Review: Puppet Vs. Chef Vs. Ansible Vs. Salt 141
snydeq writes "InfoWorld's Paul Venezia provides an in-depth review of Puppet, Chef, Ansible, and Salt — four leading configuration management and orchestration tools, each of which takes a different path to server automation. 'Puppet, Chef, Ansible, and Salt were all built with that very goal in mind: to make it much easier to configure and maintain dozens, hundreds, or even thousands of servers. That's not to say that smaller shops won't benefit from these tools, as automation and orchestration generally make life easier in an infrastructure of any size. I looked at each of these four tools in depth, explored their design and function, and determined that, while some scored higher than others, there's a place for each to fit in, depending on the goals of the deployment. Here, I summarize my findings.'"
Oh really? (Score:1, Interesting)
I call BS on that statement, I run puppet at home for my 2.5 servers, it really simplifies my life.
Re:Oh really? (Score:5, Informative)
In English, unlike many other languages, a double negative means a positive (sarcasm aside). The guy is agreeing with you.
Re: (Score:2)
Re: (Score:3)
Look up "negative concord".
Re: (Score:3)
Re: (Score:2)
Ma sei sicuro? Io ti ho visto girando la intorno.
Re: (Score:2)
Lo so, ma il mio tastiera e' inglese, e sono troppo pigro di cercare la mappatura giusta. (lo so, si mancano anche in questo )
Re:Oh really? (Score:4, Informative)
Re: (Score:2)
At least im East-Timor, when you ask something in a negative question ( "will not meet today?"), they usually reply directly to the question ("yes, we will not meet"), instead of the more usual negative confirmation ("no, we will not meet").
If the above example is already a little confusing, when you get a single "yes" or "no" reply, you are totally lost on what was really the reply... and learn very quickly that you must not ask negative questions if you really need a reply!! :)
for sure there are many othe
Re: (Score:2)
That's the same in English.. negative questions cause confusion :p when someone answers yes or no, you either have to gather the meaning from the context and tone of voice, or ask for clarification.
Re: (Score:2)
http://en.wikipedia.org/wiki/Double_negative#Slavic_languages [wikipedia.org]
Re: (Score:2)
Standard-German for instance always interprets a double negative as positive, quite different from some German dialects.
Re: (Score:1)
Yeah Right (Score:2)
and two positives make it a negative :)
Re: shameless plug (Score:2)
If anyone is looking for an even simpler solution, I've package up my own project and open-sourced it. It's called pave, and has few dependencies, just PyYaml and fabric:
https://bitbucket.org/mixmastamyk/pave [bitbucket.org]
Would love to get more feedback.
Re: (Score:2)
packaged ;)
Re: (Score:2)
Were you aware of Paver? http://paver.github.io/paver/ [github.io]
The names could get a little confusing as pave is also a Python project in nearly the same space.
Re: (Score:2)
I have seen it but couldn't figure out what it does after reading the docs. Seems like a make alternative. I can't think of a better name unfortunately.
Re: (Score:1)
whoooosh!
CFEngine (Score:1)
...is still my tool of choice.
summary (Score:2)
Since these are all cookie-cutter solutions for a broad range of necessarily very different scenarios, your choice will depend on how well your scenario fits in with the features provided by each product.
As always, the ideal solution will come from rolling your own, possibly by heavily customising an existing solution - which may include one of these. But you may not have the knowledge or the time to do this, and it might piss off corporate if they would rather something which makes you easily replaceable.
Re: (Score:2, Funny)
The odds of successfully rolling your own package management and deployment solution is challenging enough to even talented specialists, and then you expect documentation?
But sure, that's the ideal solution. I presume the problem starts out, "first, assume a spherical sysadmin in a frictionless environment..."
Re: (Score:2)
These products merely provide hooks into native package management.
Re: (Score:1)
Completely wrong. That's only single function of a large tasklist that these tools are used for. Anything an administrator could want to do on a server can be automated via these programs. Configuration updates, custom software installation, version controlled code distribution, directory and file permission sanity checks and so on. The list is endless.
It's *how* these application go about performing these jobs and how complicated it is to write the script / recipe / yaml file to perform the task that is th
Re: (Score:2)
Context of GP, goddammit. As far as package management, these tools do not provide package managers, merely hooks into native package management.
