DevOps is transforming the state of software development worldwide. Over 80% of respondents from the software industry said in a survey that DevOps is effectively adding value to their work in some form or another.
DevOps is increasing speed to market, salability, innovation and product quality for software companies globally, according to the survey.
2021 is going to be a big year for DevOps. Since DevOps spans Dev, Ops, IT, Security and Product teams to name a few, and different phases of software development, there are a plethora of tools to choose from.
Here we take a detailed look at some of the top DevOps tools currently available in the market, keeping in mind the important categories of CI/CD lifecycle.
Puppet is an open source software configuration management and deployment tool that is usually used to ensure that all servers are configured to the desired states. Puppet is agent-based, and most commonly used on Linux and Windows to control multiple application servers simultaneously. Puppet is mostly used in client/server configurations with managed nodes that remain synchronized with their configurations with the server. With R10K, Puppet’s code management tool, it has become easier to implement automated or manual changes, updates, reviews and tests on code for CI/CD. You can also use R10K and Puppetfiles to create auto-deploy of your environments. These agent-based deployments are usually accurate, timely, and generate error logs for review.
Puppet also offers an easy integration with Git for version control.
Puppet is declarative and usually suits baselining instead of orchestration.
SOME DRAWBACKS INCLUDE:
- Overall slowness
- Puppet’s inability to check system state outside of exec resources without writing custom facts
- Hiera, which is Puppet’s key-value configuration data lookup system, is slow and difficult to troubleshoot
Ansible is an open-source configuration management and orchestration tool which is known for its simplicity and performance. Ansible runs on a master machine and uses SSH to connect to the nodes. Ansible can be run from any machine with Python 2 (version 2.7) or Python 3 (versions 3.5 and higher) installed, including Red Hat, Debian, CentOS, macOS, and BSDs.
Ansible makes it very easy to manage configurations (or playbooks) with YAML (Yet Another Markup Language). Automating cross-platform tasks is also efficient with Ansible. You can also use Ansible pull mode to fetch repositories and run commands from a specific files. Conversion of shell scripts and configuration files into Ansible Playbooks or Roles is also easy and there is a lot of documentation available on this.
SOME WEAKNESSES OF ANSIBLE INCLUDE:
- Slowness with the system scales or expands
- Lack of Windows support
- Inefficient when hundreds mass synchronization needed across hundreds of servers
Chef is an open-source DevOps tool mostly used for configuration management. Chef is also based on master-agent model, as Chef clients run on each client machine (using “knife” tool and communication via SSH). But what makes Chef different from Puppet is its extra layer, called Workstation, which contains all the configurations. These configurations are first tested automatically on local machines and then pushed on to the sever.
Chef is excellent when there are host dependencies. It takes descriptions of a state of a system (packages, existing users, directories, etc) and compares them with real-time instances of agents and ensures that objects remains synched.
Chef’s automation capabilities to maintain larger networks using services like AWS OpsWorks are known in the industry. Chef Inspec also helps ensure the safety and integrity of your network and deployment. Chef InSpec is an open-source framework that allows automated and manual testing and auditing of your applications.
Even though Chef has a strong GUI, you will have to know Ruby to exploit the true powers of Chef’s infrastructure-as-code model, especially when it comes to complex tasks and customizations. You can achieve a lot of customization by writing scripts in Chef (known as cookbooks and recipes) but doing that is not optimal in many situations.
SOME DRAWBACKS OF CHEF ARE:
- Agent instances need to periodically listen to master to install updates
- Difficult to understand for beginners
- Lack of detailed documentation
- Lack of on-demand scalability
Jenkins is an open-source automation service written in Java that acts as a CI (continuous integration) tool to make it easier for developers to integrate fresh components in software for seamless integration. Jenkins uses plugins for integrations to achieve this goal.
Jenkins listens for new pull requests, merges new work branches into main code, runs automated test suites, seeds new test data, reports failures and deploys latest code changes to QA environment for manual testing.
Jenkins Pipeline is used to implement automated expressions of your process for continuous integration. You can define build files in pipelines, load them into SCM and configure job variables.
Jenkins has been around for a really long time and has practically become a standard because of its mature ecosystem, plugin support, documentation and community. Jenkins has seen several updates over the past few years. It has become one of the top choices of a lot of companies because of its easy UX/Syntax for pipelines and Docker integration.
JENKINS’ WEAKNESSES INCLUDE:
- To use Jenkins you need to learn Groovy which is notorious for inconsistencies. Groovy scripts in Jenkins are not easy to write and edit especially when a lot of changes are needed.
- In many instances, you also need to manually configure builds into the UI, hardcode configuration files and lax access controls.
