converting docker to podman this link is a restored webpage from the dead (or offline) website https://balagetech.com/convert-docker-compose-services-to-pods/
can be seen at my restored-webpages link - convert docker compose services to pods
thought might be helpfull
Podman does not need docker-compose and I am not sure it still works well, systemd and the pod concept is enough and ready to go solution to replace docker and docker-compose.
Yes I am working on a lamp (nginx and php{7.4,8.0,8.1}) containers project, I have done the mariad and phpmyadmin module.
It is fun 
I agree, I’m very new to docker and have no experience with podman but from further reading after last nights presentation podman definitely seems the way to go.
I thought the above blog post (some information may be wrong or outdated and a few links don’t work) might help with people who already run docker projects and want to port them to podman (I could be wrong but thought it might be at least a reference point to start)
*of course if it’s actually completely wrong, misleading or utterly useless information let me know and ill remove it 
You need at minimal podman 3.0 to go, and you could miss some features, centos9 stream (with 5 years of ttl) runs 3.4
Podman is really similar to docker, pod concept is the difference and root less without deamon too even if docker can do it now.
thats one of the main reasons that made me agree that podman is the superior choice over docker
Yeah they are good you generate a kubernete configuration but you could do the same and generate a systemd configuration that you could enable. Like this it will be started and managed automatically when you need it
The new interface looks great I know it’s still in alpha but it looks really polished
It’s actually a …Camp 
Which now, for the first time of Nethesis projects, it’s an application server only.
I’m sorry to say that if i will need an hypervisor, I will go with industry proven ones, which have more features and more robustness than CentOS Stream or Debian Buster.
Don’t get me wrong, OS and hypervisors are two differenc sauces of software, IMVHO very different ones even if both run on bare metal. I respect both OSes as stability, update, security and develop team quality.
But this containerized way to manage application puts the NS8 project in direct competition with Type 1 and Type 2 hypervisors. It rely on a really good piece of software (OCI, Podman), but there’s currently no game at all, even if the OS level vitualization is quite more efficient about disk and ram use.
Also… While virtualize NS6 and NS7 was something i advised and i’m currently doing, virtualize NS8 IMVHO is possibile, viable but not advisable idea.
As i can see now, the only plus of virtualizing NS8 is for have more flexibility in storage, due to lack of tools for manage storage and mountpoints of current and past NethServer projects. If not skilled enough sysadmin with both knowledge of CentOS “x” and related NethServer, there were no option for create (or migrate) something different than 1 disk/1 volume raid, unless manually created. The downside is for the waste of resources (which is thin, should be said) for having another management/orchestrating layer between hardware and software running.
Moreover… The container approch should not exclude the possibility to have n containers with the same application. As community and as licensed products. If not present…
Ends of critics? I hope. Missing the firewall/gateway part is still one of the next question.
Is still Small Business oriented?
As my current perception no, it’s more medium business oriented, as an “easier” way for not having an orchestrator-wised person into the company, and having a way to raise and test new “toys”, and let them live into IT system until they can “fly on their own”, maybe into a separate/newer/bigger orchestrator server.
Which leads to a must-have feature to me: par-container backup and restore among installations.
As an idea…
As IT specialist, i should be capable to create a new container/application into my NS8 (no matter of what kind of container/application i’m creating), feed it with all the configs and data the customer provided to me, allow the customer to test it/correct it/feedback it from remote (VPN/Host/pickone), then when ready to be deployed “on site” (hosting, customer, farm) i can backup it from my lab, and restore it into the existing NS8 environment only adjusting v-network connections.
The same could be applied for migrating from one site to another of a multi-site company. Better would be if… a live migration would be possible, and maybe OCI could be capable of chew that. With current ISP service level in Italy, this could be viable only in few cities which can reach up to 1GB/s symmetrical connection (without having to be rippen of).
Also, not providing an out of the box feature-rich solution (which now NS7 is, maybe not comprehensiv and capable of everything needed, but serves well quite a lot small-business cases) for gateways this will lead NS8 to be a no-comprehensive budget voice.
Maybe for avoding concurrence of gateway+endpoint security solution might be an idea, but this leave IMVHO a part of market away from possible customers. Now, if i suggest a NS7 solution, i am aware that will survive less than 3 years.
Maybe tomorrow I will be more surrounded by medium companies or much higher budget companies, and maybe NS8 will be considered an option.
