[mkdirp]

Why not?

Podman has an almost identical CLI to Docker, and can have a daemon that is fully Docker compatible (thus, all Docker integrations work against it including docker-compose). It is literally a drop-in replacement but it doesn't require your company to buy licenses. So yes, you should if you can.

[lmeyerov]

podman has had repeat compatibility issues for us, and redhat has made docker installation stupidly hard in rhel8 at the policy level, which matters given the monopoly status of rhel in secure environments. It is hard for me to support the podman community for basically ethical reasons at this point. Normally I like competition and innovation, but not like this.

[emptysongglass]

This doesn't sound like an ethics issue unless you have other issues with Red Hat's behavior.

[lmeyerov]

Strong disagree. See above.

IBM/RHEL seem to be the effective the stewards of Podman, and are using their monopoly-like position in enterprise OS segments to take control of the virtualization layer through it. This is similar but worse to old MS/Windows doing tricks for IE vs others. Supporting Podman is supporting explicitly anti-competitive IBM/RHEL OSS behavior for enterprise, utility, & gov environments.

[emptysongglass]

This doesn't make any sense to me. How is stewardship over a method of running and managing containers that was originally born out of another project not collaborating with the commons (docker engine) enforcing a monopoly position?

Everything Red Hat produces is open source (except the branded offerings, which are derived from the OSS upstreams). They charge for support. If you don't want support, use the OSS upstreams. What lock-in are you explicitly pointing to? Because I have no idea what you mean by taking "control of the virtualization layer".

Also, I should note that Nutanix and VMWare are a thing but again I am unclear at what unethical behavior you are actually pointing to at Red Hat. I am only responding to a shaky interpretation of what I think you are pointing to.

[lmeyerov]

Maybe you are not familiar with how enterprise , and especially utility and gov systems work? It is often hard to not use RHEL due to compliance policies. IBMers deciding to swap in their race horse -- and simultaneously hobbling the current one -- is effectively making the decision for the US Gov for the next 2 years.

Yeah sure OSS in theory and IBM is a free entity. But for the same freedom, I am free to call from for divesting from any use of IBM/RHEL products and consultants in enterprise and gov contracts as no longer a trusted and ethical partner due to their anti-competitive self-dealing at the clear expense of the community & customer. RHEL lost neutrality & HA credibility as an infra layer and IBM as a partner through this. Nothing personal, just business and trying to protect our users, same as the RHEL org's actions helping themselves.

[emptysongglass]

Well I am deeply familiar with how enterprise gov systems work in Denmark but no I am not familiar with the US side.

Can you clarify what you mean by swapping their race horse? What is the horse being swapped?

[yrro]

It's difficult to add docker's RPM repo and install it?

[lmeyerov]

In secure airgapped environments, very much so. We blew time setting up new offline install processes & tutorials for the Nvidia docker ecosystem for rhel8, which basically reused centos7, as most of our users took weeks/months when they tried to figure out for themselves. Think utilities, gov, banks, etc: Anything not supported by official RHEL8 repos causes problems both technical and compliance.

RHEL8 felt like a repeat of IE vs Firefox but now for RHEL (main sponsor of Podman) vs Docker, and much worse. It's one thing if docker was never there or containers were removed, but this was replacing with a binary-incompatible tool under their effective control and marketing to security-critical customers (and on hackernews) as a safe and ready replacement. So we also burnt time diagnosising people were trying to use broken podman tech because that's all RHEL gave them and tricked them into thinking was appropriate.

[mindwok]

Podman doesn’t have a daemon, it has a socket that will replicate the docker API. That comes with some limitations, especially around the lifecycle of containers in ie starting containers on boot, restarting unhealthy containers etc which require you to use systemd. Podman’s integration with systemd is pretty easy now though.