Puppet vs. Chef vs. Ansible vs. SaltStack
【转载】http://www.intigua.com/blog/puppet-vs.-chef-vs.-ansible-vs.-saltstack
Puppet vs. Chef vs. Ansible vs. SaltStack
Puppet, Chef, Ansible and SaltStack present different paths to achieve a common goal of managing large-scale server infrastructure efficiently, with minimal input from developers and sysadmins. All four configuration management tools are designed to reduce the complexity of configuring distributed infrastructure resources, enabling speed, and ensuring reliability and compliance. This article explores the mechanism, value propositions and concerns pertaining to each configuration management solution.
If you use any of these tools (or other config management tools such as MS SCCM, Tivoli Provisioning Manager or BladeLogic), you'll want to see how Intigua fills a big gap they have: managing server tool agents. Learn more.
Puppet
Puppet is a pioneering configuration automation and deployment orchestration solution for distributed apps and infrastructure. The product was originally developed by Luke Kanies to automate tasks for sysadmins who would spend ages configuring, provisioning, troubleshooting and maintaining server operations.
This open source configuration management solution is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, and offers a declarative paradigm programming approach. Puppet uses an agent/master architecture—Agents manage nodes and request relevant info from masters that control configuration info. The agent polls status reports and queries regarding its associated server machine from the master Puppet server, which then communicates its response and required commands using the XML-RPC protocol over HTTPS. This resource describes the architecture in detail. Users can also set up a master-less and de-centralized Puppet setup, as described here.
The Puppet Enterprise product offers the following capabilities:
- Orchestration
- Automated provisioning
- Configuration automation
- Visualization and reporting
- Code management
- Node management
- Role-based access control
Pros:
- Strong compliance automation and reporting tools.
- Active community support around development tools and cookbooks.
- Intuitive web UI to take care of many tasks, including reporting and real-time node management.
- Robust, native capability to work with shell-level constructs.
- Initial setup is smooth and supports a variety of OSs.
- Particularly useful, stable and mature solution for large enterprises with adequate DevOps skill resources to manage a heterogeneous infrastructure.
Cons:
- Can be difficult for new users who must learn Puppet DSL or Ruby, as advanced tasks usually require input from CLI.
- Installation process lacks adequate error reporting capabilities.
- Not the best solution available to scale deployments. The DSL code can grow large and complicated at higher scale.
- Using multiple masters complicates the management process. Remote execution can become challenging.
- Support is more focused toward Puppet DSL over pure Ruby versions.
- Lacks push system, so no immediate action on changes. The pull process follows a specified schedule for tasks.
Pricing
Puppet Enterprise is free for up to 10 nodes. Standard pricing starts at $120 per node. (Get more info here.)
Chef
Chef started off as an internal end-to-end server deployment tool for OpsCode before it was released as an open source solution. Chef also uses a client-server architecture and offers configuration in a Ruby DSL using the imperative programming paradigm. Its flexible cloud infrastructure automation framework allows users to install apps to bare metal VMs and cloud containers. Its architecture is fairly similar to the Puppet master-agent model and uses a pull-based approach, except that an additional logical Chef workstation is required to control configurations from the master to agents. Agents poll the information from master servers that respond via SSH. Several SaaS and hybrid delivery models are available to handle analytics and reporting.
Chef products offer the following capabilities:
- Infrastructure automation
- Cloud automation
- Automation for DevOps workflow
- Compliance and security management
- Automated workflow for Continuous Delivery
Pros:
- One of the most flexible solutions for OS and middleware management.
- Designed for programmers.
- Strong documentation, support and contributions from an active community.
- Very stable, reliable and mature, especially for large-scale deployments in both public and private environments.
- Chef offers hybrid and SaaS solutions for Chef server, analytics and reporting.
- Sequential execution order.
Cons:
- Requires a steep learning curve.
- Initial setup is complicated.
- Lacks push, so no immediate action on changes. The pull process follows a specified schedule.
- Documentation is spread out, and it can become difficult to review and follow.
