Puppet vs. Chef vs. Ansible vs. SaltStack

【转载】http://www.intigua.com/blog/puppet-vs.-chef-vs.-ansible-vs.-saltstack

Puppet vs. Chef vs. Ansible vs. SaltStack

By Ali
Raza    September 27, 2016



 Puppet, Chef, Ansible and SaltStack present different paths to achieve a common goal of managing large-scale server infrastructure efficiently, with minimal input from developers and sysadmins. All
four configuration management tools are designed to reduce the complexity of configuring distributed infrastructure resources, enabling speed, and ensuring reliability and compliance. This article explores the mechanism, value propositions and concerns pertaining
to each configuration management solution.

If you use any of these tools (or other config management tools such as MS SCCM, Tivoli Provisioning Manager or BladeLogic), you'll want to see how Intigua fills a big gap they have: managing server
tool agents. Learn more.

Puppet

Puppet is a pioneering
configuration automation and deployment orchestration solution for distributed apps and infrastructure. The product was originally developed by Luke
Kanies to automate tasks for sysadmins who would spend ages configuring, provisioning, troubleshooting and maintaining server operations.

This open source configuration management solution is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, and
offers a declarative paradigm programming approach. Puppet uses an agent/master architecture—Agents manage nodes and request relevant info from masters that control configuration info. The agent polls status reports and queries regarding its associated server
machine from the master Puppet server, which then communicates its response and required commands using the XML-RPC protocol over HTTPS. This
resource describes the architecture in detail. Users can also set up a master-less and de-centralized Puppet setup, as described here.

The Puppet Enterprise product offers the following capabilities:

Orchestration
Automated provisioning
Configuration automation
Visualization and reporting
Code management
Node management
Role-based access control

Pros:

Strong compliance automation and reporting tools.
Active community support around development tools and cookbooks.
Intuitive web UI to take care of many tasks, including reporting and real-time node management.
Robust, native capability to work with shell-level constructs.
Initial setup is smooth and supports a variety of OSs.
Particularly useful, stable and mature solution for large enterprises with adequate DevOps skill resources to manage a heterogeneous infrastructure.

Cons:

Can be difficult for new users who must learn Puppet DSL or Ruby, as advanced tasks usually require input from CLI.
Installation process lacks adequate error reporting capabilities.
Not the best solution available to scale deployments. The DSL code can grow large and complicated at higher scale.
Using multiple masters complicates the management process. Remote execution can become challenging.
Support is more focused toward Puppet DSL over pure Ruby versions.
Lacks push system, so no immediate action on changes. The pull process follows a specified schedule for tasks.

Pricing

Puppet Enterprise is free for up to 10 nodes. Standard pricing starts at $120 per node. (Get more info here.)

Chef

Chef started
off as an internal end-to-end server deployment tool for OpsCode before it was released as an open source solution. Chef also uses a client-server architecture and offers configuration in a Ruby DSL using the imperative programming paradigm. Its flexible cloud
infrastructure automation framework allows users to install apps to bare metal VMs and cloud containers. Its architecture is fairly similar to the Puppet master-agent model and uses a pull-based approach, except that an additional logical Chef workstation
is required to control configurations from the master to agents. Agents poll the information from master servers that respond via SSH. Several SaaS and hybrid delivery models are available to handle analytics and reporting.

Chef products offer the following capabilities:

Infrastructure automation
Cloud automation
Automation for DevOps workflow
Compliance and security management
Automated workflow for Continuous Delivery

Pros:

One of the most flexible solutions for OS and middleware management.
Designed for programmers.
Strong documentation, support and contributions from an active community.
Very stable, reliable and mature, especially for large-scale deployments in both public and private environments.
Chef offers hybrid and SaaS solutions for Chef server, analytics and reporting.
Sequential execution order.

Cons:

Requires a steep learning curve.
Initial setup is complicated.
Lacks push, so no immediate action on changes. The pull process follows a specified schedule.
Documentation is spread out, and it can become difficult to review and follow.

