HBG_jacintooo
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights New
    • Engagement control
    • Make a copy
    • Transfer ownership
    • Delete this note
    • Save as template
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Note Insights Versions and GitHub Sync Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Engagement control Make a copy Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       Owned this note    Owned this note      
    Published Linked with GitHub
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    --- title: 'Final. FreeBSD Docker & podman' --- # Docker & podman ## material :::spoiler Details [Install and test some docker containers on FreeBSD](https://www.youtube.com/watch?v=dX2i2lbYx3k) [在FreeBSD系统上使用Docker](https://grass.show/post/use-docker-on-freebsd/) [Docker introduction](https://github.com/twtrubiks/docker-tutorial?tab=readme-ov-file) [Docs-chinese](https://docs-archive.freebsd.org/doc/12.1-RELEASE/usr/local/share/doc/freebsd/zh_TW/books/handbook/virtualization-host-virtualbox.html) [Docker Hub](https://hub.docker.com) [Docs](https://wiki.freebsd.org/Docker) [container1](https://hackmd.io/@tienyulin/docker-1) [container2](https://medium.com/@jinghua.shih/container-%E6%A6%82%E5%BF%B5%E7%AD%86%E8%A8%98-b0963ae2d7c6) [virtualization](https://docs.freebsd.org/en/books/handbook/virtualization/) ::: ## Introduction ### terms - Image 鏡像 / 映像 - Container 容器 = instance of image - Registry 映像檔倉庫 有點像 git 的 Repository ### 虛擬化(Virtualization) :::info 是一種資源管理的技術,可將電腦資源抽象化再進行分配 eg. disk, memory, internet.... ::: - 虛擬機(VM) - hyper-v: Host OS -> Guest OS - 有獨立作業系統 / CPU / RAM... - 安全性高 - 大又慢 - 容器(Container) - 共用在 Host kernel 運行 - 不用完整作業系統 - 跨平台性 - 小且快 ![image](https://hackmd.io/_uploads/ByEcA4oEyx.png =80%x) ### Docker v.s. Podman #### Docker :::info 開發於dotCloud公司,2013年推出的Go語言開源專案。 目前最流行的容器化技術,我們可以透過Docker將程式(code, library, runtime)包裝成image檔,丟到Registry(Docker Hub) 讓不同人在不同環境下快速地執行。 ::: - 守護程序 Docker Daemon 管理容器 => root - Docker CLI 與 Docker Daemon 通信 - Docker compose => 管理多容器 #### Podman :::info Red Hat 開發的開源容器工具,CRI-O project 中的一部分,目標是提供一個跟 Docker 相似體驗的 container CLI,不使用 daemon,而是直接透過 OCI runtime 來開啟 container,預設使用的是 rootless。 ::: - daemonless => rootless => more focus on security - 跟 docker 相容的指令 - pod => 多容器共享!(like Kubernetes) #### compare ![image](https://hackmd.io/_uploads/S1g-HHiE1e.png =80%x) ### shared regisry : Docker hub :::info Docker Hub 是一個雲端的映像檔案庫,存放著各種現成的 image 檔案 ::: - 開源專案 - Docker & Podman 共通社群 ![image](https://hackmd.io/_uploads/r1pj8IiVJe.png =30%x) ## Setup :::spoiler ###### 安裝 Podman ```console pkg search podman pkg install podman ``` ###### 添加 fdescfs 文件及自動掛載 vim /boot/loader.conf 並加上 fdescfs_load="YES" pf_load="YES" vim /etc/fstab 並加上: fdesc /dev/fd /fdescfs rw 0 0 ###### 配置 Packet Filter (PF) cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf ###### 查看網卡名並配置 ifconfig // 記住 網卡名"em0" vim /etc/pf.conf 並更改 v4egress_if = "em0" v6egress_if = "em0" ###### 啟用 PF 防火牆 service pf enable ###### 配置 Podman 的存儲 vim /usr/local/etc/containers/storage.conf 並更改 driver = "vfs" rm -r /var/db/containers/storage service podman enable ###### 啟用 PF 的本地流量過濾功能 vim /etc/stsctl.conf.local 加上 net.pf.filter_local=1 ###### 啟用 Linux ABI sysrc linux_enable=YES service linux start reboot 用 windows cmd / mac terminal 確認有沒有連上 ###### 配置容器註冊表 = Docker Hub vim /usr/local/etc/containers/registries.conf 並更改 unqualified-search-registries = ["docker.io"] ###### 配置時間同步(optional) sysrc ntpd_enable="YES" service ntpd start ntpdate -v -b in.pool.ntp.org ###### 測試 podman version podman run --rm docker.io/dougrabson/hello ::: ## implement #### I. 使用 Podman 啟動一個基於 Alpine Linux 的容器 podman run --rm --os=linux alpine cat /etc/os-release | head -1 #### II. 啟動一個基於 httpd:2.4(Apache HTTP 伺服器映像)的容器。 podman run --os=linux -d --name my-apache-app -p 8080:80 httpd:2.4 ###### 本機 8080 端口可以訪問 Apache HTTPD 伺服器。 