- Jenkins is extremely difficult to use without JenkinsFile, which is a text file that contains the definition of a Jenkins Pipeline and is checked into source control.
TeamCity is a premium CI tool (a limited free version available too) that is famous for its easy-to-use interface, smooth configurations and creative features. TeamCity runs in a Java environment and Apache Tomcat server but can also be installed on Windows and Linux servers.
Should you choose TeamCity? That largely depends on your needs. If you have the budget, and your main tasks include setting up a fixed number of build agents to do parallel build chains with repository snapshot and artifact dependencies without much hassle, TeamCity is for you. TeamCity also has a pretty solid documentation. TeamCity’s “Snapshot Dependencies” feature allows you to keep the same source version across an entire pipeline without low-level code implementations.
However, TeamCity does automatically fix snowflake agents for you, and you will have to use provisioning tools or container technologies for that.
TeamCity’s template-based build configurations can make the life of your time my easier.
TeamCity also natively supports agent auto-scaling in AWS, GCE and Azure. It also supports VMware and Kubernetes via plugins. It also has a native integration with GitHub.
SOME DRAWBACKS OF TEAMCITY ARE:
- Debug logs and errors logs are difficult to parse and understand
Bamboo is a continuous integration and continuous deployment server developed by Atlassian. One of the key strengths of Bamboo is its ability to integrate automated builds, tests, and releases in a single workflow with other Atlassian products such as JIRA, BitBucket, Stash, Hipchat and Confluence, creating a solid ecosystem of software development and delivery.
Bamboo also has a solid, easy-to-use GUI.
Easy integrations with BitBucket , Confluence and Jira is a big advantage of Bamboo. It can also initiate cron-like triggers which come in handy if you have review analytics, automated testing and automated routines to run when staff is out of the office.
BUT BAMBOO IS NOT PERFECT. HERE ARE SOME OF ITS DRAWBACKS:
- Code analysis capabilities of Bamboo are not strong
- Centralization of build configuration is not possible with Bamboo
- No global tools configuration (you have to manually install tools on agents)
- Bamboo lacks credentials plugins and support, which means password changes have to be rolled out on every related Bamboo project
Source Code Management:
GitHub is one of the most popular source code management tools used by millions worldwide. GitHub’s key strengths include its easy-to-use UI, its smart features like restoration of repos which are deleted accidentally, prevention of production deletions, diverse integrations and security. GitHub has practically no outages or downtimes, which makes it extremely reliable.
GitHub has a vast community, and is a perfect fit for open-source projects. Because Microsoft owns GitHub, there is solid integration available for Azure DevOps and Microsoft tools. GitHub gives you more control over the CI/CD process.
However, GitHub only offers free private repos for up to 3 collaborators per repository.
BitBucket is a software version control repository service usually used for source code and development projects. The service is based on Mercurial or Git revision control systems. BitBucket is useful if you are using other Atlassian products. BitBucket is also famous to its efficiency when it comes to a managing a big number of repos. A free public BitBucket repo supports unlimited number of users.
BitBucket is also famous for its seamless integrations with JIRA and Confluence. BitBucket is a top choice for projects involving private repos.
BitBucket also offers Pipelines service for complete CI/CD cycles.
SOME DRAWBACKS OF BITBUCKET:
- BitBucket does not provide uptime SLA agreement
- UI could sometimes be confusing
GitLab , which is based on Git, provides version control, CI services, deployment and pipeline features for software development. Most companies prefer to use GitLab for source code management due to its strong CI services. GitLab is the way to go if you are looking to integrate CI/CD on your own server, because you can practically host GitLab on your server. GitLab is free and open source and provides an unlimited number of free private repos.
GitLab also allows you to install private instances. It also offers container registry services.
Spinnaker is an open-source CD software platform that works with Kubernetes, Google Cloud Platform, AWS, Microsoft Azure and Oracle Cloud. It is mainly a deploy and deliver platform that takes your artifacts and orchestrates their deployment to production.
Spinnaker’s dashboard and interface is very easy to use. Developers can easily push their code to the release branches and the tool will automatically build, test, validate and push the code to production. With Spinnaker, you can use seamless Kuberenetes, GitHub and Google’s Cloud build integrations to easily commit and deploy changes to your software.
Spinnaker can natively build EC2 AMIs, configure ASGs and set up load balancers.
SOME DRAWBACKS OF SPINNAKER ARE
- Lack of efficient scalability
- Scarce documentation
- Difficulties in automating tasks
Octopus Deploy is a CD tool used for automated deployments. It can automatically deploy apps and services on agent machines or “tentacles.” Octopus Deploy is suitable for ASP.NET web applications, Java applications, NodeJS applications and running custom scripts to multiple environments, including AWS and Azure. Mostly it is used with AzureDevOps and preferred by companies working on Microsoft ecosystem.
