freebsd | Alexander Leidinger

Strategic thinking, or what I think what we need to do to keep FreeBSD relevant

Since I participate in the FreeBSD project there are from time to time some voices which say FreeBSD is dead, Linux is the way to go. Most of the time those voices are trolls, or people which do not really know what FreeBSD has to offer. Sometimes those voices wear blinders, they only see their own little world (were Linux just works fine) and do not see the big picture (like e.g. competition stimulates business, …) or even dare to look what FreeBSD has to offer.

Sometimes those voices raise a valid concern, and it is up to the FreeBSD project to filter out what would be beneficial. Recently there were some mails on the FreeBSD lists in the sense of “What about going into direction X?”. Some people just had the opinion that we should stay were we are. In my opinion this is similarly bad to blindly saying FreeBSD is dead and following the masses. It would mean stagnation. We should not hold people back in exploring new / different directions. Someone wants to write a kernel module in (a subset of) C++ or in Rust… well, go ahead, give it a try, we can put it into the Ports Collection and let people get experience with it.

This discussion on the mailinglists also triggered some kind of “where do we see us in the next years” / strategic thinking reflection. What I present here, is my very own opinion about things we in the FreeBSD project should look at, to stay relevant in the long term. To be able to put that into scope, I need to clarify what “relevant” means in this case.

FreeBSD is currently used by companies like Netflix, NetApp, Cisco, Juniper, and many others as a base for products or services. It is also used by end-users as a work-horse (e.g. mailservers, webservers, …). Staying relevant means in this context, to provide something which the user base is interested in to use and which makes it more easy / fast for the user base to deliver whatever they want or need to deliver than with another kind of system. And this in terms of time to market of a solution (time to deliver a service like a web-/mail-/whatever-server or product), and in terms of performance (which not only means speed, but also security and reliability and …) of the solution.

I have categorized the list of items I think are important into (new) code/features, docs, polishing and project infrastructure. Links in the following usually point to documentation/HOWTOs/experiences for/with FreeBSD, and not to the canonical entry points of the projects or technologies. In a few cases the links point to an explanation in the wikipedia or to the website of the topic in question.

Code/features

The virtualization train (OpenStack, OpenNebula, oVirt, CloudStack, Kubernetes, Docker, Podman, …) is running on full speed. The marked is as big/important, that solution providers even do joint ventures on crossing borders between each others, e.g. VMware is opening up to integrate their solution with solutions from Amazon/Azure/Google. The underlying infrastructure is getting more and more unimportant, as long as the services which shall be run perform as needed. Ease of use and time to market are the key-drivers (the last little piece of performance is mostly important for companies which go to the “edge” (both meanings intended in a non-exclusive-or way) like Netflix for their FreeBSD based CDN). FreeBSD is not really participating in this world. Yes, we had jails way before anyone else out there had something smilar, and some even do not have that right now. But if you are realistic, FreeBSD does not play a major role here. You can do nice things with jails and bhyve, but you have to do it “by hand” (ezjail, iocage and such are improvements on the ease of use side, but that is not enough as this is still limited on a host centric view). The world has moved on to administering a datacenter (to avoid the buzzwords “cloud” or “private-cloud”) with a single-click. In my opinion we would need to port several of the initialy mentioned cloud/container management solutions to FreeBSD and have them able to handle their work via jails and/or bhyve. If FreeBSD is not able to serve as a building block in this big picture, we will fall off the edge in this particular IT-area in the long run.

With all the ready-made containers available in the internet, we should improve our linuxolator. Our kernel-support for this is limited to a 2.6.32-ish ABI version (it is less than 2.6.32, more like 2.6.16, we are missing epoll and inotify support, among others, but this is the lowest version glibc in the CentOS 7 based linux_base port is able to run on… and glibc checks the version number). We need to catch-up to a more recent version if we want to be able to run those ready-made linux containers without issue (we can put a linux system into a jail and start that). If someone would like to work on that, a good start would be to run the Linux Test Project tests via the linuxulator and start fixing bugs. The last time I did that was in 2007 and about 16% of the test cases failed back then. It would be also quite nice if we could integrate those linuxulator tests into the FreeBSD CI. With improvements in the linuxulator and the above mentioned virtualization support, we should be able to run more/those linux-images … ehrm, sorry, docker/kubernetes/…-containers within the linuxulator.

