeBSD you had all the tools to build something like Docker way before Docker (or OCI) was a thing. But till the Podman port, nobody had written or ported a Docker like solution. But there are solutions to have some big infrastructure managed with FreeBSD, you just need to look a bit around and not only look through the lens of OCI.”
When it comes to Containers you can have single process FreeBSD Jails just like you can with Docker/Podman:
You can use Bastillefile exactly the same as you use Dockerfile with BastilleBSD and so on:
More from satanist user:
“To explain it a bit better: When I use for example Podman, I get/create some application image (or image description) and give it to Podman. Podman now creates an container and start the application in the container. On Linux this is done by a mix out of cgroups and namespaces. On FreeBSD only Jails are necessary. So I would call Jails a container.
The difference is on Linux is not so easy to manually create your own container. You mostly need some container deployment solution like Docker, Podman, … on FreeBSD you can very easy play around with manual crafted container.
This is why I hate Docker and all modern container stuff. It implies you need Docker like container deployment to use software in a bigger system. Which causes Docker to be your primary OS. I know DevOps love this, but I think DevOps is a big mistake.”
I personally do not accept that Linux originated/oriented people can ‘steal’ the Container terminology that was used for decades in UNIX systems as alias for OS Level Virtualization technology.
People tell me to stop calling the FreeBSD Jails as Containers when they have almost none of the properties of an OCI Containers features.
I believe most of the arguments against would be from David Chisnall – like those:
“Containers have an image abstraction that lets you build filesystems out of deltas applied to CoW snapshots. These serve as a building block in the distribution and deployment model. Containers separate the image from the per-deployment state (either ephemeral, built as an additional layer, or as a volume that persists across multiple container invocations and can be shared).
Jails are one of the FreeBSD features that implement the container model. ZFS is another. RACCT and pf(4) are others.
Just using Jails is not building a container deployment, it is just a Jail deployment. That is a useful thing for some use cases, but every time you post something like this claiming that it’s a container you make Linux users less likely to switch because they see this and think FreeBSD has no container solution, which is untrue (containerd/Podman, xc, and potluck are all viable container systems on FreeBSD, though I think only the first three are OCI compliant).”
… and more in other comment.
“Because, to people who manage large container deployments, containers are first and foremost a model for packaging, distribution, deployment, and orchestration. They depend on an isolation technology (of which there are many options, including Kata Containers on Linux that create very lightweight Firecracker VMs that share a filesystem with the host OS), but that is an implementation detail.
Turn that around. If someone wrote a tutorial that described how to set up cgroups and namespaces and then called it a container tutorial, would you think it made sense? Or would you think that the person didn’t understand containers.
Now imagine if FreeBSD were the dominant open source platform, and everyone used Docker or Podman for container deployments on FreeBSD. You come across an article explaining how to set up namespaces on Linux and restrict them with cgroups, then install a program into them and run it. Would your reaction be ‘oh, great, Linux has a good container solution’ or ‘Linux people have no idea what containers are’?”
… and more.
“I have no problem with people writing tutorials on how to do things with Jails on FreeBSD. The fact that they are a self-contained abstraction that can be used with or without containers is valuable. Writing an article that says ‘FreeBSD has several great container solutions but they all use this core primitive for isolation and you can use that without all of the container infrastructure if you want to, here’s how’ is great FreeBSD marketing.
But when then industry understands ‘containers‘ to mean something and you write an article with ‘Container‘ in the title that does not do any of these things, it is good anti-FreeBSD marketing.”
There are probably other similar voices over the Internet – if I missed any important one – you know how to ping me.
This seems to be the root issue of all these misunderstandings.
IMHO the FreeBSD Jails are Containers technology – but alone they are not OCI Containers … and a lot of people feel like that Containers equals OCI Containers these days.
That is IMHO the root of the problem and origin of all misunderstandings.
Lets have a pool what most people think FreeBSD Jails are then.
EOF
English (US) ·