Ninja, choose your weapon!

Puppet vs. Chef vs. Ansible vs. Salt

DevOps isn’t about Tools

DevOps is all about Tools

Or maybe:

"We shape our tools. And then our tools

shape us.”

Marshall McLuhan

Weapons of Mass

Configuration

• Manage configuration of thousands of

servers

• Automation and orchestration

• Infrastructure as Code

Tools vs. no Tools

vs.

The Good Tool

• One you’re comfortable with :)

• Flexible

• Extendable

• Scalable

• Community-supported

• Integrate-able

Puppet

Since: 2005

Written in: Ruby

Developed by: Puppetlabs

Configuration: Puppet-specific declarative

language (json-like). Model-driven.

Manages: > 10 mln nodes (acc. to Puppetlabs)

Puppet

Puppet master

agent agent agent

XMLRPC over HTTPS

Puppet Concepts

Resources: files, services, packages,

users…

Facts: managed system properties

Manifests: Puppet programs

Classes: collections of resource

definitions

Modules: classes + accompanying data

Puppetforge.com: 3326 community

modules

Puppet Features

• Configuration Management

• Automatic Discovery (MCollective)

• Orchestration (MCollective)

• Provisioning (w/Foreman or Razor)

Puppet Code:

class ntp {

case $operatingsystem {

centos, redhat: {

$service_name = 'ntpd'

$conf_file = 'ntp.conf.el'

}

debian, ubuntu: {

$service_name = 'ntp'

$conf_file = 'ntp.conf.debian'

}

}

package { 'ntp':

ensure => installed,

}

file { 'ntp.conf':

path => '/etc/ntp.conf',

ensure => file,

require => Package['ntp'],

source => "/root/examples/answers/${conf_file}"

}

service { 'ntp':

name => $service_name,

ensure => running,

enable => true,

subscribe => File['ntp.conf'],

}

}

Puppet Web UI Options

• Puppet Enterprise (commercial)

• Foreman

• PuppetBoard ( reporting only )

Puppet in a Nutshell

• The Most Mature (of the four reviewed)

• ‘Pull’ mode of operation, but push also

supported

• Enterprise Features (Event Inspection,

Automatic Discovery, Access Control)

• Largest Ecosystem (Foreman,

PuppetBoard)

• A Language of its Own

• Less flexible

• Easy to start with, gets complicated

further along.

Chef

Since: 2009

Written in: Ruby+Erlang

Developed by: Chef ( formerly Opscode )

Configuration: pure Ruby DSL - procedural

Chef

Chef Concepts

Resources: files, services, packages, users…

Recipes: Chef programs

Cookbooks: recipes + accompanying data

Databags: global variables

supermarket.chef.io: 2061 cookbooks

Chef Code

case platform

when "ubuntu","debian"

default[:ntp][:service] = "ntp"

when "redhat","centos","fedora","scientific"

default[:ntp][:service] = "ntpd"

end

package "ntp" do

action [:install]

end

template "/etc/ntp.conf" do

source "ntp.conf.erb"

variables( :ntp_server => "time.nist.gov" )

notifies :restart, "service[ntpd]"

end

service "ntpd" do

action [:enable,:start]

end

Chef Web UI Options

• OpenSource WebUI - deprecated

• Enterprise Chef - commercial, basic

Chef in a Nutshell

• Flexible, powerful

• Enterprise Features (HA, Analytics, etc)

• Pure Ruby DSL

• Steep learning curve

• Push feature still in beta

Ansible

Since: 2012

Written in: Python

Developed by: Ansible Works inc.

Configuration: yaml

Motto: Simple IT Automation

Ansible

Controlling

machine

node node node

json over ssh

Agentless!!!

Ansible Concepts

• Inventory: a list of hosts and host groups

• Ad-hoc commands: ansible all -a "/bin/echo

hello"

• Playbooks: configuration scenarios

• Modules: control system resources and

execute commands. Can be written in any

language!

• Roles: playbook and accompanying data

• ansible-galaxy.com: 3124 roles

Ansible Code

hosts: all

#ntp service name defined in ntp.yml

vars_files: ntp.yml

tasks:

- name: Install ntp package

yum: name=ntp state=latest

sudo: yes

- name: Starting ntp service

service: name={{ ntp_service_name }} state=started

sudo: yes

Ansible Web UI

• Ansible Tower (commercial)

Ansible in a Nutshell

• Simple

• Lightweight

• Agentless (SSH)

• Windows support still immature.

• yaml DSL can be tricky to use

• Not the best performance. (Slow)

Salt

Since: 2011

Written in: Python

Developed by: SaltStack inc.

Configuration: yaml (with jinja for logic)

Motto: Speed, scalability and flexibility

Salt

master

minion minion minion

ZeroMq

Can also be masterless!

Salt Concepts

• Commands: salt '*' disk.usage

• Modules: control system resources and

execute commands. Can be written in Python

or Cython

• States: configuration scenarios

• Grains: facts about the managed nodes

• Pillars: globally accessed data

• Community Modules and State Trees:

saltstarters.org

Salt Code

# Include :download:`map file <map.jinja>` of OS-specific

package names and

# file paths. Values can be overridden using Pillar.

{% from "ntp/map.jinja" import ntp with context %}

ntp:

pkg.installed:

- name: {{ ntp.client }}

{% set ntp_conf_src = salt['pillar.get']('ntp:ntp_conf') -%}

{% if ntp_conf_src %}

ntp_conf:

file.managed:

- name: {{ ntp.ntp_conf }}

- template: jinja

- source: {{ ntp_conf_src }}

- require:

- pkg: ntp

{% endif %}

Salt Web UI

• Halite: free, in pre-alpha

Salt in a Nutshell

• Fast

• Super-scalable

• Easily Extensible (renderers, returners, etc)

• Python API

• Push mode by default

• In Active Development

• Free (although raw) web ui

Summary

• Puppet: features, WebUI, maturity -

• better for devs

• Chef: flexibility, Ruby

• better for devs

• Ansible: simplicity, agentless

• better for ops

• Salt: scalability, flexibility, robustness, Python,

• better for ops

Thank you!

vs.