This content is part of the Essential Guide: Virtual container technology options for management, security

Configuration management tools seek foothold in containers

Some IT pros argue container management supplants the need for configuration management tools like Puppet and Chef, while others say there's room for both.

If you deploy containers, you may be less likely to deploy configuration management tools alongside them.

With the popularization of containers comes a new debate about the role of configuration management tools in environments with highly automated container clusters. Early adopters of container cluster automation, such as Google's Kubernetes or Apache Mesos, said those tools can supplant the likes of Puppet, Chef, Ansible and SaltStack, which are widely used to automate data center configuration management.

Users can very easily circumvent Puppet, Chef and similar competitive products when container cluster management is offered as a cloud service, such as Google's Container Engine, which is based on Kubernetes, according to IT pros who have used the product.

"When you move to container orchestration, the need for automation tools becomes somewhat different, and tools like Puppet, Chef and Ansible have a little bit less applicability," said Mark Betz, a software engineer with 20 years' experience in the industry. Betz recently worked for a startup called icitizen in Nashville, Tenn., where he used Google Container Engine.

Kubernetes can spin up a fully configured server cluster using relatively few API calls. Docker itself is responsible for the state of the file system each time a container is deployed. Betz's company was able to achieve a completely automated build process on Google Cloud Platform. When a developer pushed a change to a branch, CircleCI would pick up that change, rebuild the containers, push the images to Google Cloud Registry, contact Google Cloud and tell it to restart the services to pull the new container images down onto the infrastructure.

"We just essentially worked with makefiles and we didn't find ourselves having to use [configuration management] tools," Betz said.

Some on-premises adopters of containers also said they have forgone configuration management tools in favor of container cluster automation tools.

Mesosphere's Datacenter Operating System (DCOS) was a "cleaner" option for deployment of containers at massive scale than Chef, according to Stephen Voorhees, director of engineering for cloud platforms at Autodesk Inc., a maker of 3D design software based in San Rafael, Calif.

"One of the key reasons we chose DCOS is that everything is getting more and more complicated in terms of how you deploy and how infrastructure works," Voorhees said. "At the same time, it's really important to build the tooling and the capabilities around the infrastructure to make it really easy for developers and teams to move fast."

Even when it's not the big automation suites such as Kubernetes or DCOS in play, container management tools have gained momentum at some other companies as well.

"Cloud 66 lets us remove virtual machines from the load balancer and spin up a new Docker container, start the Docker container and add it back into the stack, and that would typically be done in Chef or something like that," said Scott Hasbrouck, CTO and co-founder of Convoy Inc., a consumer tech support service company based in San Francisco.

Cloud 66 Ltd., based in San Francisco, provides cluster automation for Docker environments meant to automate app deployment.

Very rarely do software engineers have to muck around with configuration of the underlying infrastructure with Cloud 66 in place, Hasbrouck said.

Not so fast

This shift in the market isn't lost on configuration management tool company Red Hat.

There is still room for configuration management to make sure application images within containers are consistent, but in container orchestration tools, "there's a composing aspect that ... does a better job than we have seen in these prior frameworks," according to Lars Herrmann, general manager of the integrated solutions business unit at Red Hat.

Red Hat owns Ansible and has also integrated Kubernetes into its OpenShift platform as a service product.

Traditional, infrastructure-based automation approaches to configuration management will diminish over time, according to a Chef product manager.

Value, he said, is moving into the application space, but as long as applications exist, there will be configurations to manage, and containers do not obviate this.

But while Red Hat and Chef see change afoot in how apps are managed, Puppet's CEO Luke Kanies said he strongly disagrees with this viewpoint when it comes to the applicability of configuration management tools in container environments.

"It's a lot like server virtualization -- in some ways, virtualization makes configuration less necessary," Kanies said.

But while virtualization made each individual machine less necessary and eliminated many of the difficult problems involving managing physical machines, it also increased the number of machines under management about tenfold, Kanies said. Meanwhile, Docker is going to make everybody's infrastructure at least another 10 times bigger. Some people argue IT will have as much as 100 times as many containers as it has VMs to manage -- and potentially even more.

"So, every application you have just got more complex, more critical, more confusing and more complicated," Kanies said. "You need way more management, not way less management."

In container automation environments, particularly on premises, Kanies argued users will still need Puppet to automate the setup of the Kubernetes environment and the underlying infrastructure layer, as well as to trigger Kubernetes' container builds.

Some bleeding-edge container users side with this viewpoint as well.

"Nothing is as easy as it seems, and even though you get a lot of bang for your buck with containers, there still is a need to do automation tasks, and you do want something to manage all that automation," said Noah Gift, CTO of Sqor Inc., a sports social network startup based in San Francisco. The company will soon deploy SaltStack for this purpose, Gift said.

Leaving configuration management behind when implementing container management would be a return "to the Dark Ages of terrible custom-written bash scripts to configure your systems on an ad hoc basis," said David Danzilio, Puppet evangelist at Constant Contact Inc., an email marketing company in Waltham, Mass.

If anything, the move to containerization will probably makes configuration tools more relevant, not less, Danzilio said.

"Your containers have to get built somehow," he said. "That's sort of where configuration management tools can save us, by having a robust build-time language."

Beth Pariseau is senior news writer for TechTarget's Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Next Steps

App performance drives IT platform management tools

Security risks increase due to container flexibility

Four ways to kick start cloud operations

Chef adds continuous delivery to its menu

How stateful apps with work with container management

Dig Deeper on Managing Virtual Containers