Configuration Management: 4 Tools Reviewed
Convergence quatro: Chef v. Ansible v. Puppet v. Salt
Knowing your destination and deducing the best route to arrive there is as effective for traveling through unfamiliar territory as it is for configuring distributed computer system architecture.
That’s why drivers embrace GPS and system designers endorse configuration management tools (CMT).
Most CMTs are based on identifying a fixed point — that is, the final condition desired — and then configuring the process by which to achieve that condition. This process, known as convergence, is the primary purpose behind a CMT’s automated maintenance of OS config files for computer systems and their components (e.g., unified server, desktop and device management, and embedded networked devices, mobile smartphones, and tablet computers.)
Current, popular configuration management tools include Chef, Ansible, Puppet, and SaltStack. All are categorized as “infrastructure as code” (IaC), whereby computer infrastructure is configured and maintained through machine-processable definition files. Each CMT has its own merits and limitations.
The following summaries can begin to help you assess the best CMT for your architecture.
Chef
Chef, written in domain-specific language Ruby or Erlang, streamlines system configuration tasks through “recipes” that handshake with cloud-based platforms (such as Linode, Amazon EC2, Google Cloud and Microsoft Azure) to automatically provision and configure new servers.
A Chef recipe circumscribes server application as well as utilities management and configuration. Recipes define conditions for individual resources: packages needing installation, services needing execution, or files needing development; and can can be collected into a “cookbook” for comprehensive configuration management.
Recipes can tailor a resource to a specific software version and ensure that software is installed in proper sequence based on dependencies. Chef then audits each resource configuration and necessarily adjusts any resource to attain the desired state.
Chef can run in client/server mode, allocating configuration tasks among distributed servers, or in a standalone configuration named “chef-solo.” Either way, it provides keen perspective about what’s running on your network.
Chef’s recurrent system analysis and automated, spec reconciliation deliver an integrated, holistic view of system infrastructure — a means for judicious system administration.
Puppet
Another declarative tool similar to Chef, Puppet also manages Unix-like and Microsoft Windows system configurations.
System resources and their state, as described by the user through Puppet’s language or a Ruby DSL, are stored in files called Puppet Manifests. An intrinsic utility, Facter, then compiles the manifests into system-specific catalogs comprising resources and resource dependencies.
These criteria are applied to a targeted system via the client-server model. Subsequent actions taken by Puppet are then reported back to the user, who uses the report’s findings to enforce the resource’s operation.
This resource abstraction layer lets a sysadmin describe the configuration in high-level terms (e.g., users, services, packages) without being contingent on specific OS commands (e.g., rpm, yum, apt).
Model-driven, Puppet is simple to use and requires minimal programming chops to run effectively.
Ansible
Python-based Ansible is a free and open-source server configuration and management platform that enables multi-node software deployment and ad hoc task execution. It securely manages Python-2.4-installed nodes over SSH (for Linux) or PowerShell (for Windows).
Ansible’s modules, written in any programming language, work on both JSON and standard output. The system uses YAML to express reusable descriptions.
Ansible can be found in the Fedora distro repository, and is further available for other OSs, including (among others) Red Hat Enterprise Linux, CentOS, and Scientific Linux.
Ansible operates on the principle that systems should not impose additional dependencies on an environment. Consequently, Ansible runs on what’s called agentless architecture, where nodes needn’t install and run background daemons to connect with a controlling machine.
In agent-based architecture found in Chef and Puppet, nodes must have a locally installed daemon that communicates with a controlling machine. This lighter-weight architecture trims network overhead by prohibiting nodes from polling the controlling machine.
As a configuration manager, Ansible aims to be minimal, secure, highly reliable, and easy to learn.
Saltstack
The open-sourced, Python-based SaltStack platform, or simply, Salt, serves not only as a configuration management tool but also as a remote execution engine. Salt’s event-driven design embraces high modularity, which can maintain remote nodes in defined states.
Salt effects Python modules that handle specific conditions within available Salt systems. These modules can detach and modify internal Salt interactions to meet proprietary demands of a system administrator/developer, thus ensuring installation of specific packages and execution of specific services where and when needed.
The Salt system categorizes half a dozen module types, each of which manages the remote execution and state management behavior of Salt. Modules can be added to any of the systems that support dynamic modules.
These six modules constitute the basis for Salt’s four essential functions:
- To enable commands to remote systems to be called in parallel rather than serially
- To use a secure and encrypted protocol
- To use the smallest and fastest network payloads possible
- To provide a simple programming interface
Salt is fast to work, easy to configure, exceedingly malleable and provides a single, remote-execution architecture that can manage the diverse requirements of any sized cloud-based computer system.
CMTs are essential to performance optimization in any distributed computer system. Four compelling tools. Learn more. Choose best.
This article was written by our Content Marketing Editor, @KeithAlanCraig. Let him know on Twitter which Config Mgt tool you prefer to use the most!