Octopus Deploy can integrate CI infrastructures of pipelines. You can initiate API calls to Octopus to create new releases and push binaries via your CI pipeline.
OCTOPUS HAS SOME DRAWBACKS, WHICH INCLUDE:
- You cannot export variables in between the projects
Argo CD is a declarative GitOps continuous deployment tool mostly used to deploy apps inside Kubernetes clusters.
Argo CD enforces synchronization Kubernetes manifests that describe your app in a Git repository. Argo CD can automatically apply updated or changed manifests to commit changes to your cluster. ArgoCD server can track deployment branches of your main projects. Argo CD can also automatically detect when a build branch is merged into the deployment branch. Argo CD prevents down times by first deploying new version of manifests.
SOME DRAWBACKS OF ARGO CD INCLUDE:
- Argo CD does not support CI, which means you will need other tools like Jenkins, Travis, Circle CI or Gitlab CI if you want a complete CI/CD pipeline.
- No support for rollback hooks.
Threat and Vulnerability Management:
TwistLock (Palo Alto Networks)
TwistLock provides threat and vulnerability for container-based applications. The service is famous for its integrations with Kubenetes and Docker containers. TwistLock, now owned by Palo Alto Networks, provides runtime security checks with its Runtime App Security Protection and automated scanning of containers.
TwistLock has a strong documentation. It’s easy to deploy and enforces optimized consumption of resources. It is also known for its CI/CD pipeline integration, strong compliance with container security protocols and image scanning.
TwistLock is also known for its granular-level security analysis. The service also uses AI features to learn your environment, though some companies find automatically triggered cron jobs to be very confusing.
They also offer SaaS based security scanning (prisma cloud) and on-Premise solution.
Sysdig is a monitoring tool used for cloud infrastructure, services and applications. Sysdig is commonly used for container security and monitoring and orchestration monitoring on PaaS infrastructures.
Sysdig is also useful to monitor OpenShift clusters because it provides granular data to analyze metrics.
What makes Sysdig stand out is its strong integration of container monitoring with orchestration layers.
Sysdig is also useful if you want to dig into the process-level traffic flow. Sysdig Opensource allows you to capture details of a host at kernel system call level. The capture process can also be automated to be deployed as a Docker container via daemonset or a direct agent process.
SOME OTHER FEATURES INCLUDE:
- Network graphs
- Monitoring self-hosted sentry installations
- Monitoring of AWS-based systems
- Easy integrations
- Great customer support
Anchore is a complete container security workflow solution that seamlessly integrates with a variety of development tools and platforms. Anchore offers container inspection and compliance solutions tailored for a range of different applications enabling teams to adhere to industry security standards.
Security teams can audit and verify compliance throughout the organization.
- Support for webhooks including cloud-hosted or on-premises Kubernetes environments and CI/CD platforms
- Policy-based security and compliance
- Checks for:
– Vulnerability scanning
– Secrets and passwords
– Operating system packages
– 3rd party libraries
– Dockerfile checks and more
JMeter is a load testing tool used to test web applications. Even though JMeter is used for load/performance testing, it can still be used for initiating API calls, status code and responses. JMeter also supports a lot of plugins.
You can also use JMeter’s concurrent pool size feature to initiate multiple connections per thread during testing.
JMeter is platform-independent and runs smoothly in different environments.
You can also view test results in a variety of ways, including graphs, charts, tree views, XML and JSON.
JUnit is a unit testing framework mostly used for Java applications. JUnit framework belongs to the xUnit family of Java frameworks.
JUnit uses Annotations to help you identify the methods that should be used in testing. Its test runners feature is also famous in the developer community because of its customization capabilities. You can also use Assertions in JUnit to test expected results.
In JUnit, you can use different combinations between several arguments. It becomes very easy to create and manage rich unit test case suites for your entire application using JUnit. JUnit can also automatically test all functions and units of your application before module or System level testing.
Selenium is an end-to-end testing software testing platform famous for its user-friendly UI that allows testers to emulate a web system behavior, send API requests, and analyze a system’s behavior.
Selenium allows you to write complex and advanced test scripts in RUBY or HTML to tackle several levels of complexity.
Selenium provides a complete IDE for web app developers to edit, record, and debug tests. You can set customized start points and breakpoints for several test cases.
SOME OTHER KEY FEATURES OF SELENIUM INCLUDE:
- Integration with several development platforms as Jenkins, Maven, TestNG, QMetry, SauceLabs.