Pricing

A free solution is available to get you started. Pricing starts at $72 per node for the standard Hosted Chef, and is $137 per node for the top-of-the-range Chef Automate version. (Get more info here.)

Ansible

As
a latest entrant in the market compared with Puppet, Chef and Salt, Ansible was developed to simplify complex orchestration and configuration management tasks. The platform is written in Python and allows users to script commands in YAML as an imperative programming
paradigm. Ansible offers multiple push models to send command modules to nodes via SSH that are executed sequentially. Ansible doesn’t require agents on every system, and modules can reside on any server. A centralized Ansible workstation is commonly used
to tunnel commands through multiple Bastion host servers and access machines in a private network.

Ansible products offer the following capabilities:

Streamlined provisioning
Configuration management
App deployment
Automated workflow for Continuous Delivery
Security and Compliance policy integration into automated processes
Simplified orchestration

Pros:

Easy remote execution, and low barrier to entry.
Suitable for environments designed to scale rapidly.
Shares facts between multiple servers, so they can query each other.
Powerful orchestration engine. Strong focus on areas where others lack, such as zero- downtime rolling updates to multi-tier applications across the cloud.
Easy installation and initial setup.
Syntax and workflow is fairly easy to learn for new users.
Sequential execution order.
Supports both push and pull models.
Lack of master eliminates failure points and performance issues. Agent-less deployment and communication is faster than the master-agent model.
High security with SSH.

Cons:

Increased focus on orchestration over configuration management.
SSH communication slows down in scaled environments.
Requires root SSH access and Python interpreter installed on machines, although agents are not required.
The syntax across scripting components such as playbooks and templates can vary.
Underdeveloped GUI with limited features.
The platform is new and not entirely mature as compared to Puppet and Chef.

Pricing

The Self-Support offering starts at $5,000 per year, and the Premium version goes for $14,000 per year for 100 nodes each. (Get more info here.)

SaltStack

Salt
was designed to enable low-latency and high-speed communication for data collection and remote execution in sysadmin environments. The platform is written in Python and uses the push model for executing commands via SSH protocol. Salt allows parallel execution
of multiple commands encrypted via AES and offers both vertical and horizontal scaling. A single master can manage multiple masters, and the peer interface allows users to control multiple agents (minions) directly from an agent. In addition to the usual queries
from minions, downstream events can also trigger actions from
the master. The platform supports both master-agent and de-centralized, non-master models. Like Ansible, users can script using YAML templates based on imperative paradigm programming. The built-in remote execution system executes tasks sequentially.

SaltStack capabilities and use cases include:

Orchestration and automation for CloudOps
Automation for ITOps
Continuous code integration and deployment
Application monitoring and auto-healing
DevOps toolchain workflow automation with support for Puppet, Chef, Docker, Jenkins, Git, etc.
… And several other use cases.

Pros:

Effective for high scalability and resilient environments.
Easy and straightforward usage past the initial installation and setup.
Strong introspection.
Active community and support.
Feature-rich and consistent YAML syntax across all scripting tasks. Python offers a low learning curve for developers.

Cons:

Installation process may not be smooth for new users.
Documentation is not well managed, and is challenging to review.
Web UI offers limited capabilities and features.
Not the best option for OSs other than Linux.
The platform is new and not entirely mature as compared to Puppet and Chef.

Pricing:

Contact SaltStack for pricing.

Conclusion

Each platform is aimed at a different user segment within the same target market. DevOps teams investing in configuration management solutions must consider unique requirements around their workflows
to maximize ROI and productivity. To select the right configuration management solution that fits your organization, consider the architecture and operation model, features, and usability and support, among other key technical and business aspects.
 
Image source: https://pixabay.com/en/computer-cloud-datacenter-server-161933/
Author Bio
Ali Raza is a DevOps consultant who analyzes IT solutions, practices, trends and challenges for large enterprises and promising new startup firms.

Topics: chef, puppet, server
management tools,Configuration Management, saltstack, ansible