Finish the work regarding kerberos in base. Cy Schubert is/was working on this. I do not know the status of this, but the “fixing 800 ports” part in his mail from May 2018 looks like some more helping hands would be beneficial. This would bring us to a better starting point for a more seamless integration (some ports need “the other” kerberos).

We have one port (as far as I was able to determine… the exact amount does not really matter) in terms of SDN – net/openvswitch – but the documentation of this … leaves room for improvement (kernel support / netmap support and functionality / FreeBSD specific HOWTO). As part of the virtualisation of everything we (yes: we – as part of the FreeBSD handbook, see docs category below for more on this) need to provide this info so that FreeBSD is able to participate in this area. We should also have a look at porting some more SDN software, e.g OpenContrail now tungstenfabric (there is an old contrail porting project), OpenStack Neutron, OpenDaylight, … so that users have a choice, respectively FreeBSD can be integrated into existing heterogeneous environments.

Sensors (temperature, voltage, fans, …), a topic with history. Short: in the Google Summer of Code 2007 code was produced, committed, and then removed again due to a dispute. My personal understanding (very simplified) is “remove everything because some of the data handled by this framework shall not be handled by this framework” (instead of e.g. “remove sensor X, this data shall not be handled in this way”), and “remove everything as this does not handle sensors of type X which are not used in servers but in enterprise class >99% non-IT-related sensors”. Nothing better has shown up since then. If I look at Window, VMware, Solaris and Linux, I can query sensors on my mainboard/chassis/disks/whatever (yes, I am mixing some apples with oranges here), plot them in monitoring systems, and get alarms. In FreeBSD we fail on this topic (actually multiple topics) which I consider to be something basic and mandatory. I do not suggest that we commit the Google Summer of Code 2007 code. I suggest to have a look at what makes sense to do here. Take the existing code and commit it, or improve on this code outside the tree and then commit it, or write something new. In the end it does not matter (for an user) which way it is handled, as long as we have something which users can use in the end. It surely makes sense to have an OS-provided framework of registering sensors in a central place (it would surely be nice if you could get the temp/fan values of your graphics card… ooops… sorry… AI/HPC accelerator together with other similar hardware data in your hardware).

To continue playing well (not only) in the high-availability area, we should also have a look at getting an implementation of MPTCP (Mutlipath TCP) into the tree. Apple (and others) is already using it since 2013 with good benefits (most probably not only for Siri users). There exists some code for FreeBSD, but it is far from usable and it does not look like there is progress since 2016. We say we have the power to serve, but with the cloudification of the recent years, all users expect that everything is always-on and never fails, and being able to provide the server side of this client-server related technology for those people which have such high demands is necessary to not fall behind (do not let us rest on our laurels).

SecureBoot needs also some helping hands. At some point operating systems which do not support it will not be considered by companies anymore.

Another item we should have a look at is to provide means to write kernel code in different languages. Not in the base system, but at least in ports. If someone wants to write a kernel module in C++ or Rust, why not? It offers possibilities to explore new areas. There are even reports of experiences with different languages. It does not fit your needs? Well, ignore it and continue writing kernel code in C, but let other people which want to use a screwdriver instead of a hammer do what they want, they will either learn that they should have used a hammer, or can report about benefits about the screwdriver.

