The FreeBSD OCI Runtime Extension Working Group conducted a time-boxed testing program for its experimental implementation of Podman on FreeBSD. The project ran from September 2, 2024, to October 11, 2024, with the primary goal of gathering feedback from experienced Podman or Docker users to understand user needs and improve container support on FreeBSD through the OCI Runtime Extension.
- Evaluate the experimental implementation of Podman on FreeBSD
- Gather user feedback on functionality, performance, and usability
- Identify bugs, improvements, and feature gaps
- Assess the viability of Podman as a container solution for FreeBSD
- Podman Implementation: A port of Podman to FreeBSD, providing an OCI container stack
- Runtime: Utilization of ocijail for running containers on FreeBSD
- Storage: Support for ZFS and VFS storage drivers, with ZFS recommended for efficiency
- Networking: Implementation of Docker-style networking using ported CNI network plugins
- Container Images: Compatibility with containerd image formats and infrastructure
- Building Tools: Integration with Buildah for creating container images
Participants were required to:
- Use FreeBSD 13.1 or later (preferably the latest stable release)
- Implement ZFS storage
- Install Podman (sysutils/podman or sysutils/podman-suite from Ports/Packages)
- Pull base container images from community sources
Participants were encouraged to:
- Deploy their own workloads or use provided sample applications
- Utilize automation tools like Ansible for deployment and testing
- Build custom containers using the provided Dockerfile examples
- Test various aspects of container management, including networking and storage
- Issues were logged on the test project's GitHub repository
- Categorization of feedback using labels
- Weekly office hours were held for direct interaction with the working group
Podman itself performed well in the testing period. The main areas of feedback were mainly related to the general maturity of areas such as documentation, configuration, use of image registries, and dependencies that would allow the user to discover and use related tools.
Some potential improvements have been suggested that align mainly with the handling of image registries and configuration management. Logged at https://github.com/oci-playground/freebsd-podman-testing/issues
- Possible improvement: align lock location with FreeBSD convention (/run/lock/podman-cni.lock -> /var/run/lock/podman-cni.lock) #20
- Possibly ambiguous config item in containers/container.conf #19
- docs: set default registry to containers-registries.conf or add instructions to manually update it #15
- docs: Use an open registry for images referenced in documentation #10
- feat: set default registry #9
- Add catatonit as a dependency of either podman-suite or podman #7
Logged at https://github.com/oci-playground/freebsd-podman-testing/issues
- After S3 suspend and resume any of Podman bridge and host-side epairs sometimes end up down. #21
- Failure: "operation not permitted" inside jail #18
- Rootless containers
- Lack of resource limits
- Some of our Office Hours did not have participants, which meant that Doug and Alice had to wait online for the duration.
- During the test period, there was a Containers on FreeBSD tutorial at EuroBSDcon, but we didn’t cross-promote the two, which was a missed opportunity.
- Towards the end of the program, it became clear that we had no single effective way of sending push communications to our test participants. Some detective work on finding people through LinkedIn, etc., provided a route to sending messages, and we invited people to join the Jails mailing list. We should do this at the start next time.
- Our social media campaign helped raise awareness, but I think we could have done more to promote it.
- We got almost no engagement on Slack.
- It was the first time we had run such a testing project, and it went well. It gave us good feedback and helped to develop a nucleus of interested users.
- Using a test-project-specific repo on GitHub worked well.
- The OCI project was helpful in setting up our Office Hours and recording and distributing the recordings on YouTube. They also hosted our GH repo and the Slack channel for the overall OCI runtime extension working group.
- We had approximately 8 people meaningfully engaged in the program and a further handful who engaged with issues logged.
- About half of these attended office hours at some point; the rest engaged by raising issues in the Podman on FreeBSD test GitHub repo.
- We will continue to take feedback and provide asynchronous support for testing Podman on FreeBSD until the end of 2024. There will not be any more office hours, but we will continue to monitor the GitHub repo for issues.
- The next steps for developing Podman on FreeBSD development are to:
- Improve documentation.
- Improve configuration options.
- Improve use of image registries.
- Add support for rootless containers.
- Add resource limits.
- Add support for netavark (an alternative to CNI), the preferred network management tool for Podman.
- Timeline for advancing Podman towards production readiness
- Experimental FreeBSD base images as part of regular FreeBSD release. Planned for 14.2 but may slip to 14.3.
- Add support for FreeBSD in the Podman integration test suite and enable FreeBSD testing in Podman CI.
The test project was a good experience. It helped to build a group of people interested in Cloud Native Containers on FreeBSD. Their feedback has been helpful in finding areas for improvement. Running a test project has given us some experience to build on for future similar projects. The test project also helped to raise awareness about the work.
Thanks to everyone who invested time and effort in this critical testing exercise:
-
Doug Rabson for all his hard work and dedication to the OCI work for FreeBSD.
-
FreeBSD Foundation for providing program management resources for this program.
-
The Open Container Initiative for hosting the test GH repo and managing the Office Hours calls.
-
All the test participants.