Pricing
A free solution is available to get you started. Pricing starts at $72 per node for the standard Hosted Chef, and is $137 per node for the top-of-the-range Chef Automate version. (Get more info here.)
Ansible
As a latest entrant in the market compared with Puppet, Chef and Salt, Ansible was developed to simplify complex orchestration and configuration management tasks. The platform is written in Python and allows users to script commands in YAML as an imperative programming paradigm. Ansible offers multiple push models to send command modules to nodes via SSH that are executed sequentially. Ansible doesn’t require agents on every system, and modules can reside on any server. A centralized Ansible workstation is commonly used to tunnel commands through multiple Bastion host servers and access machines in a private network.
Ansible products offer the following capabilities:
- Streamlined provisioning
- Configuration management
- App deployment
- Automated workflow for Continuous Delivery
- Security and Compliance policy integration into automated processes
- Simplified orchestration
Pros:
- Easy remote execution, and low barrier to entry.
- Suitable for environments designed to scale rapidly.
- Shares facts between multiple servers, so they can query each other.
- Powerful orchestration engine. Strong focus on areas where others lack, such as zero- downtime rolling updates to multi-tier applications across the cloud.
- Easy installation and initial setup.
- Syntax and workflow is fairly easy to learn for new users.
- Sequential execution order.
- Supports both push and pull models.
- Lack of master eliminates failure points and performance issues. Agent-less deployment and communication is faster than the master-agent model.
- High security with SSH.
Cons:
- Increased focus on orchestration over configuration management.
- SSH communication slows down in scaled environments.
- Requires root SSH access and Python interpreter installed on machines, although agents are not required.
- The syntax across scripting components such as playbooks and templates can vary.
- Underdeveloped GUI with limited features.
- The platform is new and not entirely mature as compared to Puppet and Chef.
Pricing
The Self-Support offering starts at $5,000 per year, and the Premium version goes for $14,000 per year for 100 nodes each. (Get more info here.)
SaltStack
Salt was designed to enable low-latency and high-speed communication for data collection and remote execution in sysadmin environments. The platform is written in Python and uses the push model for executing commands via SSH protocol. Salt allows parallel execution of multiple commands encrypted via AES and offers both vertical and horizontal scaling. A single master can manage multiple masters, and the peer interface allows users to control multiple agents (minions) directly from an agent. In addition to the usual queries from minions, downstream events can also trigger actions from the master. The platform supports both master-agent and de-centralized, non-master models. Like Ansible, users can script using YAML templates based on imperative paradigm programming. The built-in remote execution system executes tasks sequentially.
SaltStack capabilities and use cases include:
- Orchestration and automation for CloudOps
- Automation for ITOps
- Continuous code integration and deployment
- Application monitoring and auto-healing
- DevOps toolchain workflow automation with support for Puppet, Chef, Docker, Jenkins, Git, etc.
- … And several other use cases.
Pros:
- Effective for high scalability and resilient environments.
- Easy and straightforward usage past the initial installation and setup.
- Strong introspection.
- Active community and support.
- Feature-rich and consistent YAML syntax across all scripting tasks. Python offers a low learning curve for developers.
Cons:
- Installation process may not be smooth for new users.
- Documentation is not well managed, and is challenging to review.
- Web UI offers limited capabilities and features.
- Not the best option for OSs other than Linux.
- The platform is new and not entirely mature as compared to Puppet and Chef.
Pricing:
Contact SaltStack for pricing.
Conclusion
Each platform is aimed at a different user segment within the same target market. DevOps teams investing in configuration management solutions must consider unique requirements around their workflows to maximize ROI and productivity. To select the right configuration management solution that fits your organization, consider the architecture and operation model, features, and usability and support, among other key technical and business aspects.
Image source: https://pixabay.com/en/computer-cloud-datacenter-server-161933/
Author Bio
Ali Raza is a DevOps consultant who analyzes IT solutions, practices, trends and challenges for large enterprises and promising new startup firms.
Topics: chef, puppet, server management tools,Configuration Management, saltstack, ansible