Ninja, choose your weapon!

Puppet vs. Chef vs. Ansible vs. Salt

About me

Ant(on) Weiss DevOps Evangelist&Enabler, CI/CD/ALM Expert

ant.weiss@gmail.com - twitter: @antweiss http://otomato.wordpress.com

DevOps isn’t about Tools

But they definitely help!

DevOps is all about Tools

"We shape our tools. And then our tools shape us.”

Marshall McLuhan

Weapons of Mass Configuration

• Manage configuration of thousands of servers

• Automation and orchestration

• Infrastructure as Code

Tools vs. no Tools

vs.

The Good Tool• One we are comfortable with

• Flexible

• Extendable

• Scalable

• Community-supported

• Integrate-able

PuppetSince: 2005

Written in: Ruby

Developed by: Puppetlabs

Configuration: Puppet-specific declarative language (Ruby-based) or pure Ruby. Model-driven.

Manages: > 10 mln nodes (acc. to Puppetlabs)

Puppet

Puppet master

agent agent agent

XMLRPC over HTTPS

reportreport

report

Puppet Concepts

Resources: files, services, packages, users…

Manifests: Puppet programs

Classes: collections of resource definitions

Modules: classes + accompanying data

Puppetforge.com: 3326 community modules

Puppet Features

• Configuration Management

• Automatic Discovery (MCollective)

• Orchestration (MCollective)

• Provisioning (w/Foreman or Razor)

Puppet Code: class ntp { case $operatingsystem { centos, redhat: { $service_name = 'ntpd' $conf_file = 'ntp.conf.el' } debian, ubuntu: { $service_name = 'ntp' $conf_file = 'ntp.conf.debian' } } package { 'ntp': ensure => installed, } file { 'ntp.conf': path => '/etc/ntp.conf', ensure => file, require => Package['ntp'], source => "/root/examples/answers/${conf_file}" } service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'], } }

Puppet Web UI Options

• Puppet Enterprise (commercial for > 10 nodes)

• Foreman

• PuppetBoard ( reporting only )

Puppet in a Nutshell• The Most Mature (of the four reviewed)

• ‘Pull’ mode of operation, but push also supported

• Enterprise Features

• Largest Ecosystem (Foreman, PuppetBoard)

• A Language of its Own

• Less flexible

• Easy to start with, gets complicated further along.

Chef

Since: 2009

Written in: Ruby+Erlang

Developed by: Chef ( formerly Opscode )

Configuration: pure Ruby DSL - procedural

Chef

Chef Concepts

Resources: files, services, packages, users…

Recipes: Chef programs

Cookbooks: recipes + accompanying data

Databags: global variables

supermarket.chef.io: 2061 cookbooks

Chef Codecase platform

when "ubuntu","debian"

default[:ntp][:service] = "ntp"

when "redhat","centos","fedora","scientific"

default[:ntp][:service] = "ntpd"

end

package "ntp" do

action [:install]

end

template "/etc/ntp.conf" do

source "ntp.conf.erb"

variables( :ntp_server => "time.nist.gov" )

notifies :restart, "service[ntpd]"

end

service "ntpd" do

action [:enable,:start]

end

Chef Web UI Options

• OpenSource WebUI - deprecated

• Enterprise Chef - commercial, basic

Chef in a Nutshell• Flexible, powerful

• Enterprise Features (HA, Analytics)

• Pure Ruby DSL

• Steep learning curve

• Push feature still in beta

Ansible

Since: 2012

Written in: Python

Developed by: Ansible Works inc.

Configuration: yaml+jinja

Motto: Simple IT Automation

Ansible

Controlling machine

node node node

reportreport

json over ssh

Agentless!!!

Ansible Concepts• Inventory: a list of hosts and host groups

• Ad-hoc commands: ansible all -a "/bin/echo hello"

• Playbooks: configuration scenarios

• Modules: control system resources and execute commands. Can be written in any language!

• Roles: playbook and accompanying data

• ansible-galaxy.com: 3124 roles

Ansible Code hosts: all

#ntp service name defined in ntp.yml

vars_files: ntp.yml

tasks:

- name: Install ntp package

yum: name=ntp state=latest

sudo: yes

- name: Starting ntp service

service: name={{ ntp_service_name }} state=started

sudo: yes

Ansible Web UI

• Ansible Tower (commercial)

Ansible in a Nutshell• Simple

• Lightweight

• Agentless (SSH)

• Windows support still immature.

• yaml DSL can be tricky to use

• Not the best performance. (Slow)

Salt

Since: 2011

Written in: Python

Developed by: SaltStack inc.

Configuration: yaml+jinja

Motto: Speed, scalability and flexibility

Salt

master

minion minion minion

reportreport

ZeroMq

Can also be masterless!

Salt Concepts• Commands: salt '*' disk.usage

• Modules: control system resources and execute commands. Written in Python or Cython.

• States: configuration scenarios

• Grains: facts about the managed nodes

• Pillars: globally accessed data

• Community State Trees & Modules: saltstarters.org

Salt Code # Include :download:`map file <map.jinja>` of OS-specific package names and

# file paths. Values can be overridden using Pillar.

{% from "ntp/map.jinja" import ntp with context %}

ntp:

pkg.installed:

- name: {{ ntp.client }}

{% set ntp_conf_src = salt['pillar.get']('ntp:ntp_conf') -%}

{% if ntp_conf_src %}

ntp_conf:

file.managed:

- name: {{ ntp.ntp_conf }}

- template: jinja

- source: {{ ntp_conf_src }}

- require:

- pkg: ntp

{% endif %}

Salt Web UI

• Halite: free, in pre-alpha

Salt in a Nutshell• Fast

• Super-scalable

• Easily Extensible (renderers, returners, etc)

• Python API

• Push mode by default

• In Active Development

• Documentation Needs Improvement

Summary• Puppet: features, WebUI, maturity, ecosystem

• better for devs

• Chef: flexibility, Ruby

• better for devs

• Ansible: simplicity, agentless, yaml, Python

• better for ops

• Salt: scalability, flexibility, robustness, Python

• better for ops

Stop breaking your teeth!

vs.