Our primary use case for this solution is for electronic commerce.
Senior Software Architect with 5,001-10,000 employees
Docker v. CFEngine v. Puppet Data Center Automation v. Chef v. Ansible
Originally posted at http://technologyconversations.com/2015/08/26/configuration-management-in-the-docker-world/
Anyone managing more than a few servers can confirm that doing such a task manually is a waste of time and risky. Configuration management (CM) exists for a long time and there is no single reason I can think of why one would not use one of the tools. The question is not whether to adopt one of them but which one to choose. Those that already embraced one or the other and invested a lot of time and money will probably argue that the best tool is the one they chose. As things usually go, the choices change over time and the reasons for one over the other might not be the same today as they were yesterday. In most cases, choices are not based on available options but by the architecture of the legacy system we are sworn to maintain. If such systems are to be ignored or someone with enough courage and deep pockets would be willing to modernize them, today’s reality would be dominated by containers and microservices. In such a situation, the choices we made yesterday are definitely different from choices we could make today.
CFEngine
CFEngine can be considered father of configuration management. It was created in 1993 and revolutionized the way we approach server setups and configurations. It started as an open source project and become commercialized in 2008 when the first enterprise version was released.
CFEngine is written in C, has only few dependencies and is lightning fast. Actually, as to my knowledge, no other tool managed to overcome CFEngine’s speed. That was, and still is its main strength. However, it had its weaknesses with requirement for coding skills being probably the main one. In many cases, an average operator was not able to utilize CFEngine. It requires a C developer to manage it. That did not prevent it from becoming widely adopted in some of the biggest enterprises. However, as youth usually wins over age, new tools were created and today rarely anyone chooses CFEngine without being “forced” to do so due to the investment the company made into it.
Puppet
Later on Puppet came into being. It also started as an open source project followed by the enterprise version. It was considered more “operations friendly” thanks to its model driven approach and small learning curve when compared to CFEngine. Finally there was a configuration management tool that operations department could leverage. Unlike C utilized by CFEngine, Ruby proved to be easier to reason with and more accepted by ops. CFEngine’s learning curve was probably the main reason Puppet got its footing into the configuration management market and slowly sent CFEngine into history. That does not mean that CFEngine is not used any more. It is and it doesn’t seem it will disappear any time soon in the same way as Cobol is still present in many banks and other finance related businesses. However, it lost its reputation for being the weapon of choice.
Chef
Then came Chef promising to solve some of the nuances of Puppet. And it did, for a while. Later, as popularity of both Puppet and Chef continued increasing, they entered the “zero sum game”. As soon as one of them came up with something new or some improvement, the other one adopted it. Both feature an ever increasing number of tools which tend to increase their learning curves and complexity. Chef is a bit more “developer friendly” while Puppet could be considered more oriented towards operations and sysadmin type of tasks. Neither has a clear enough advantage over the other and the choice is often made based on personal experience than anything else. Both Puppet and Chef are mature, widely adopted (especially in enterprise environments) and have a huge number of open source contributions. The only problem is that they are too complicated for what we are trying to accomplish. Neither of them was designed with containers in mind. Neither of them could know that the “game” would change with Docker since it didn’t exist at the time they were designed.
All of the configuration management tools we mentioned thus far are trying to solve problems that we should not have the moment we adopt containers and immutable deployments. The server mess that we had before is no more. Instead of hundreds or even thousands of packages, configuration files, users, logs, and so on, we are now trying to deal with a lot of containers and very limited amount of anything else. That does not mean that we do not need configuration management. We do! However, the scope of what the tool of choice should do is much smaller. In most cases, we need a user or two, Docker service up and running and a few more things. All the rest are containers. Deployment is becoming a subject of a different set of tools and redefining the scope of what CM should do. Docker Compose and Kubernetes are only a few of a rapidly increasing number of deployment tools we might use today. In such a setting, our configuration management choice should value simplicity and immutability over other things. Syntax should be simple and easy to read even to those who never used the tool. Immutability can be accomplished by enforcing a push model that does not require anything to be installed on the destination server.