Docs

I think we can improve our end-user docs to the next level. The base system is already well covered (we can surely find some features which we could document), but an user does not use FreeBSD to use FreeBSD. An user surely has a goal in mind which requires to setup some kind of service (mail server, web server, display server (desktop system), …). While one could argue that it is the 3^rd party project which needs to document how to run their software on FreeBSD, I think we need to do our share here too. There are a lot of HOWTOs for Linux, and then you have to find some tips and tricks to make something work (better) on FreeBSD. What I have in mind here is that we should document how to make FreeBSD participate in a Windows Active Directory environment, or in an LDAP environment (as a client), improve the Samba part with FreeBSD specific parts (like how to make Samba use ZFS snapshots for Windows Shadow Copies), configuration management tools and so on. I do not talk about providing in-depth docs about the 3^rd party software, but little HOWTOs with FreeBSD specific parts / tips and tricks, and a reference to the 3^rd party docs. People come to us for real-world needs and if we provide them with a head-start of the most common items (e.g. also covering nginx or whatever and not only apache httpd) and then guide them to further docs will improve the value of our handbook even more for end-users (specially for newcomers, but also for experienced FreeBSD users which out of a sudden now need to do something which they never did before…).

We should also review our docs. The handbook lists e.g. procmail (just an example…). With procmail not being mainained anymore since a long time and known vulnerabilities we should replace the info there with info about maildrop (or any suitable replacement). Careful review may also find similar items which need some care.

One more item I have in mind in terms of docs for user is the restructuring of some parts. Now the world is more thinking in terms of XaaS (“something as a service”) we should also have a “cloud” section (going beyond of what we have in terms of virtualization already) in out handbook. We can put there items like the existing description of virtualisation items, but also should put there new items like glusterfs or object storage or the hopefully upcoming possibility of how to setup OpenStack/kubernetes/… on FreeBSD. This goes into the same direction as the first docs-item in terms of provide more documentation how to achieve goals of our users.

In my opinion we are also lacking on the developer-documentation side. Yes, we have man pages which describe the official API (in most cases). Where I see room for improvement is the source code documentation. Something like doxygen (or whatever the tool of the day is – which one does not really matter, any kind of extractable-from-source documentation is better than no extractable documentation) is already used in several places in our source (search for it via: egrep ‑R ‘\\(brief|file)’ /usr/src/) and we have already some infrastructure to extract and render (HTML / PDF) them. The more accessible / easy it is to start development in FreeBSD, the more attractive it will be (additional to the existing benefits) to people / companies to dive in. The best examples about documenting source code in our code I have found so far is the isci and ocs_fc device code.

Polishing

Polishing something in the topic of staying relevant? Yes! It is the details which matter. If people have 2 options with roughly the same features (nothing missing what you need, same price), which one do they take, the one which has everything consistent and well integrated, or the one with some quirks you can circumvent with a little bit of work on their side?

We have some nice features, but we are not using it to the extend possible. One of the items which come to my mind is DTrace. The area which I think needs polishing is to add more probes, and to have some kind of probe-convention about common topics. For example I/O related naming convention (maybe area specific, like storage I/O and network I/O) and covering all drivers to comply. We should also look into making it more accessible by providing more easy interfaces (no matter if text based (thanks to Devin Teske for dwatch, more of this magic please…), web based, or whatever) to make it really easy (= start a command or click around and you get the result for a specific set of probes/conditions/…). Some examples are statemaps, flamegraphs and most prominently the Oracle/Sun ZFS Storage Analytics to give you an idea what is possible with DTrace and and how to make it accessible to people without knowledge about the kernel internals and programming.

Some polishing in the ports collection would be to revisit the defaults options for ports with options. The target here should be to have consistent default settings (e.g. server software should not depend upon X11 by default (directly or indirectly), most people should not need to build the port with non-default options). One could argue that it is the responsability of the maintainer of the port, and to some extend it is, but we do not have guidelines which help here. So a little team of people to review all ports (and modify them if necessary) and come up with guidelines and examples would be great.

Additionally we should come up with meta-ports for specific use case, e.g. webserver (different flavours… apache/nginx/…), database (different flavours, with some useful tools like mytop or mysqltuner or similar) and then even reference them in the handbook (this goes along with my suggestion above to document real-world use cases instead of “only” the OS itself).