search 192.168.163.10:8080 #### III. 打包自己的 image 並上傳到 docker hub ###### 創建一個專案目錄 & 建立 python 檔 mkdir my-python-app cd my-python-app vim hello.py ###### 編寫 Dockerfile ![image](https://hackmd.io/_uploads/HkPZyBiN1e.png =10%x) vim Dockerfile # 使用官方 Python 3.11 的 image 作為 base FROM python:3.11-slim # 設定工作目錄 WORKDIR /app # 複製應用程式到容器 COPY hello.py . # 設定執行命令 CMD ["python", "hello.py"] ###### 建立映像檔 podman build -t my-python-app . podman images ###### 執行剛才建立的映像檔 podman run --os=linux --rm [-it] my-python-app ###### 登錄到 Docker Hub podman login docker.io ###### 標記你的映像檔為可上傳到 Docker Hub 的名稱 podman tag my-python-app docker.io/jacintooo/my-python-app ###### 強制使用 IPv4 export PODMAN_FORCE_IPV4=1 export GODEBUG=netdns=go ###### 上傳到 Docker Hub podman push docker.io/jacintooo/my-python-app ###### 從 hub 下載 podman pull --os=linux docker.io/jacintooo/my-python-app --- #### IV. 儲存自己的images到本地 --- ## useful functions ![image](https://hackmd.io/_uploads/S19vnMs4kx.png =70%x) ![image](https://hackmd.io/_uploads/BJcRW7jV1x.png =70%x) #### container & image management ###### 從 remote Repositor 下載 image podman pull <image> ###### 檢查已下載的 image podman images ###### 列出所有 container state podman ps -a ###### 啟用 / 停止 container podman start/stop <container> ###### 刪除 container 或 image podman rm <container> podman rmi <image_ID> ###### 存入 new image podman commit <container> <image> #### 內外地儲存與傳輸 ###### 將 image 儲存為本地檔案 podman save <image> > image.tar ###### 從本地檔案匯入 image podman load < image.tar ###### 將 image上傳到 Docker Hub podman push <image> #### system information podman info podman version ## Q&A :::warning image可以包裝的內容有什麼? ::: :::info 1. 作業系統環境 2. 應用程式 3. code & dependency 4. 開發框架 5. ... ::: :::warning Docker Hub 與 Image 的使用流程是啥? ::: :::info **pull image** from Docker Hub => **run image** to create container => **commit** to make the container to be the new_image => **login** docker.io => **push** the new_image to Docker Hub ::: --- :::warning 容器在 FreeBSD 上運行時為什麼需要 --os=linux? ::: :::info Podman 是基於 Linux 容器技術設計的,FreeBSD 系統與 Linux 的內核特性不同,因此需要顯式指定目標操作系統(--os=linux),以確保容器在兼容模式下運行。 ::: --- :::warning container 與 image 差在哪裡? ::: :::info ![image](https://hackmd.io/_uploads/SJ15wXoNkg.png) ::: --- :::warning 這樣功能跟虛擬機差在哪? ::: :::info container => 使用宿主機的kernel(Linux kernel) Virtual Machine => 每個虛擬機都有自己的OS和kernel ![image](https://hackmd.io/_uploads/HJhinmiE1e.png) 當你從 Docker Hub 拉取 OS 的映像檔時,它只包含用戶空間環境(例如 /bin/bash、/usr/bin/apt 等),而kernel部分依然是宿主機的 FreeBSD Linuxulator 模擬出來的。 ::: ## Others :::spoiler 以下廢除 ### 安裝virtualbox pkg install virtualbox-ose ###### Port 會安裝一個核心模組在 /boot/modules,該模組必須在核心中載入 kldload vboxdrv ###### 要確保該模組在重新開機後會載入 => 加入下行到 /boot/loader.conf: vboxdrv_load="YES" ###### Bridging Support sysrc vboxnet_enable="YES" ###### 在安裝 VirtualBox™ 的過程中會建立 vboxusers 群組 ###### 所有需要存取 VirtualBox™ 的使用者均需要加入成為此群組的成員,pw 可用來加入新的成員: pw groupmod vboxusers -m jacinto_win11 ##### check! reboot kldstat | grep vbox // vboxdrv.ko sysrc vboxnet_enable // YES VBoxManage --version // 6.1.50r161033 ### 關閉windows上面的hyper-v (超複雜要進bios) [靠印度人](https://www.youtube.com/watch?v=45lMWL52hz0) ### 安裝docker-machine pkg install docker-machine ### 創建docker-machine docker-machine create --driver virtualbox myDockerHost ### 安装docker pkg install docker ### 聯到docker-machine eval $(docker-machine env myDockerHost) ###### ZFS、Jail、64bit Linux Compatibility Layer... ### I. create raw disk for 'zroot' ###### check ZFS running zpool list zfs list kldstat | grep zfs --- ###### 初始化硬盤 gpart create -s GPT /dev/da12 gpart add -t freebsd-zfs -a 1m /dev/da12 ###### 創建存儲池 zpool create zroot /dev/da12p1 ###### 創建文件系統 zfs create zroot/dockerfs mkdir /usr/local/dockerfs zfs set mountpoint=/usr/local/dockerfs zroot/dockerfs ###### ZFS dataset on /usr/docker 掛載 zfs create -o mountpoint=/usr/docker zroot/docker ###### check zpool status zfs list df -h :::

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully