Review: Puppet Vs. Chef Vs. Ansible Vs. Salt 141
snydeq writes "InfoWorld's Paul Venezia provides an in-depth review of Puppet, Chef, Ansible, and Salt — four leading configuration management and orchestration tools, each of which takes a different path to server automation. 'Puppet, Chef, Ansible, and Salt were all built with that very goal in mind: to make it much easier to configure and maintain dozens, hundreds, or even thousands of servers. That's not to say that smaller shops won't benefit from these tools, as automation and orchestration generally make life easier in an infrastructure of any size. I looked at each of these four tools in depth, explored their design and function, and determined that, while some scored higher than others, there's a place for each to fit in, depending on the goals of the deployment. Here, I summarize my findings.'"
Another one... (Score:2, Insightful)
When i evaluated this tools i just did one thing:
Checked job offers that quoted those tools.
Answer:
Go for Chef / Puppet, because you will never find people with the other ones skills.
Between Chef and Puppet, it's pretty much a question of taste / existing skills in your company.
Re:Another one... (Score:5, Insightful)
Whyyyyyyyyyyyyy are people employed on the basis of skill with specific ephemeral brands.
You want their brains, not their.. oh never mind. This is why I am out of the software business.
Puppet Vs. Chef Vs. Ansible Vs. Salt (Score:4, Insightful)
Article did not contain the review I expected. Would not read again. 0 stars.
I want everything for nothing (Score:5, Insightful)
WANTED: Programmer with 15 years experience Ruby on Rails and 23 years MongoDB experience, to help write $5 million package. Pay: $11/hour, 30 hours/week part time (although we expect you to camp out as we supply pizza and beer). Supply your own equipment. Job to last three months.
-- That's why I'm running my own shop instead of trying to go thru a recruiter.
Re:Another one... (Score:4, Insightful)
Because some people are ephemeral too.
If I want to hire someone I'll be firing in a year, I couldn't care less about his skills other than exactly what I want him to do during that year.
Re:I want everything for nothing (Score:4, Insightful)
And it works, because many geeks are antisocial sorts who rather than organising their labour will happily walk over each other just to get that little bit of green. Then, when the race to the bottom has been reached, they'll bitch about everyone else being better treated, rather than stopping to ask why it happened and striving to improve their collective lot.
Every sufficiently old once secure job is now tenuous or non-existent. What is secure today will be tenuous in a decade's time.
Re:summary (Score:5, Insightful)
I can't possibly disagree with you more.
When I joined my current company about four years ago, we were running a home-grown configuration management system. When I argued against this with the sysadmin who had built it, he handwaved about "those other, much too complicated, CMSs," and "this one does exactly what we want."
Only it didn't. It resulted in customers using phrases like "we asked for eight webservers and we got eight webservers all of which were almost exactly alike." Almost.
I know, I know, we all think we're smart and talented and it's easier for us to simply roll something out than figure out how to adapt Chef, Puppet, etc to our environment. We're wrong. There's tremendous value to using a standardized tool and, honestly, if I have to bet on some random schmoe coming up with a good fullfeatured less-buggy idempotent (etc etc etc) configuration management system or Chef or Puppet being able to do it ... I'll go for the thing that has been out for a while, is supported by a vibrant community, and is used on thousands of servers already. Everything else is just misplaced arrogance.
Security concerns and efficiency... (Score:5, Insightful)
This stuff is overdue in smaller shops - stay with me on this for a second. The smaller guys need to become more efficient and secure, and automation really helps. Potentially the small end could benefit MORE from automation than the big guys already have - automation is a much more disciplined and useful form of sharing information. Docs are often incorrect or incomplete - automation imposes discipline, and also allows the author to benefit from the end result. Time savings for everyone are often huge.
I'm regularly on #fusiondirectory on FreeNode (IRC) along with a few others who are working towards this kind of thing (using the Munich software as a base). Anyone else wanting to join us is welcome.
Re:summary (Score:5, Insightful)
It sounds like either your sysadmin wasn't good enough or you overestimate the capabilities of puppet &co. The only way to get two servers exactly the same is to buy same hardware from the same batches then image the drives.
My experience with these tools is that they work "well enough", giving you reasonably similar configurations across servers... providing you have fairly routine needs on mainstream platforms. But there are SO MANY niggly differences between platforms and builds that almost all your work is going to go into identifying and accommodating for those differences. For security-conscious deployments, in particular, you want to do nothing less than study each individual platform's quirks.
A senior sysadmin will have been maintaining automation tools for longer than most of the tools mentioned in this article have existed. The problem is not the guy who has built and maintained a working system, but the upstart who whines that he actually has to learn something new and won't get a new buzzword to put on his CV. If your in-house system isn't 100% perfect, don't use that as an excuse to throw the baby out with the bathwater. If you're building something from scratch, DO evaluate ALL these options, but be prepared to have to consider EVERYTHING they do behind the scenes in order to understand whether they're behaving exactly as you want them to.
Lastly - and this advice for puppet users in particular - try not to get a hard-on for the word "idempotence". It's not that complex or unique a concept.