Re: (Score:3)
If you expect documentation, and probably support too, then you will find a commercial package (eg Landscape [canonical.com]) will fit your needs better than the free equivalents.
That's not to say the commercial equivalent is better in any way, or necessarily does more, or has better features.. just that they are the ones to go with if you need that level of support.
Or you could just hire someone to provide you with that support internally, the fat sysadmin that was mentioned :)
Re: (Score:1)
The reviews were of the Enterprise versions. Puppet and Chef Enterprise is far from free...
Re:summary (Score:5, Insightful)
I can't possibly disagree with you more.
When I joined my current company about four years ago, we were running a home-grown configuration management system. When I argued against this with the sysadmin who had built it, he handwaved about "those other, much too complicated, CMSs," and "this one does exactly what we want."
Only it didn't. It resulted in customers using phrases like "we asked for eight webservers and we got eight webservers all of which were almost exactly alike." Almost.
I know, I know, we all think we're smart and talented and it's easier for us to simply roll something out than figure out how to adapt Chef, Puppet, etc to our environment. We're wrong. There's tremendous value to using a standardized tool and, honestly, if I have to bet on some random schmoe coming up with a good fullfeatured less-buggy idempotent (etc etc etc) configuration management system or Chef or Puppet being able to do it ... I'll go for the thing that has been out for a while, is supported by a vibrant community, and is used on thousands of servers already. Everything else is just misplaced arrogance.
Re: (Score:2)
The problem on my side is we have a lot of legacy gear including Tru64 and old HP-UX 11.0.0 boxes that run critical applications. New systems are being rolled out on virtual systems for non-critical applications. I have a lot of scripts I write but they're for information gathering mostly.
I've looked at various tools like cfengine when I got here 6 years ago and more recently things like Puppet and Chef but find they aren't really built to solve my problem and many have clients that go on the systems or oth
Re: (Score:2)
I don't know, people have been doing large scale deployments and management huge groups of servers since forever. Long before puppet was an idea people were deploying thousands of completely identical servers in minutes. It's really not that hard.
That said, of the four in the review, I'm in favor of salt. I have previously considered chef and puppet and rejected them as not worth my time. There's no "win" over doing it the way it's always been done (by people who actually know something). Salt is diffe
Re:summary (Score:5, Insightful)
It sounds like either your sysadmin wasn't good enough or you overestimate the capabilities of puppet &co. The only way to get two servers exactly the same is to buy same hardware from the same batches then image the drives.
My experience with these tools is that they work "well enough", giving you reasonably similar configurations across servers... providing you have fairly routine needs on mainstream platforms. But there are SO MANY niggly differences between platforms and builds that almost all your work is going to go into identifying and accommodating for those differences. For security-conscious deployments, in particular, you want to do nothing less than study each individual platform's quirks.
A senior sysadmin will have been maintaining automation tools for longer than most of the tools mentioned in this article have existed. The problem is not the guy who has built and maintained a working system, but the upstart who whines that he actually has to learn something new and won't get a new buzzword to put on his CV. If your in-house system isn't 100% perfect, don't use that as an excuse to throw the baby out with the bathwater. If you're building something from scratch, DO evaluate ALL these options, but be prepared to have to consider EVERYTHING they do behind the scenes in order to understand whether they're behaving exactly as you want them to.
Lastly - and this advice for puppet users in particular - try not to get a hard-on for the word "idempotence". It's not that complex or unique a concept.
Re: (Score:2)
And what do you regard as the complex part of puppet itself here?
Re: (Score:2)
in a declarative language, with a dependancy tree
I have a manpage here dated 15 August 1978 - guess what it's for.
Another one... (Score:2, Insightful)
When i evaluated this tools i just did one thing:
Checked job offers that quoted those tools.
Answer:
Go for Chef / Puppet, because you will never find people with the other ones skills.
Between Chef and Puppet, it's pretty much a question of taste / existing skills in your company.
Re:Another one... (Score:5, Insightful)
Whyyyyyyyyyyyyy are people employed on the basis of skill with specific ephemeral brands.
You want their brains, not their.. oh never mind. This is why I am out of the software business.