- Parallel testing with Selenium Grid.
SonarQube is an open-source tool used for code quality, continuous inspection, security and bug analysis. It works smoothly for Java, Python, XML and PHP and many more languages out of the box. The tool can dynamically add rules through xpath expressions, and you can also customize the tool to enforce certain situations where it should ignore exceptions.
SonarQube is mostly used for static analysis. It has nice integrations for GitLab. SonarQube’s dashboards and high-level tracking gives you a lot of control over code quality and inspection.
SOME DRAWBACKS INCLUDE:
- Sometimes slow
- Limited support for third-party tools and plugins
Logging & Monitoring:
Grafana is an open source analytics and monitoring solution built on Apache 2.0 license known for its excellent UI, graphs, charts, real-time analytics and triggers. Grafana can pull data from several sources, including Graphite, InfluxDB, OpenTSDB and Prometheus.
Grafana is mostly used for monitoring Docker containers, networking equipment, bandwidth, data flow, virtual servers, Azure infrastructure, databases and web applications. Grifana is also famous for its plugins and seamless integrations with Telegraf and Zabbix.
Grafana can visualize granular data for you, including metrics like the exact time of outage, events just before outages, user logs, data center temperature and performance forecasts.
New Relic is a full-stack monitoring tool used to track Cloud-based applications and software. New Relic offers rich dashboards, distributed tracing supports, detailed logs, top to bottom visibility and monitoring. New Relic has strong monitoring of backend calls and can detail the causes of slowdown in a system.
The tool is useful for companies who need detailed analysis of several stack profiles.
New Relic is expensive but the company recently made its pricing model consumption-based.
SOME DRAWBACKS OF NEW RELIC INCLUDE
- Weak customer support
- Expensive even after consumption-based pricing model
- Debugging is complex and difficult
Nagios is an open-source that monitors systems, networks and infrastructure. It actively monitors health of services and maintains log stash files. It also shows the causes of downtime, duration of downtime and possible events that trigger outages
Nagios also offers several configuration options and alerts features. You can suppress alerts for a host, enforce maintenance mode on hosts, customize notification settings for alerts and much more.
Nagios supports hundreds of plugins. You can also create your own customizations and develop your own plugin support.
However, because Nagios is relatively old, it is difficult to operate with the latest infrastructure. It lacks database driven configuration, and forces you to use configuration files.
ITSM & Collaboration:
JIRA is a project management and collaboration tool used by software companies worldwide. JIRA is an extremely powerful tool and offers a variety of customizations and features.
In order to exploit the full benefits and power of JIRA, you will need an expert as the tool is difficult to configure if your requirements are complex. You can create timelines, sprint release plans and forecasts using JIRA’s Portfolio feature. You can use JIRA’s Structure to track progress to a granular level.
SOME OTHER FEATURES INCLUDE
- Zephyr for JIRA is a native test application which could be used for the entire software test life cycle
- Critical path tool
- Native tools to calculate team velocity
- Integrations with Atlassian’s products like BitBucket and Bamboo
SOME DRAWBACKS OF JIRA INCLUDE
- Boring and sometimes confusing UI
- Buckets/Containers are called “Projects” in JIRA which is confusing
Slack is a collaboration and communications tool that has gained massive popularity lately. Slack is famous for its real-time conversations, its search feature and friendly UI.
Slack is swiftly replacing email in the software industry because of its robust UI, fun features and agility.
Because of its popularity, several software collaboration tools now offer Slack integrations for instant messaging.
JIRA and Slack integration is commonly used for project activity logs, virtual Sprint retro meetings, ticket solutions and alerts.
Custom chat bots, infrastructure routines and triggers could also be made for Slack using programming.
Microsoft Teams is a communication and collaboration tool. It is useful for companies working in the Windows ecosystem. Apart from instant messaging service, Teams is useful because of its integration with Azure DevOps platform. You can also connect your Teams with Azure Repos and Azure Pipelines.
Teams offer different channels where teams can collaborate with each other. This creates a project-specific communications repo which you could search anytime.
SOME OTHER FEATURES INCLUDE:
- File repos
- Phone/video conferencing
- Chatbot integrations
- Office 365 integration
While choice is great, the multitude of tools available can be daunting. Lack of standardization and automation, can create extremely high learning curves during onboarding and/or hand-off. Often, teams within the same organization invest in similar, overlapping tools, wasting both time and financial resources. As the endless pain of building and integrating the toolchains burn out developers, security issues become rampant as tool versions age and integrations get stuck depending on legacy code.
Without automation, these toolchains age poorly. All of this creates a DevOps environment that is as stable as a house built on sand.