Ansible
Ansible tries to solve the same problems as other configuration management tools but in a very different way. One important difference is that it performs all its operations over SSH. CFEngine and Puppet require clients to be installed on all servers they are supposed to manage. While Chef claims that it doesn’t, its support for agent-less running has limited features. That in itself is a huge difference when compared to Ansible that does not require servers to have anything special since SSH is (almost) always present. It leverages well defined and widely used protocol to run whatever commands need to be run in order to make sure that the destination servers comply with our specifications. The only requirement is Python that is already pre-installed on most Linux distributions. In other words, unlike competitors that are trying to force you to setup servers in a certain way, Ansible leverages existing realities and does not require anything. Due to its architecture, all you need is a single instance running on a Linux or MacOS computer. We can, for example, manage all our servers from a laptop. While that is not advisable and Ansible should probably run on a “real” server (preferably the same one where other continuous integration and deployment tools are installed), laptop example illustrates its simplicity. In my experience, push based systems like Ansible are much easier to reason with than pull based tools we discussed earlier.
Learning Ansible takes a fraction of the time when compared to all the intricacies required to master the other tools. Its syntax is based on YAML (Yet Another Markup Language) and with a single glimpse over a playbook, even a person who never used a tool would understand what’s going on. Unlike Chef, Puppet and, especially CFEngine that are written by developers for developers, Ansible is written by developers for people who have better things to do than learn yet another language and/or DSL.
Some would point out that the major downside is Ansible’s limited support for Windows. The client does not even run on Windows and the number of modules that can be used in playbooks and run on it is very limited. This downside, assuming that we are using containers is, in my opinion, an advantage. Ansible developers did not waste time trying to create an all around tool and concentrated on what works best (commands over SSH on Linux). In any case, Docker is not yet ready to run containers in Windows. It might be in the future but at this moment (or at least the moment I was writing this text), this is on the road map and with questionable results. Even if we ignore containers and their questionable future on Windows, other tools are also performing much worst on Windows than Linux. Simply put, Windows architecture is not as friendly to the CM objectives than Linux is.
I probably went to far and should not be too harsh on Windows and question your choices. If you do prefer Windows servers over some Linux distribution, all my praise of Ansible is in vain. You should choose Chef or Puppet and, unless you already use it, ignore CFEngine.
Personal choice
If someone asked me few years ago which tool should we use I would have a hard time answering. Today, if one has the option to switch to containers (be it Docker or some other type) and immutable deployments, the choice is clear (at least among tools I mentioned). Ansible (when combined with Docker and Docker deployment tools) wins any time of the day. We might even argue whether CM tools are needed at all. There are examples when people rely completely on, let’s say, CoreOS, containers, and deployment tools like Docker Swarm or Kubernetes. I do not have such a radical opinion (yet) and think that CM continues being a valuable tool in the arsenal but. Due to the scope of the tasks CM tools needs to perform, Ansible is just the tool we need. Anything more complex or harder to learn would be an overkill. I am yet to find a person who had trouble maintaining Ansible playbooks. As a result, configuration management can easily become responsibility of the whole team.I’m not trying to say that infrastructure should be taken lightly (it definitely shouldn’t). However, having contributions from the whole team working on a project is a big advantage for any type of tasks and CM should not be an exception. CFEngine, Chef and Puppet are an overkill with their complex architecture and their steep learning curve. At least when compared with Ansible.
The four tools we briefly went through are by no means the only ones we can choose from. You might easily argue that neither of those is the best and vote for something else. Fair enough. It all depends on preferences and objectives we are trying to archive. However, unlike the others, Ansible can hardly be a waste of time. It is so easy to learn that, even if you choose not to adopt it, you won’t be able to say that a lot of valuable time was wasted. Besides, everything we learn brings something new and makes us better professionals.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud sales & support for rackspace with 11-50 employees
A faster and flexible solution with excellent support systems
Pros and Cons
- "The most valuable aspect is the excellent support. In addition, the billing system is really easy to understand."
- "Sometimes the basic support is a bit difficult if you have a firewall and cloud servers behind the firewall and then try to implement the backup solution, it is a bit difficult to do by yourself."
What is our primary use case?
How has it helped my organization?
It took us 30% faster to implement the solutions that we used to have with other platforms, and the flexibility has increased by 50%.
What is most valuable?
The most valuable aspect is the excellent support. In addition, the billing system is really easy to understand.
What needs improvement?
Sometimes the basic support is a bit difficult if you have a firewall and cloud servers behind the firewall and then try to implement the backup solution, it can be a bit difficult to do by yourself. If you have a Rackspace engineer, it is easier, because they know the procedures, but that service is not cheap. It can be an extra $500 for that extra service, per month. It would be nice to see that cost decrease.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The product is stable. Any problems that we have noticed have been with the customer doing something wrong. For instance, they may have two versions of the application that do not match, which will cause errors. But, we can never blame Rackspace Docker for this. It is an internal problem.
What do I think about the scalability of the solution?
The scalability is a bit difficult. Rackspace has beautiful tools to make scaling pretty easy. Usually, it is our customer that is afraid to scale too fast. At times, we have to convince our clients to move towards the cloud, because the cloud function is very different from the on premise solutions. Once they understand this, they are eager to jump to the next level.
We currently have two customers that have 8,000 users connected to the solution. They are in the automotive industry. The users are a combination of sales people, service representatives and executives. There is a tremendous ability for Docker to support a lot of users.
How is customer service and technical support?
The customer service is good.
How was the initial setup?
The setup was very easy, but if you get into something with the backup agent or the API, that is when you may begin to stumble. Sometimes this causes a slower time for implementation and ultimate deployment.
Our standard procedure is to look at the requirements, set of a pilot, do some testing, and then release the solution. It can take several weeks, and it depends on understanding our customers' needs. We have our own staff who complete the process.
What's my experience with pricing, setup cost, and licensing?
At times, my customers are upset with the cost of the product. Other solutions seems inexpensive, in comparison. But, I tell my customers that once you start putting the solution together, will you realize that it will cost more than Rackspace Docker.
Which other solutions did I evaluate?
We looked at VMware and Hyper-V, as well as Amazon. But, we stayed with Rackspace Docker becuas ewe already know that this is doing the best in terms of what it is offering.
What other advice do I have?
My advice is in regards to the security. Many of my customers do not care enough about security, they have a disbelief that once you are in a cloud, you are automatically secure. This sis not the case at all. You need to understand that nothing is guaranteed if you do not follow the right rules. You need proper monitoring tools to keep the work-site safe and secure. It may cost the customer more, but it is worth every penny.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Mirantis Container Cloud
May 2024
Learn what your peers think about Mirantis Container Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,649 professionals have used our research since 2012.
CEO and Founder at Indicrypt Systems
Facilitates rapid deployment and has thorough, easy to read documentation
Pros and Cons
- "Docker is very helpful for taking the code from development and applying it to the end user."
- "It would be very nice to have a GUI that can be used by any administrator, and not just people who have experience with Docker."
What is our primary use case?
My experience with Docker is in helping to provide solutions for my clients. Specifically, this involves continuous integration and continuous deployment for my clients' workflow.
How has it helped my organization?
We are using Docker for a client that we currently have in India. They are building a solution for the medical industry. Docker is very helpful for taking the code from development and applying it to the end user.
What is most valuable?
The most important thing that my clients focus on is rapid deployment. In this regard, Docker wins hands-down.
What needs improvement?
It would be very nice to have a GUI that can be used by any administrator, and not just people who have experience with Docker.
For how long have I used the solution?
Two years.
What do I think about the stability of the solution?
The stability of this solution is perfect. Five stars.
What do I think about the scalability of the solution?
This solution scales very well, and it can be scaled to the entire infrastructure when required.
Three of my clients are currently using Docker, and all of them are involved in software development. One of my clients is in the process of scaling up, moving from ten to one hundred and fifty developers within the next six months.
How are customer service and technical support?
The documentation for this solution is excellent. So far, all of the problems that I have faced have been solved by looking at the documentation.
Which solution did I use previously and why did I switch?
We did not use another solution prior to this one.
How was the initial setup?
The setup was very straightforward. I just followed the documentation on the Docker website, and it went smoothly.
Implementation for the client was not very big. It was eight to ten developers, and it took between one and two days to complete. The most important thing on our end was to get our client's infrastructure up and running with Docker.
One person can handle the deployment and maintenance of this solution.
What about the implementation team?
We implement this solution for our clients using our in-house team.
What's my experience with pricing, setup cost, and licensing?
I am using the community edition, rather than the enterprise edition because I am operating on a very small scale at the moment. The community edition does not require a license and is completely free.
Which other solutions did I evaluate?
We did not evaluate options other than Docker.
What other advice do I have?
My advice to anybody who is implementing this solution is to read the documentation very carefully. That can give a lot of relief when the client needs a solution.
If Docker had a graphical user interface then it would be a perfect solution.
I would rate this solution and eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Applications Lead at a comms service provider with 1,001-5,000 employees
Easily deploys on various platforms and cloud providers
Pros and Cons
- "I think this solution needs better security due to more risks from the outside world."
What is our primary use case?
I am using this as a lab costing application. It is pretty fast.
How has it helped my organization?
You can easily deploy it in different platforms and cloud providers. You are actually deploying container to container.
What is most valuable?
The commissioning is very fast.
What needs improvement?
I think this solution needs better security due to rising threats from the outside world.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
I am not scaling it very much at this time. I only have about 20 users at present. The roles of the users are information users, managers and middle managers.
How is customer service and technical support?
The tech support is pretty good.
How was the initial setup?
It was straightforward for us.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing really depends on what your needs are. You could be paying $100 a month to $100,000. It depends on the needs you have from the solution, and the agreement you make.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head IT Architecture at a tech vendor with 11-50 employees
Cuts down on development time and allows for multiple spin-offs
Pros and Cons
- "This solution has cut down on our development time and allows us to spin off new instances for inner development, testing, productions, and security testing."
- "Areas for improvement are the privacy of container management and the documentation. In the next release, I would like to see best practices on how to manage distributed containers and networks."
How has it helped my organization?
This solution has cut down on our development time and allows us to spin off new instances for inner development, testing, productions, and security testing.
What needs improvement?
Areas for improvement are the privacy of container management and the documentation. In the next release, I would like to see best practices on how to manage distributed containers and networks.
For how long have I used the solution?
I've been using this solution for about five years.
What do I think about the stability of the solution?
This solution is pretty much stable.
What do I think about the scalability of the solution?
This solution is extremely scalable - we are able to spin off multiple instances very rapidly.
How was the initial setup?
Initial setup was extremely simple and was done in minutes.
What about the implementation team?
I implemented through an in-house team.
What other advice do I have?
I would rate this solution as eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Designer and Developer at a tech services company
The most valuable feature is creating your own image.
What is most valuable?
The most valuable feature of Docker is by far is creating your own image. By creating your own image, you can have an environment for whatever you are working on that is exactly how you want it.
The idea that you can create a machine this quickly, use it, destroy it if you want, build upon it, take things out, and rebuild very quickly is very useful.
For example, you could add a command that installs a certain tool to your Dockerfile and build that image. Your image now has that tool. If you want to get rid of that tool, you just get rid of the line from the Dockerfile, rebuild the image, and it’s like you never installed that tool.
It gives you a feeling of complete control. By comparison, doing the same thing with something like Vagrant would take a lot of time. With Docker, building an image is so fast that it’s practically disposable.
How has it helped my organization?
Docker has allowed me to have pre-defined working environments that can be moved to the cloud and I know they will be exactly the same. Something can be deployed to the cloud, but the overhead of running a virtual machine is wasteful. This is especially the case since on most clouds, an account is already contained by a virtual machine. Running a virtual machine within a virtual machine is possible, but not ideal.
What needs improvement?
Docker is already aware of how faulty their file system volume mounting technology is on the Mac. I see that they are making improvements in that area, but there is still a long way to go.
On the Mac, Docker is far from perfect. The program has issues communicating with the file system and receiving events. As a result, Docker’s volume features are very slow on the Mac. However, there is a workaround called Docker-sync. Docker sync goes around Docker’s weak volume support on the Mac by syncing files through the network using unison and rsync. Still, I would only give Docker a 10 if their volume experience were as good on the Mac as it is on Linux. I have used this product in a Mac environment as well as Linux.
For how long have I used the solution?
I have been using Docker since November, 2016. I started using it to see what all the talk was about. The initial learning curve was somewhat steep. What Docker does is simple. However, understanding what Docker does is important and not obvious. That’s why I took Lynda’s course on Docker. This course gave me a good practical understanding of Docker. After understanding the basics, the documentation actually became useful to read.