Re: (Score:1)
I want everything for nothing (Score:5, Insightful)
WANTED: Programmer with 15 years experience Ruby on Rails and 23 years MongoDB experience, to help write $5 million package. Pay: $11/hour, 30 hours/week part time (although we expect you to camp out as we supply pizza and beer). Supply your own equipment. Job to last three months.
-- That's why I'm running my own shop instead of trying to go thru a recruiter.
Re: (Score:3)
Don't forget the rock star part.
Re:I want everything for nothing (Score:4, Insightful)
And it works, because many geeks are antisocial sorts who rather than organising their labour will happily walk over each other just to get that little bit of green. Then, when the race to the bottom has been reached, they'll bitch about everyone else being better treated, rather than stopping to ask why it happened and striving to improve their collective lot.
Every sufficiently old once secure job is now tenuous or non-existent. What is secure today will be tenuous in a decade's time.
Re: (Score:2)
Except of course executive, or VP who married the daughter.
Re: (Score:2)
And it works, because many geeks are antisocial sorts who rather than organising their labour will happily walk over each other just to get that little bit of green. Then, when the race to the bottom has been reached, they'll bitch about everyone else being better treated, rather than stopping to ask why it happened and striving to improve their collective lot.
Organized labor? Uh no, we're too smart for that. I can't speak for everywhere else but where I live there are plenty of well-paying development jobs and I've never seen the type of behavior you describe among my peers.
Every sufficiently old once secure job is now tenuous or non-existent. What is secure today will be tenuous in a decade's time.
Yes, it is a field where you must keep your skills up to date and be willing to switch jobs if market or other conditions dictate. If you stay in one position too long and let your skills stagnate you do run the risk of becoming obsolete.
Re: (Score:2)
Organized labor? Uh no, we're too smart for that.
LOL - OK buddy. In the UK, Directors have a union (Institute of Directors), business owners have a union (CBI), farm owners have a union (NFU - which actually comprises a lot of wealthy landowners, explaining the often right-leaning politics), doctors have a union (BMA), university lecturers have a union (UCU)... but you're too smart for that because you DO COMPUTERS. Carry on with that rat race!
I can't speak for everywhere else but where I live there are plenty of well-paying development jobs
Oh, that's all right then. And there were plenty in 1999, too.
and I've never seen the type of behavior you describe among my peers.
Then you work with your eyes closed. That sort of b
Re: (Score:2)
Because, of course, more competition between developers means a greater supply of willing labour means... an increase in wages?
Your understanding of economics - it is broken.
Re: (Score:3)
You forgot; "Include on portfolio or website a complete implementation of the latest cool thing I saw in a magazine on an airplane."
Most of the jobs I've seen that are still open are either; "We are just trolling to get personal information" or "Seriously, we do absolutely nothing at this company and figured the WHOLE PACKAGE would just drop in and take care of making a product for us. However we do have HR department to tell you not to make any jokes during work hours and a company email which will send yo
Re: (Score:2)
I'm going to start putting down that I've got 50 years of iPhone programming experience.
Honestly, I've really only watched two 'iTunes University' video podcasts on the subject, but I'm showing my prowess in marketing and echoing that rock solid "fast advancement for employees with a go-getter attitude" by applying that same positive attitude and respect for the truth to my resume.
Re: (Score:1)
Whyyyyyyyyyyyyy are people employed on the basis of skill with specific ephemeral brands.
You want their brains, not their.. oh never mind. This is why I am out of the software business.
Measuring brains is hard. For example, phrenology gives only a crude estimate.
Re: (Score:2)
You are right that phrenology, IQ tests, generic aptitude tests, etc. are inappropriate measures of ability.
But actually taking time to look at what went into fulfillling particular qualifications, experience, hobbies is relevant and very possible. Relevant technical interviews which test general engineering skills and probationary periods are also valuable.
Re: (Score:1)
Re:Another one... (Score:4, Insightful)
Because some people are ephemeral too.
If I want to hire someone I'll be firing in a year, I couldn't care less about his skills other than exactly what I want him to do during that year.
Re: (Score:2)
I wouldn't describe "number of years you've dablled in [package]" as a skill. I've dabbled in loads of things for 20+ years, but it says very little about my skill with them. What is more, anyone who sees "10+ years experience with [package]" is going to edit their CV to emphasise their experience with [package].
OTOH, I am quite competent with tools I've spent far less time with, because I've had to apply my skills to producing clever shit.
Re: (Score:2)
I'd argue if you're hiring just to fire someone in a year -- and you know this in advance -- you're doing it wrong.
Re: (Score:2)
Go for Chef / Puppet, because you will never find people with the other ones skills.
My workplace uses Salt. Just saying.
Re: (Score:2)
that's because they don't want you to learn the transferable skills that make you attractive to other employers. Just saying :)
Re: (Score:2)
Actually, you couldn't be further from the truth! :)
Salt was my recommendation based on an evaluation of the options at the time. It was selected as the best fit for the company requirements, yes, not for my own personal benefit. I'm sure that other professionals would do the same.
If there aren't currently many job advertisements for people with Salt experience, I can only imagine that it's because the technology is still relatively new so hasn't been a configuration management candidate at many companies u
Re: (Score:2)
I would think someone with Python programming skills and experience with Puppet/Chef should be able to use Ansible or Salt just fine.
Re: (Score:3)
Go for Chef / Puppet, because you will never find people with the other ones skills.
you know, skills are learned, not born with.... you people with a little brain and dedication will learn whatever skill its needed
Re: (Score:3)
You know, it's funny. I manage a software development team that uses Scala to build a pretty big distributed system.
Nobody on this team knew Scala when the team decided it wanted to use Scala to build this product. We still don't actually prioritize Scala as a skillset for developers we look to hire.
It turns out that smart, experienced, people tend to be able to learn whatever particularities of whatever your choice of product pretty reasonably quickly. It's hard enough to find good developers, so we foc
Re: (Score:2)
I have learned that when an employer is particularly looking for people with experience using an APPLICATION, don't bother.
Re: (Score:2)
Re: (Score:2)
Hell. Yes. Email me at slashdot20131122@ols.inorganic.org if you're interested in the details.
I think I'll pass (Score:1)
This guy just doesn't have what it takes to provide usefulness or utility in his columns. In fact, he's probably responsible for more than a little corporate stupidity, thanks to CIOs blithely following his "advice".
Re: (Score:1)
He misses more than he covers. He doesn't even mention the various convergence models; for example, Puppet has no implicit dependencies between actions, so you can't rely on it running the same acti
Re: (Score:2)
There were links in the article to articles about the individual products behind a paywall, I would assume they are more detailed.
Re: (Score:2)
Re: (Score:2)
OK, whatever it is. I just knew I didn't want to look any further ;-)
Security? (Score:1)
What about security? Like Salt with its "homemade cryptography" https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc
Re: (Score:2, Informative)
It's a Thai name.
cdist (Score:1)
I've recently been playing around with cdist, which is another configuration management framework.
Configuration is done via shell (sh) scripts instead of XML or some other wacky language. I liked this flexibility. Of course, flexibility comes at the expense of simplicity: the base feature set is small so you end up having to write a lot of code, and the shell scripts you end up writing are really ugly because you have to use their weird constructs. Still, it was pretty easy to learn.
The requirements are rea
Puppet Vs. Chef Vs. Ansible Vs. Salt (Score:4, Insightful)
Article did not contain the review I expected. Would not read again. 0 stars.
Re: (Score:2)
Insightful?
Advanced Puppet (Score:3, Interesting)
I prefer Puppet, but I don't think it's perfect. As a result, I've written some complicated hacks do to complicated things that aren't directly possible in core. I still think Puppet is the closest thing to being right.
Feel free to look through my articles and hacks: https://ttboj.wordpress.com/ [wordpress.com]
Most code available at: https://github.com/purpleidea/ [github.com]
Puppet Vs. Chef Vs. Ansible Vs. Salt (Score:1)
Re:Puppet Vs. Chef Vs. Ansible Vs. Salt (Score:4, Interesting)
Re: (Score:1)
One reason to prefer Puppet over Ansible is that Puppet tries to add a declarative language layer. This (hopefully) lets you reason at a higher level about the configuration. Ansible is just fancy SSH. In some cases Ansible can be quite useful. But I think we're comparing apples to flamethrowers.
