Richard Bucker

Virtual Machines Jails Chroot Docker

Posted at — Apr 19, 2021

Will Dell actually spinoff VMware? What does that mean to you/me?

I use VMware almost exclusively for my development and some light qa and production needs; but in the wake of the VMware news I’m concerned for the same reason that RedHat pulled the plug on traditional CentOS. This sort of shift in the force happens every few years and so it’s not too much to be concerned about as it just means you have to adapt to whatever’s next.

Some flags:

It’s the sort of thing that can drive a person mad. And so I started looking into OpenBSD vmm and FreeBSD bhyve. Virtual Machines have the benefit that the guest may be any OS that is supported. (not to be confused with QEMU which is more of an emulator than a VM).

OpenBSD is a great OS, however, after spending a weekend on VM, networking, MDNS, and autoinstall; I’m about atthe end of my rope. I really like OpenBSD becaue it’s attention to security, kernel implementation best practices, and that they actively delete code that is deprecated. As a result OpenBSD is 2.5M LOC which means there is less to go wrong.

NOTE: The linux kernel and android teams are starting to accept rust submissions in the kernel. It’s anyone’s guess whether that is a good idea, however, the Android team has acknowledged that most of the recent bugs are recent submissions. It’s anyone’s guess whether that’s on purpose or incompetetance from freshman developers.

Chroots and jails are the original containers. Jails are chroot with networking. Most of my work uses chroots for all the usual reasons and I’ve forgone the jail because I want to be able to run on multiple unix. The advantage of chroot and jails are resources. They can be shared among all the applications and services where in a VM they need to be pre-allocated; and there are side effects with both.

Docker has also been in the news in the last year.

Most docker deployments include a full OS because that’s what most novice devops do. When in fact scratch is where you app should be installed. Docker requires a lot of tooling in the environment. Simple one-off containers are just too sticky.

In conclusion there isn’t one. There’s going to be a lot of personal preferences, depth of experience, and lots of disaster recover consideration.