Docker vs LXC/Ansible?

Containers

Why this question?

During last DevOPS meetup @GrzegorzNosek asked very good question – why should one use Docker instead of pure LXC/Ansible?

Honestly I’ve been trying to answer myself this question for a while. I did in some part (included this in my talk I gave during that meetup: http://www.slideshare.net/d0cent/docker-rhel); while it’s about developers running development envs Docker is just so much easier to use.

But how should I explain using Docker for myself? I’m sysadmin and I love low-level – so LXC for me is just natural way of doing things :)

Your face, your ass – what’s the difference?

(If you feel embarassed / disgusted somehow with this header please rewind 18 years and remember that: https://en.wikiquote.org/wiki/Duke_Nukem)

One thing you should know about me – I’m contributing to FedoraProject; lately I’ve been poking around Fedora-Dockerfiles project (https://git.fedorahosted.org/cgit/dockerfiles.git/) – I’m doing it for fun and also I wanted to learn more about Docker as I’m running some Open-Source projects with friends and had to find a easy way for them to rollup own development envs. Docker is the answer in this case.

So – currently I’m using Docker to prepare dev-envs for guys who knows nothing about DevOPS / SysOPping; writing Dockerfiles is so much fun (and sometimes so big hell :) ). And LXC? Together with Ansible I’m managing some servers’ resources (like VPN, DNS, some webservices etc). It’s also fun, it’s fast, rather reliable and it makes things so much easy to live with.

So any winners here?

But still – for me as guy who use rather fdisk than gparted (or virsh than virt-manager ;) ) Docker is not the case for managing services. And honestly I’m still looking for an answer for the question from subject of this blogpost. For now after couple of weeks poking around Docker (and months with LXC) I can tell this one obvious thing that when You know LXC than Docker is just so easy (e.g. running some daemons inside spartan-like Docker images can be a tough fight whe some libs or dependencies are missing). Also creating and running Dockerfiles is very easy – just like creating Ansible playbooks.

I think that I’m gonna do this one thing that I did couple of years ago when XEN and KVM were running shoulder to shoulder in the FOSS full-virt race. I’m just gonna use them both – Docker and LXC and see how things will develop. Docker is very great and easy to manage apps only (so Continuous Development with Docker is killing feature) and I’ll LXC/Ansible within some basic services (GitLab, DNS, VPN etc). But for more fun – I’m gonna keep both tracks, so e.g. when deploying GitLab within LXC I’ll create also Dockerfile for this.

This way I think that I will have a really good answer in just a couple of weeks and this should be nice subject for some conference talk?

Follow my GitHub account (or even better – Twitter) – I’ll post there updates about new playbooks and Dockerfiles.

  • victorcoder

    I’m in the exact same state as you but instead of duplicating efforts I’m planning to use Docker to build an automated teting env (I use vagrant/ansible for the dev platform and I’m quite happy) time will say.

    • http://maciek.lasyk.info/sysop Maciej Lasyk

      What tools will u use for automation?

      • victorcoder

        If you mean for the testing platform I plan to use plain Dockerfiles. Ansible for the rest.

  • https://www.hashtagsecurity.com/ Frederic Mohr

    So, what’s your answer a few months later? I currently have my
    private lab running on LXC and I want to automate things with ansible.
    But docker keeps popping up everywhere so I’m not sure if I should use
    it instead.

    The thing is, that this is a dev-env for me so I’m spinning up pre-setup operating systems more than pre-setup applications.

    Is Docker a good choice or should I stick to plain LXC and introduce ansible to it?

    • http://maciek.lasyk.info/sysop Maciej Lasyk

      First of all Ansible is an automation tool, so you can use it for LXC and for Docker orchestration.

      So let’s keep to this “Docker vs LXC” subject. After couple of months I can write couple of things:

      1. LXC is awesome, but so is Docker. It depends on use – cases and your situation
      2. If you’re building continuous integration (/deployment) env then Docker is a way to go (see my last presentation: http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale )

      3. If this is only about lightweight virtualization (containerization) of your already existing envs then you could probably go with LXC. This is because you can use your already created workflows / tools with LXC as those containers simulate VMs in many ways Docker is a completely different approach (Single Application Containers – this means that only one process should be created in Docker container and those should be treated as ephemeral).

      I think that I should work on an update for this post as this is really interesting subject. If you have any more questions – plz ask :)

      • https://www.hashtagsecurity.com/ Frederic Mohr

        Thanks for the help, sounds like LXC is more fit for me. But I’ll look into Docker as well, I’m curious how it works for my lab.