Re: (Score:2)
Salt and Ansible both support/use Yaml as a template language as a declarative language.
Re: (Score:1)
I don't know enough about Salt, but from what I know about Ansible, they don't separate the execution of the declarative language between server and client the way Puppet does. IMHO, this is a clever separation.
Then Puppet adds in exported resources and other magic.
Re: (Score:2)
Yeah, I love puppet's JSON interface which is royally fucked up because if you write legal JSON, then puppet doesn't work. You have to use their fucked up version of JSON. I know they have a Ruby interface now too but it wouldn't surprise me if they fucked that up as well. Seriously, how do you fuck up JSON?!?!
Re: (Score:1)
I'm not sure if you're serious or trolling, but you're not supposed to "write json".
You write in the Puppet DSL and/or Ruby. Puppet does the rest.
Re: (Score:3)
Ansible and Salt are very similar. Both are written (mostly) in Python.
What Ansible already had (yaml templates and agent-less/ssh), Salt now also supports (Salt supports multiple templates languages with Yaml as the default I believe).
What Salt has (zmq transport), Ansible now supports (fireball mode).
Re: (Score:3)
You're seriously presenting your quick google search and no actual knowledge of these products as something we should pay attention to? And your criteria for a deployment system is that they have online support??!?!? Are you even in the market for these products, have you ever used one, and do you know what they do?
I've used Ansible and it's pretty good, really straightforward, plenty o
Re: (Score:2)
The little bird is Twitter not Facebook.
[John]
Re: (Score:2)
Agreed. Just being picky :)
[John]
Ansible lol... (Score:5, Interesting)
Am I the only one who saw Ansible in the article and was expecting a discussion about FTL communications?
Re: (Score:2)
I was right there with you, thinking "what does puppet, chef and salt have to do with Enders Game?"
Re:Ansible lol... (Score:5, Informative)
Well, I didn't throw Ender's Game out there because Orson Scott Card's use of it was one of the latter references. Ursul K. Le Guin came up with it in Rocannon's World, and her 1974 novel "The Dispossessed" works through the invention of it.
OSC borrowed the term.
Re: (Score:2)
And I learned something new today - reading list adjusted!
Comment removed (Score:5, Interesting)
Offtopic (Re: your tagline.) (Score:1)
Good people go to bed earlier.
Lately I've started going to bed about 4 in the morning. (Severed.) Assuming you go to bed about 9 or 10 at night, that must means I'm MUCH gooder than you.
Great comparison, BTW.
Security concerns and efficiency... (Score:5, Insightful)
This stuff is overdue in smaller shops - stay with me on this for a second. The smaller guys need to become more efficient and secure, and automation really helps. Potentially the small end could benefit MORE from automation than the big guys already have - automation is a much more disciplined and useful form of sharing information. Docs are often incorrect or incomplete - automation imposes discipline, and also allows the author to benefit from the end result. Time savings for everyone are often huge.
I'm regularly on #fusiondirectory on FreeNode (IRC) along with a few others who are working towards this kind of thing (using the Munich software as a base). Anyone else wanting to join us is welcome.
Build your own packages (Score:2)
rhel-only shop, I've had good luck just packaging my own stuff and using yum with my own repositories. Then keeping each server up to date is a simple matter of 'yum clean all & yum groupupdate whatevergroups'
Serverless Puppet (Score:3)
The reason I use Salt.. (Score:2)
I am using this t
Pfft. Old news. Let's talk META-tools! (Score:2)
How well do ANY of these handle Windows? (Score:2)
Puppet *sigh* (Score:1)
The only reason to choose Puppet over Chef is if you are a sysadmin who can't program. Choose Salt if you prefer Python over Ruby.
Re: (Score:2)
orÂchesÂtraÂtion (Ãrk-strshn)
2. Arrangement or control: orchestration of events.
Is most common use is for musical arrangement, but it really roughly means "organising things".
Re: (Score:2)
orchestration (ôrk-strshn)
n.
1. a. A musical composition that has been orchestrated.
b. Arrangement of music for performance by an orchestra.
2. Arrangement or control: orchestration of events.
Try reading a bit.
Re: (Score:2)
Well, there is nothing which keeps it directly tied to Ubuntu. But it basically is right now.