Recently ‑current has seen some low level performance improvements (via ifuncs, …). We should continue this and even extend it to revise default settings / values (non auto-tuned and even auto-tuned ones). I think it would be beneficial in the long run if we target more current hardware (without losing the ability to run on older hardware) and for those values which can not be auto-tuned provide some way of down-tuning (e.g. in a failsafe-boot setting in the loader or in documented settings for rc.conf or wherever those defaults can be changed).

Project infrastructure

We have a CI (continuous integration) system, but it is not very prominently placed. Just recently it gained some more attention from the developer side and we even got the first status report about it (nice! visibility helps making it a part of the community effort). There is a FreeBSD-wiki page about the status and the future ideas, but it was not updated since several months. There is also a page which talks in more details about using it for performance testing, which is something people have talked about since years but never became available (and is not today).

I think we need to improve here. The goals I think which are important are to get various testing, sanitizing and fuzzing technologies integrated into our CI. On the config repository I have not found any integration of e.g. the corresponding clang technologies (fuzzing, ASAN, UBSAN, MSAN (still experimental, so maybe not to target before other mature technologies)) or any other such technology.

We should also make our CI more public/visible (build status linked somewhere on www.freebsd.org, nag people more about issues found by it, have some docs how to add new tests (maybe from ports), so that more people can help in extend what we automatically test (e.g. how could I integrate the LTP (Linux Test Project) tests to test our linuxulator? This requires the download of a linux dist port, the LTP itself, and then to run the tests). There are a lot of nice ideas floating around, but I have the impression we are lacking some helping hands to get various items integrated.

Wrap-Up

Various items I talked above are not sexy. Those are typically not the things people do just for fun. Those are typically items people get paid for. It would be nice if some of the companies which benefit from FreeBSD would be so nice to lend a helping hand for one or another item. Maybe the FreeBSD Foundation has some contacts they could ask about this?

It could also be that for some of the items I mentioned here there is more ongoing that I know of. This means then that the corresponding work could be made more known on the mailinglists. When it is more known, maybe someone wants to provide a helping hand.

Share/Save

DTrace in GENERIC (-current)

In case you have not noticed yet, KDTRACE_HOOKS is now in the GENERIC kernel in FreeBSD-current. This means you just need to load the DTrace modules and can use DTrace with the GENERIC kernel.

In case you do not know what you can do with DTrace, take the time to have a look at the DTrace blog. It is worth any minute you invest reading it.

Share/Save

How to fix FreeBSD for corporations (and user with smaller installations), the tools-viewpoint

There is a huge discussion going on on hackers@ about how FreeBSD is not suitable for large installations (anymore?). As of this writing, the discussion seems to get some discussion-clusters. We have some sub-topics which could lead to some good improvements.

One subtopic is the release engineering. Some changes like a more guided approach of what should be merged to which branch, the frequency of releases and maybe some kind of long-term-branch(es). There is some discussion to get maybe some joined-funding in some way from interested parties to pay someone to take care about long-term-branch(es).

Another subtopic is the way bugs are handled in our old bugtracking software and how patches go unnoticed there.

And both of them are connected (parts more, parts less) by what can be done in a volunteer project.

To me it looks like the proposals “just” need some refinements and some “volunteers” to put value (this means man power and/or money) to what they said.

What I want to discuss here is, how tools could help with making PRs/patches more visible to developers (there is already the possibility to get emails from the small bugbuster-team about patches in PR database, but you have to ask them to get them) and how to make it more easy to get patches into FreeBSD.

Making bugs more visible to developers

The obvious first: We need a different bugtracking system. We already know about it. There is (or was…) even someone working IIRC on an evaluation of what could be done and how easy/hard it would be. I am not aware of any outcome, despite the fact that it is months (or even a year) since this was announced. I do not blame anyone here, I would like to get time to finish some FreeBSD volunteer work myself.

In my opinion this needs to be handled in a commercial way. Someone needs to be officially paid (with a deadline) to produce a result. Unfortunately there is the problem that the requirements are in a way, that people do not have to change their workflows/procedures.

