Skip to main content
Honeyguide
  1. Tech Blog/

Build and run your own FreeBSD-native containers with Buildah, Containerfiles and Podman (updated!)

3 mins·
Buildah Podman Freebsd Containers

Build and Run Your Own FreeBSD-native Containers with Buildah, Containerfiles and Podman
#

This is an updated version of an earlier blog post. There is now an official FreeBSD container image and the approach of a base image with clones is no longer supported

Introduction
#

Would you like to run a full Docker-style setup under FreeBSD?

Did you hear it’s not possible? Not production-ready? Or a bit iffy?

Would you like to try anyway?

Building a container with buildah from Containerfiles
#

On your host, or newly-created virtual machine:

pkg update
pkg install podman-suite

To properly support Podman’s container restart policy, conmon needs fdescfs(5) to be mounted on /dev/fd.

echo "fdesc  /dev/fd  fdescfs  rw  0  0" >> /etc/fstab
mount -t fdescfs fdesc /dev/fd

Create /etc/pf.conf with the following contents. If the network interface is not vtnet0, adjust to the correct interface name:

# Change these to the interface(s) with the default route
v4egress_if = "vtnet0"
v6egress_if = "vtnet0"

nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)

rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
table <cni-nat>

Make sure to enable and start pf:

service pf enable
service pf start

Make sure to enable and start the podman_service service:

service podman_service enable
service podman_service start

To get started, import the FreeBSD Official OCI Image into the local image repo:

podman load -i=https://download.freebsd.org/releases/OCI-IMAGES/14.2-RELEASE/amd64/Latest/FreeBSD-14.2-RELEASE-amd64-container-image-minimal.txz

Then create a minio container. First make a directory and enter it, then create Containerfile and entrypoint.sh as follows:

mkdir -p mycontainers/minio
cd mycontainers/minio
nano Containerfile

Add to Containerfile:

FROM localhost/freebsd14-minimal:14.2-RELEASE-amd64
MAINTAINER Your Name <your@email.address>

# Set default environment variables
ENV MINIO_USER="admin"
ENV MINIO_PASS="l0ng-c0mpl1c4t3d-p4ssw0rd"

# setup pkg source
RUN mkdir -p /usr/local/etc/pkg/repos
ADD FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf

# bootstrap pkg
RUN ASSUME_ALWAYS_YES=yes pkg bootstrap -f
RUN ASSUME_ALWAYS_YES=yes pkg update -f

# install openssl and ca_root_nss
RUN ASSUME_ALWAYS_YES=yes pkg install -y openssl
RUN ASSUME_ALWAYS_YES=yes pkg install -y ca_root_nss

# Install minio
RUN ASSUME_ALWAYS_YES=yes pkg install -y minio
RUN ASSUME_ALWAYS_YES=yes pkg clean -ay

# Set entrypoint
ADD entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT "/usr/local/bin/entrypoint.sh"

Create the entrypoint.sh file with executable permissions:

nano entrypoint.sh && chmod +x entrypoint.sh

Add to entrypoint.sh:

#!/bin/sh
MINIO_ROOT_USER="${MINIO_USER}" MINIO_ROOT_PASSWORD="${MINIO_PASS}" MINIO_PROMETHEUS_AUTH_TYPE=public /usr/local/bin/minio --quiet server --address=":9000" --console-address :9001 /var/db/minio

Create a FreeBSD.conf file with contents:

FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}

Create the minio container and publish to localhost repository in one command:

sudo buildah bud -t minio-0.0.1 .
cd ..

Persistent storage
#

For persistent storage, the container will use a mounted in ZFS dataset.

Create a ZFS dataset for the persistent data, assumes zroot/data is at /mnt/data.

sudo zfs create zroot/data/minio

Running a Container With podman and Variables
#

Run the container with podman as follows:

sudo podman run -dt \
  --ip=10.88.0.2 \
  --volume "/mnt/data/minio:/var/db/minio:rw" \
  -e MINIO_USER="admin" \
  -e MINIO_PASS="set-your-own-password" \
  -h minio1 \
  minio-0.0.1:latest

Check the container is running with:

sudo podman ps

Minio will be available at 10.88.0.2:9000

If you wish to expose minio to rest of network, run podman with the following options, and minio will be avalable at <host-ip>:9000:

sudo podman run -dt \
  --ip=10.88.0.2 \
  --volume "/mnt/data/minio:/var/db/minio:rw" \
  -e MINIO_USER="admin" \
  -e MINIO_PASS="set-your-own-password" \
  -p 9000:9000 \
  -p 9001:9001 \
  -h minio1 \
  minio-0.0.1:latest

Conclusion
#

It’s possible to run Docker-style FreeBSD-native, containers on FreeBSD.

More complicated setups for virtual data center environments are covered in this blog post.

Related

Build and run your own FreeBSD-native containers with Buildah, Containerfiles and Podman
3 mins
Buildah Podman Freebsd Containers
Build and run your own FreeBSD-native containers with Buildah, Containerfiles and Podman # This is a deprecated version of the blog post. There is now an official FreeBSD container image and the approach of a base image with clones is no longer supported
Micropod-sampler: A minimal viable FreeBSD-based container virtual data center
3 mins
Micropod Ansible Buildah Podman Freebsd Containers
Micropod-sampler: A minimal viable FreeBSD-based container virtual data center # The Micropod-sampler ansible playbook is a minimal viable OCI container-based virtual data center.
Run Your Own Mastodon Server on FreeBSD in a Potluck Container
6 mins
Mastodon Postgresql Redis Social Media Fediverse Ansible Potluck Freebsd Jails
Introduction # Have you heard of Mastodon? Mastodon is a self-hosted social networking service, where independently run servers federate content to each other using ActivityPub.