[txutxu]

We need to remove a ssh key from all company hosts right now as fast as possible. How do Docker helps compared with tools like ansible/chef/puppet?

We need to increase a sysctl value on our systems with role X. As fast as possible. How does docker help there?

We need to run a set of given commands for a security audit of our systems. We need to execute some actions conditionally by role on the infrastructure. etc... No Docker help there.

We need to know the credentials accepted by container "foo" on a given past day of the year. Do the report.

Pretty sure lot of (experienced) people has seen problematic and ugly deployments.

We've seen worse and better things, done with put_a_name_here technology. No mater what name you put in the sentence. Which programming language, which stack, which integration... no mater... at all.

Don't let you go by "magic" tools. There is no magic in Docker, just money behind so you are forced to listen about it, think it's better, etc. That's it.

It's good at what it is. And one of that things, is money. It's better solution than others available, because it has been widespread, even between those avoiding it, because it's supported on major providers, etc, etc, etc. Industry. People that does not even know, neither never did use directly, the technologies below Docker, is talking about it, with big ego.

It does not solve all the needs of a devops, startup or company. Neither the new $tool to appear on viral ways tomorrow, will do. Be sure.

Have a nice day.

[wstrange]

I think that CM tools are complimentary to Docker (TV did not kill radio..), but at least some of your points do have emerging solutions.

For example, ssh keys: Kubernetes has a concept of "secret volumes" that are used to distribute secrets. i.e. don't store mutable (and secret) state in the container.

[superuser2]

There is no point in using Docker if you're going to think about it in the way you're thinking about it, as just another way of subdividing boxes.

What we're excited about is using it as a building block in an internal PaaS so that individual application teams have a Heroku-like interface for deployment. Hosts are cattle (and managed by a traditional CM tool), containers are immutable and do not even have shells installed, etc. We don't have mature tools for orchestration, scheduling, networking, service discovery, etc. yet but this approach is what all the hype is about and much of the software popping up to fill that niche, i.e. Mesosphere and Kubernetes, is really interesting.

Machines having roles, engineer SSH keys being on machines, containers being logged into, etc. - in attacking these things you are attacking a strawman.