IIRC people ask that they should be able to send a mail to the bugtracker without the need for authentication. Personally I think the bugtracking issue is in a state where we need to change our workflows/procedures. It is convenient to get mails from the bugtracker and only have to reply to the mail to add something. On the other hand, if I report bugs somewhere, and if I really care about the problem resolution, I am willing login to whatever interface to get this damn problem solved.

Sending a problem report from the system where I have the issue in an easy way is a very useful feature. Currently we have send-pr for this and it uses emails. This means it requires a working email setup. As an user I do not care if the tool uses email or HTTP or HTTPS, I just want to have an easy way to submit the problem. I would not mind if I first have to do a “send-problem register me@tld” (once), “send-problem login me@tld” (once per system+user I want to send from) and then maybe a “send-problem template write_template_here.txt” (to get some template text to fill out), edit the template file and then run “send-problem send my_report.txt file1 file2 …”. That would be a different workflow, but still easy.

Email notifications are surely needed, but if I really care about a problem, I can be bothered to register first. So in my opinion, we need a different bugtracker desperately enough that we need to drop our requirements regarding our current workflow/procedures (even if it means we can not get a command line way of submitting bugs at all). The primary goal of the software needs to be to make it easy to track and resolve bugs. The submission of bugs shall be not hard too. If I look at the state of the world as it is ATM, I would say a webinterface with authentication is not a big burden to take if I really want to get my problem fixed. Some command line tool would be nice to have, but regarding the current state of our bugtracker it needs to be optional instead of a hard requirement.

Apart from making it easy to track and resolve problems, the software also needs to be able to make us aware of the biggest problems. Now… you may ask what is a big problem. Well… IMO it does not matter to you what I think is big or small here. The person with a problem needs to decide what is a big problem to him. And people with the same problem need to be able to tell that it is also a big problem for them. So a feature which allows to “vote” or “+1” or “AOL” (or however you want to call it) would allow to let users with problems voice their opinion upon the relevance of the problem to our userbase. This also means there needs to be a way to see the highest voted problems. An automatic mail would be best, but as above this is optional. If I as a developer really care about this, I can be bothered to login to a webinterface (or maybe someone volunteers to make a copy & paste and send a mail… we need to be willing to rethink our procedures).

Getting patches more easy into a FreeBSD branch

It looks to me that this topic is requires a little bit more involvement from multiple tools. In my opinion we need to switch to a distributed version control system. One which allows to easily create my own branch of FreeBSD on my own hardware, and which allows to let other users use my branch easily (if I want to allow other to branch from my branch). It also needs to be able to let me push my changes towards FreeBSD. Obviously not directly into the official sources, but into some kind of staging area. Other people should be able to have a look at this staging area and be able to review what I did. They need to be able to make some comments for others to see, or give some kind of (multi-dimensional?-)rating for the patch (code quality / works for me / does not work / …). Based upon the review/rating and maybe some automated evaluation (compile test / regression test / benchmark run) a committer could push the patch into the official FreeBSD tree (ideal would be some automated notification system, a push button solution for integration and so on, but as above we should not be afraid if we do not get all the bells and whistles).

If we would have something like this in place, creating some kind of long-term-release branch could be used more easily in a colaborative manner. Companies which use the same long-term-release branch could submit their backports of fixes/features this way. They also could see if similar branches (there could be related but different branches, like 9.4‑security-fixes-only <= 9.4‑official-errata-only <= 9.4‑bugfixes <= 9.4‑bugfixes-and-driverupdates <= …) could be merged to their in-house branch (and maybe consequently push-back to the official branch they branched from if the patch comes from a different branch).

It does not matter here if we would create a fixed set of branches for each release, or if we only create some special-purpose branches based upon the phase of the moon (ideally we would create a lot of branches for every release, companies/users can cherry pick/submit what they want, and the status of a long-term-branch is solely based upon the inflow of patches and not by what the security team or release manager or a random developer thinks it should be… but the reality will probably be somewhere in the middle).

