Ninja, choose your weapon! Puppet vs. Chef vs. Ansible vs. Salt
Ninja, choose your weapon!
Puppet vs. Chef vs. Ansible vs. Salt
DevOps isn’t about Tools
DevOps is all about Tools
Or maybe:
"We shape our tools. And then our tools
shape us.”
Marshall McLuhan
Weapons of Mass
Configuration
• Manage configuration of thousands of
servers
• Automation and orchestration
• Infrastructure as Code
Tools vs. no Tools
vs.
The Good Tool
• One you’re comfortable with :)
• Flexible
• Extendable
• Scalable
• Community-supported
• Integrate-able
Puppet
Since: 2005
Written in: Ruby
Developed by: Puppetlabs
Configuration: Puppet-specific declarative
language (json-like). Model-driven.
Manages: > 10 mln nodes (acc. to Puppetlabs)
Puppet
Puppet master
agent agent agent
XMLRPC over HTTPS
Puppet Concepts
Resources: files, services, packages,
users…
Facts: managed system properties
Manifests: Puppet programs
Classes: collections of resource
definitions
Modules: classes + accompanying data
Puppetforge.com: 3326 community
modules
Puppet Features
• Configuration Management
• Automatic Discovery (MCollective)
• Orchestration (MCollective)
• Provisioning (w/Foreman or Razor)
Puppet Code:
class ntp {
case $operatingsystem {
centos, redhat: {
$service_name = 'ntpd'
$conf_file = 'ntp.conf.el'
}
debian, ubuntu: {
$service_name = 'ntp'
$conf_file = 'ntp.conf.debian'
}
}
package { 'ntp':
ensure => installed,
}
file { 'ntp.conf':
path => '/etc/ntp.conf',
ensure => file,
require => Package['ntp'],
source => "/root/examples/answers/${conf_file}"
}
service { 'ntp':
name => $service_name,
ensure => running,
enable => true,
subscribe => File['ntp.conf'],
}
}
Puppet Web UI Options
• Puppet Enterprise (commercial)
• Foreman
• PuppetBoard ( reporting only )
Puppet in a Nutshell
• The Most Mature (of the four reviewed)
• ‘Pull’ mode of operation, but push also
supported
• Enterprise Features (Event Inspection,
Automatic Discovery, Access Control)
• Largest Ecosystem (Foreman,
PuppetBoard)
• A Language of its Own
• Less flexible
• Easy to start with, gets complicated
further along.
Chef
Since: 2009
Written in: Ruby+Erlang
Developed by: Chef ( formerly Opscode )
Configuration: pure Ruby DSL - procedural
Chef
Chef Concepts
Resources: files, services, packages, users…
Recipes: Chef programs
Cookbooks: recipes + accompanying data
Databags: global variables
supermarket.chef.io: 2061 cookbooks
Chef Code
case platform
when "ubuntu","debian"
default[:ntp][:service] = "ntp"
when "redhat","centos","fedora","scientific"
default[:ntp][:service] = "ntpd"
end
package "ntp" do
action [:install]
end
template "/etc/ntp.conf" do
source "ntp.conf.erb"
variables( :ntp_server => "time.nist.gov" )
notifies :restart, "service[ntpd]"
end
service "ntpd" do
action [:enable,:start]
end
Chef Web UI Options
• OpenSource WebUI - deprecated
• Enterprise Chef - commercial, basic
Chef in a Nutshell
• Flexible, powerful
• Enterprise Features (HA, Analytics, etc)
• Pure Ruby DSL
• Steep learning curve
• Push feature still in beta
Ansible
Since: 2012
Written in: Python
Developed by: Ansible Works inc.
Configuration: yaml
Motto: Simple IT Automation
Ansible
Controlling
machine
node node node
json over ssh
Agentless!!!
Ansible Concepts
• Inventory: a list of hosts and host groups
• Ad-hoc commands: ansible all -a "/bin/echo
hello"
• Playbooks: configuration scenarios
• Modules: control system resources and
execute commands. Can be written in any
language!
• Roles: playbook and accompanying data
• ansible-galaxy.com: 3124 roles
Ansible Code
hosts: all
#ntp service name defined in ntp.yml
vars_files: ntp.yml
tasks:
- name: Install ntp package
yum: name=ntp state=latest
sudo: yes
- name: Starting ntp service
service: name={{ ntp_service_name }} state=started
sudo: yes
Ansible Web UI
• Ansible Tower (commercial)
Ansible in a Nutshell
• Simple
• Lightweight
• Agentless (SSH)
• Windows support still immature.
• yaml DSL can be tricky to use
• Not the best performance. (Slow)
Salt
Since: 2011
Written in: Python
Developed by: SaltStack inc.
Configuration: yaml (with jinja for logic)
Motto: Speed, scalability and flexibility
Salt
master
minion minion minion
ZeroMq
Can also be masterless!
Salt Concepts
• Commands: salt '*' disk.usage
• Modules: control system resources and
execute commands. Can be written in Python
or Cython
• States: configuration scenarios
• Grains: facts about the managed nodes
• Pillars: globally accessed data
• Community Modules and State Trees:
saltstarters.org
Salt Code
# Include :download:`map file <map.jinja>` of OS-specific
package names and
# file paths. Values can be overridden using Pillar.
{% from "ntp/map.jinja" import ntp with context %}
ntp:
pkg.installed:
- name: {{ ntp.client }}
{% set ntp_conf_src = salt['pillar.get']('ntp:ntp_conf') -%}
{% if ntp_conf_src %}
ntp_conf:
file.managed:
- name: {{ ntp.ntp_conf }}
- template: jinja
- source: {{ ntp_conf_src }}
- require:
- pkg: ntp
{% endif %}
Salt Web UI
• Halite: free, in pre-alpha
Salt in a Nutshell
• Fast
• Super-scalable
• Easily Extensible (renderers, returners, etc)
• Python API
• Push mode by default
• In Active Development
• Free (although raw) web ui
Summary
• Puppet: features, WebUI, maturity -
• better for devs
• Chef: flexibility, Ruby
• better for devs
• Ansible: simplicity, agentless
• better for ops
• Salt: scalability, flexibility, robustness, Python,
• better for ops
Thank you!
vs.