Currently…
Firewall/Gateway features can be a seperate module in the (near) future. besides that, currently a lot of NS7 users use dedicated firewall software like pfSense, Opnsense, ipfire, untangle etc…
About DNS: currently the implementation for DNS (dnsmasq) is, however maybe sufficient for the local services, very limited. With NS8 there is room for a full blown DNS server module like BIND, Unbound or PowerDNS.
Honestly, I don’t see too much limitations with the current choices (yes I know, I have stated differently before)
Too bad I couldn’t join the meeting yesterday since I was traveling at that time. I will look forward to the recording.
I used. I loved it. It has such great features and development.
And i won’t consider it as an option until it will manage at least three WAN interfaces (currently has a dial up option, not really a dual wan) as normal option, unless used in specific environments (like a boat)
dnsmasq was/is a deliberate choice. Not sure why but…
It’s not the first time. Before the NethServer project, Nethesis products were based on different projects. Ipcop for the firewall, SME Server 8 for the application and PBX server.
…less than ten years ago. It seems a very long time though 
I already know the good (and all the bad) of NethFirewall based on IPCop. NG version was breath of fresh air.
Hello everybody
in the meantime, if at the moment nethserver 8 does not foresee a version with the firewall, it is necessary to foresee the use of other pfsense distro, opensens.
For me, NS 7 was a great firewall and filter with the right provisions for business, as it was much faster to set up and had everything you needed on 1 machine. Excluding firewall features seems like a big mistake to me, as it would be easier in this case to just bring up a proxmox machine, not to mention vmware, kvm, etc. and just bring up virtual machines with these applications, but in a proven environment to do so.
But don’t forget that with NS7 there were a lot of limitations with PHP versions outdated packages etc and while there were workarounds depending on the environment it could easily break things (if not initially it could if any other package gets updated) this way you can adapt a container with your required software (firewall, DNS etc) and have a lot less worry about breaking things already working.
Plus you will have the ability to test software in a container on a test server and move the app to a production server when it’s ready
I agree, I’m willing to leave the firewall core outside NS8. In my idea, NS8 could provider only some advanced features for the firewall, like log and statistics gathering on a single place.
I strongly disagree. Have you ever deployed a kubernetes cluster? Well, almost everybody deploy containers on virtual machines. You can still deploy on a physical machine, and I’m sure Debian and CentOS has a good hardware support for it 
Nobody said we want lose that market share: we will provide a better alternative.
Also, we have strong evidences, that most of the users are already deploying the firewall part on a different machine.
We will do the same for the next firewall project, you would not regret to just deploy another machine 
You already knew it. EOL of NS7 was public since its first release.
NS8 is like any other container orchestrator (Kubernetes, Nomad, etc).
If you deploy NS8 directly on a public network with a correct configuration, you will have only HTTPS, SSH and Wireguard open to the public network. If you need complex rules, you need to put it just behind a firewall machine like IPFire, OPNSense or NS 7
As some said, size matters. Or better, user case. So that “everybody” should receive a bit more context.
A big enough business reality cannot avoid virtualization, due to business continuity, consolidation, disaster recovery ease, simplified hardware migration, different tier backup procedures/levels (currently unavailable on NS7). To me, big enough seems to say “not the small one”.
The container approach will simplify and consolidate the hosting use case, allowing to look for better tier level hosting partners capable to manage correctly this kind of arrangement, and not renting “another VPS for another application”, if needed only as test.
I’m saying that you’re gonna loose it, at least 30 or more percent. NS8 keeps telling me “growing size”.
I can understand that Nethesis can count all the “RED” interfaces of it’s all installed base, payed and community, if they have a public IP configured or a private one. And also the modules installed, as statistic analysis.
Evidence is not motive.
Lots of persons like to integrate structure and services, others prefer to have different enclosures for different services. If a firewall userbase is cracked, maybe a door for the data userbase won’t be already slammed down, leaving other working services untouched (PBX?).
Other cases are related to integrated endpoint protection, built on perimeter and endpoint management integrated suits
Other cases are related to “plaing with firewall is not an option”, quite spread among branch/central offices which already have a service about interconnection (internal or ISP based) so the branch can have its toys, but cannot put them publicly available without “parental control”. Or into other interesting realities, like public services, which already have some other contracts to obey about services (Former statal now public mail service in Italy it’s a quite fond Microsoft buyer (or slave, whatever)).
Data can count pretty well, about why there’s not a mixed installation (Server-Gateway, as e-Smith call it) your data is quite partial, to say the least.
Why not just transfer from NS7 to NS8
I think that “just” is not “that simple” as it goes to write.
Moreover, part of firewall features on NS7 are comes from Shorewall, and i don’t remember if this package/project is/will-be included into recent distros.