Ansible, Puppet, Chef, Salt: What Should I Use?

Archive article - published on March 27 2020

In the world of IT, where more and more companies are migrating to the Cloud and expanding at global scales, configuration management (CM) tools have emerged as a critical part of any system deployment.

CM tools are designed to automate the configuration and maintenance of multiple networked systems. As a result they can help companies use playbooks, templates and other tools to simplify automation and coordination across an IT environment to provide a seamless deployment.

Companies looking to choose a Configuration Management solution should consider the following:

  • The tool model – Some require a master-client model, which uses a central control point to communicate with distributed machines. Others operate on a local level with a server-based host.
  • Environment – Consider the dominant language of your existing system and the institutional knowledge and skills of your team.

Root Level Technology (RLT) looked at the four top CM software tools; Ansible, Chef, Puppet and SaltStack, to determine which solution is the best fit for companies contemplating a CM deployment. Several years ago, Josh Dreyfuss, writing for the OverOps blog, compared these four CM solutions. His research contributed to our evaluation.

Ansible

A simple solution that uses SSH. It offers several other services in addition to configuration management, such as workflow monitoring, automated app deployment for updates and more. Ansible, written in Python, has strong security features and focuses on five foundational principles: A small learning curve; ease of use; automation for most elements; efficiency and strong security.

Ansible is an open-source program that is user-friendly for most developers and also offers an enterprise version. With more than a quarter-million downloads per month, Ansible is the most popular open-source automation tool on GitHub today.

No special coding skills are required to use Ansible. Tasks are executed in order and it features an agentless architecture.

Ansible is used to deploy applications to remote nodes and servers in a repeatable way. It provides a common framework for pushing multi-tier applications and applications artifacts using a push model setup. It can be configured as a master-client system. Ansible is built on playbooks that can be applied to an extensive variety of systems.

When to use it: If time and simplicity matter most, Ansible is a sound solution. No need for agents on remote nodes or managed servers. If you are more focused on the system administrator side of the house, Ansible offers a streamlined solution.

Pros:

  • SSH-based. No need for agents or remote nodes
  • Easy learning curve thanks to the use of YAML
  • Playbook structure is simple and clearly structured
  • Variable registration feature enables tasks to register variables for later tasks
  • Much more streamlined code base than some other tools

Cons:

  • Less powerful than tools based in other programming languages
  • Logic comes through its DSL, which requires frequent checking on documentation
  • Variable registration is required for even basic functionality.That can make easier tasks more complicated
  • Difficult to see the values of variables within the playbooks
  • No consistency between formats of input, output, and config files
  • Struggles with performance speed at times

Puppet Labs

Starting out as a DevOps tool, Puppet has emerged as a viable CM tool as well. Written in Ruby with both open source and paid enterprise versions available, Puppet requires programmers with strong Ruby skills. It works with a variety of platforms.

A long-standing tool in the CM space, Puppet has been tested and proven in some of the most demanding environments. It uses a customized DSL, master-client setup and a model-driven approach. Puppet code design works as a list of dependencies.

When to use it: Puppet is a good choice if stability and maturity are key factors. Good for large enterprises with a wide range of skills on the DevOps team.

Pros:

  • Well-established support community through Puppet Labs
  • Mature interface and runs on nearly every OS
  • Simple installation and initial setup
  • Most complete Web UI in this space
  • Strong reporting capabilities

Cons:

  • Ruby-based CLI
  • Ruby support is declining
  • Code base can become complex
  • Model-driven approach means less control compared to code-driven approaches

Chef

Like Puppet, Chef is also available in an open-source or paid enterprise version. It is also written in Ruby and offers more than 800 different free modules. Programmers like the easy installation and features such as text-based search and support for multiple environments.

Its command-line interface, testing mode, and large database make it ideal for companies that need large storage capacity. Chef is highly customizable, accommodating the installation and creation of different modules. That makes it one of the most adaptable CM solutions on the market.

Chef is nine years old, an ancient in software development. It uses a master-agent model and in addition to a master server, requires a workstation to control the master. You can install it from the workstation using the “knife” tool that uses SSH for deployment, easing the installation burden. From there, managed nodes authenticate with the master through certificates.

The Chef design is transparent and based on instructions given. Requires instructions to be clear.

When to use it: Programmers familiar with Git and Ruby should consider Chef, since both are required for configuration. Chef is best suited for development-focused teams and environments looking for a more mature solution for a multi-tiered system.

Pros:

  • Rich collection of modules and configuration recipes
  • Code-driven approach provides control and flexibility configurations
  • Git foundations provides strong version control capabilities
  • “Knife” tool eases installation burdens

Cons:

  • Steep learning curve for non-Ruby users
  • Large code bases and complicated environments
  • Does not support push functionality

SaltStack

SaltStack is part of a larger application designed for enterprise-level operations. It uses minions – subprocesses that take commands from the main system – and reports results of those commands.

SaltStack has the capacity to support multiple hosts simultaneously and is adept at creating configuration files. Salt, like Ansible, has a small learning curve and is a good choice for companies with limited programming resources. It’s open source. This means it is easily extended and customizable. Salt can accommodate any language to render configurations, providing sufficient control over files.

SaltStack is CLI-based and can be configured as a master-client or non-centralized model. Based in Python, SaltStack offers a push method and an SSH method of communication. Salt allows for grouping of clients and configuration templates to simplify environmental control.

When to use it: Systems requiring scalability and resiliency should consider SaltStack as a Configuration Management solution. It’s well-suited for system administrators thanks to its usability.

Pros:

  • Straightforward organization and usage
  • Feature-rich DSL
  • Consistent input, output and configs – all YAML
  • Introspection is transparent
  • Strong community support
  • High scalability and resiliency master model with minions and hierarchical tiers.

Cons:

  • Challenging setup for new users
  • Documentation somewhat complex at introductory level
  • Web UI is newer and less complete than other tool’s Web UIs in the space
  • Not great support for non-Linux OS

Recommendation

Depending on the deployment and skills of staff, those looking for a Configuration Management solution could opt to use any of these four to manage deployment. RLT recommends Ansible as the best solution due to its relatively easy learning curve, timely implementation and masterless design, with only SSH dependencies.

Do you require assistance on your network or want to deploy your very own? Then click the button below to get started!

Eric
Share this post

Let’s just have a chat and see where this goes.

Book a meeting