What do I think about the stability of the solution?
In my experience, Docker has been very stable.
What do I think about the scalability of the solution?
There have been no scalability issues. As a matter of fact, Docker itself can be used to help you scale up by allowing you to create a new environment quickly when you need more power, or if you want to deliver an instance closer to a customer.
How are customer service and technical support?
In term of technical support, the Docker community is very helpful and active. There are already a lot of answers to common questions on stack overflow.
Which solution did I use previously and why did I switch?
I previously used Vagrant. I switched because of Docker’s speed, ease of creating images, and its low overhead.
How was the initial setup?
The initial setup of Docker on the Mac is simple. There is a very friendly GUI installer. If you already have Homebrew installed, you can simply run “brew cask install docker”.
Installing Docker on Linux is a different story, since the versions supported by the default package manager sources are out of date. It’s necessary to follow somewhat lengthy instructions from Docker’s website.
What's my experience with pricing, setup cost, and licensing?
The Docker community edition is free. I don’t have any experience with their paid versions. I have not felt the need to upgrade.
Which other solutions did I evaluate?
I tried Docker because there was a bit of hype around it. I had been using Vagrant. I did not know about things like LXD before starting to experiment with Docker. If anything, I have learned about alternative container technologies that I might evaluate later.
What other advice do I have?
I think that Docker is the best among its peers. Creating, downloading, uploading, and sharing images is faster than doing the same on something like Vagrant.
When using Docker on the Mac, I only used it to create a local development environment. I also have a Docker installation running in production on a production environment being used as the backend for an iOS app.
I would advise people to take the Lynda course on Docker. In my experience, the documentation only becomes useful after understanding the basics and the general idea.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Front-End Developer at Oodrive
Reporting is fast and effective and I like that it is straightforward and powerful
Pros and Cons
- "The initial setup was really easy and the deployment was fast and straightforward."
- "I would also like to see more features inside Docker as well as more integration with different solutions."
What is most valuable?
What I like most about Docker is that it is straightforward and easy to use, yet powerful. The graphical interface is very user-friendly and reporting is fast and effective.
What needs improvement?
Sometimes it is difficult to access the quality of information on Docker. I also feel that it is not a 100% secure product and I'd say there is room for improvement in the security area and functionality. I would also like to see more features inside Docker as well as more integration with different solutions.
For how long have I used the solution?
I've been using Docker for three to four years now on premises.
What do I think about the stability of the solution?
The solution isn't always that stable.
What do I think about the scalability of the solution?
I believe Docker is scalable.
How are customer service and technical support?
I like their technical support but I mostly use their external documentation.
How was the initial setup?
The initial setup was really easy and the deployment was fast and straightforward. I did everything myself.
What's my experience with pricing, setup cost, and licensing?
We use the free version of Docker.
Which other solutions did I evaluate?
I don't use any other software, given that Docker is our solution.
What other advice do I have?
My advice to others is to just do it. It is a no-brainer. I really recommend this solution and on a scale from one to ten, my rating is a nine.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior IT Consultant at PROEF IT
Ease of managing and deployment provides us a more scalable and agile environment
Pros and Cons
- "This solution has improved our organization with the agility, microservices approach, and scalable solutions for distributed systems."
- "The orchestration and tracing should be improved."
What is our primary use case?
We use this solution for the virtualization of monolithic apps, providing a better scalable and agile solution.
How has it helped my organization?
This solution has improved our organization with the agility, microservices approach, and scalable solutions for distributed systems.
What is most valuable?
The most valuable features of this solution are scalability and agility. It is easy to manage and deploy.
What needs improvement?
The orchestration and tracing should be improved.
For how long have I used the solution?
One year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Mirantis Container Cloud Report and get advice and tips from experienced pros
sharing their opinions.
Updated: May 2024
Popular Comparisons
Prisma Cloud by Palo Alto Networks
Trend Micro Deep Security
Aqua Cloud Security Platform
NGINX App Protect
Google Kubernetes Engine
BMC Helix Cloud Security
SUSE Rancher
Canonical LXD
Buyer's Guide
Download our free Mirantis Container Cloud Report and get advice and tips from experienced pros
sharing their opinions.