I do not know if tools exists to make all this happen, or which tools could be put together to make it happen. I also did not mention on purpose tools I am aware of which already provide (small) parts of this. These are just some ideas to think about. Interested parties are invited to join the discussion on hackers@ (which is far away from discussing specific tools or features), but you are also free to add some comments here.

Share/Save

A phoronix benchmark creates a huge benchmarking discussion

The recent Phoronix benchmark which compared a release candidate of FreeBSD 9 with Oracle Linux Server 6.1 created a huge discussion in the FreeBSD mailinglists. The reason was that some people think the numbers presented there give a wrong picture of FreeBSD. Partly because not all benchmark numbers are presented in the most prominent page (as linked above), but only at a different place. This gives the impression that FreeBSD is inferior in this benchmark while it just puts the focus (for a reason, according to some people) on a different part of the benchmark (to be more specific, blogbench is doing disk reads and writes in parallel, FreeBSD gives higher priority to writes than to reads, FreeBSD 9 outperforms OLS 6.1 in the writes while OLS 6.1 shines with the reads, and only the reads are presented on the first page). Other complaints are that it is told that the default install was used (in this case UFS as the FS), when it was not (ZFS as the FS).

The author of the Phoronix article participated in parts of the discussion and asked for specific improvement suggestions. A FreeBSD committer seems to be already working to get some issues resolved. What I do not like personally, is that the article is not updated with a remark that some things presented do not reflect the reality and a retest is necessary.

As there was much talk in the thread but not much obvious activity from our side to resolve some issues, I started to improve the FreeBSD wiki page about benchmarking so that we are able to point to it in case someone wants to benchmark FreeBSD. Others already chimed in and improved some things too. It is far from perfect, some more eyes – and more importantly some more fingers which add content – are needed. Please go to the wiki page and try to help out (if you are afraid to write something in the wiki, please at least tell your suggestions on a FreeBSD mailinglist so that others can improve the wiki page).

What we need too, is a wiki page about FreeBSD tuning (a first step would be to take the man-page and convert it into a wiki page, then to improve it, and then to feed back the changes to the man-page while keeping the wiki page to be able to cross reference parts from the benchmarking page).

I already told about this in the thread about the Phoronix benchmark: everyone is welcome to improve the situation. Do not talk, write something. No matter if it is an improvement to the benchmarking page, tuning advise, or a tool which inspects the system and suggests some tuning. If you want to help in the wiki, create a FirstnameLastname account and ask a FreeBSD comitter for write access.

A while ago (IIRC we have to think in months or even years) there was some framework for automatic FreeBSD benchmarking. Unfortunately the author run out of time. The framework was able to install a FreeBSD system on a machine, run some specified benchmark (not much benchmarks where integrated), and then install another FreeBSD version to run the same benchmark, or to reinstall the same version to run another benchmark. IIRC there was also some DB behind which collected the results and maybe there was even some way to compare them. It would be nice if someone could get some time to talk with the author to get the framework and set it up somewhere, so that we have a controlled environment where we can do our own benchmarks in an automatic and repeatable fashion with several FreeBSD versions.

Share/Save

Video4Linux2 support in FreeBSD (linuxulator)

I committed the v4l2 support into the linuxulator (in 9‑current). Part of this was the import of the v4l2 header from linux. We have the permission to use it (like the v4l one), it is not licensed via GPL. This means we can use it in FreeBSD native drivers, and they are even allowed to be compiled into GENERIC (but I doubt we have a driver which could provide the v4l2 interface in GENERIC).

The code I committed is “just” the glue-code which allows to use FreeBSD native devices which provide a v4l2 interface (e.g. multimedia/pwcbsd or multimedia/webcamd) from linux programs.

Thanks to nox@ for writing the glue code.

Share/Save

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Code/features

Docs

Polishing

Project infrastructure

Wrap-Up

Mak­ing bugs more vis­i­ble to developers

Get­ting patch­es more easy into a FreeB­SD branch

Making bugs more visible to developers

Getting patches more easy into a FreeBSD branch