In a few short years DevOps has gone from a fringe movement to a must-have for any IT leader. There's a lot of buzz around it, but there's a lot of practical knowledge in there as well. Provisioning environments, deploying applications, maintaining infrastructures--these are all critical yet delicate tasks traditionally done by hand. What if we could get a machine to do all that stuff for us, not just saving hours of work but also removing the element of human error?
Why Configuration Management?
Configuration management software enables the use of tested and proven software development practices for managing and provisioning data centers in real-time through plaintext definition files. Some regard CM solutions as "DevOps in a Box," but that's not right. DevOps is about collaboration between people, while CM tools are just that: tools for automating the application of configuration states. Like any other tools, they are designed to solve certain problems in certain ways. How effectively they do so depends on the knowledge and ability of the person wielding them.
We've made it easy to get a quick overview of each tool and compare it to alternatives, so you can find the configuration management tool that's right for you (and be able to explain why you didn't choose options X, Y, and Z).
Benefits and Risks
Automating changes to your infrastructure's configuration state is a double-edged sword: you can make changes very quickly, but someone or something else needs to validate those changes. In considering which configuration management tool to select, you should also think about which complementary tool(s) you will use to avoid the costly effects of automating the deployment of bugs in your infrastructure-as-code. Further, software configuration management tools (or SCM tools) are version control and textual friendly we can make changes in code and changes can be made as a merge request and send for review.
With configuration management tools, many of the operating-system-specific implementations of a configuration are abstracted away for you. The same configuration file can be used to manage, for example, the installation of Apache HTTPD on both Red Hat and Ubuntu systems.
Poor configuration can be a massive cybersecurity risk, resulting in data breaches and other cyber attacks. If you are automating your infrastructure configuration, you must think about cyber security, information security and information risk management.
You should also think about how secure your configuration management tools are and whether you are giving them access to too much sensitive information. Think through vendor risk management and have a third-party risk management framework at hand and perform a cyber security risk assessment.
CFEngine is one of the older open source configuration management tools that provides automation configuration for huge computer systems, inclusive of the unified management of servers, systems, users, embedded networked devices, mobile devices, and more. We compare it to Puppet, also an established technology:
"CFEngine runs on C, as opposed to Puppet’s use of Ruby. C is the more low level of the two languages, and one of the main complaints regarding CFEngine is that the learning curve is very steep. It does mean though that CFEngine has a dramatically smaller memory footprint, it runs faster and has far fewer dependencies."
Puppet's annual "State of DevOps" report is one of the best resources for trends in DevOps. Knowing the strengths and weaknesses of the Puppet platform is increasingly important for people in operations. Puppet uses a declarative language or Ruby to describe the system configuration. It is organized in modules, and manifest files contain the desired-state goals to keep everything as required.
"It is frequently stated that Puppet is a tool that was built with sysadmins in mind. The learning curve is less imposing due to Puppet being primarily model driven. Getting your head around JSON data structures in Puppet manifests is far less daunting to a sysadmin who has spent their life at the command line than Ruby syntax is."
The open source edition of Puppet is available for free, while Puppet Enterprise is free for up to 10 nodes. Note: once Puppet is installed, every node (physical server, device or virtual machine) in the infrastructure will have a Puppet agent installed on it.
We compare Puppet to Chef, its closest competitor: Puppet vs. Chef
Next to Puppet, Chef is the other heavyweight in the CM and automation platform market. It manages servers in the cloud, on-premises, or in a hybrid environment. Being cloud-agnostic lets you manage both the data center and cloud environments at once, even as you change your cloud providers.
"Like Puppet, Chef is also written in Ruby, and its CLI also uses a Ruby-based DSL. Chef utilizes a master-agent model, and in addition to a master server, a Chef installation also requires a workstation to control the master. The agents can be installed from the workstation using the ‘knife’ tool that uses SSH for deployment, easing the installation burden."
See how it stacks up against CM newcomer Ansible: Ansible vs. Chef
Newer than Chef or Puppet, Ansible is the best configuration management, deployment, orchestration open source tool and also automation engine. In fact, it's included in popular Linux distros such as Fedora. It helps with IT infrastructure automation from software provisioning and configuration management to application deployment, providing large productivity gains.
"Currently their solutions consists of two offerings: Ansible and Ansible Tower, the latter featuring the platform’s UI and dashboard. Despite being a relatively new player in the arena when compared to competitors like Chef or Puppet, it’s gained quite a favorable reputation amongst DevOps professionals for its straightforward operations and simple management capabilities."
Check out the pros and cons of using Ansible: Top 5 Best and Worst Attributes of Ansible
Ansible is one of our favorite tools. You can use Ansible to execute the same command for on multiple servers from the command line. You can also use it to automate tasks (such as adding users, installing packages, and updating server configurations) using playbooks written in YAML facilitating communication between technical and non-technical teams. Ansible is simple, agentless and easy to read for programmers and non-programmers alike.
No agents means less overhead on your servers. An SSH connection is required in push mode (the default) but pull mode is available as needed. Playbooks can be written with minimal commands or scaled with more elaborate automation tasks including roles, variables and modules.
The chief purveyor of the "infrastructure-as-code" ideal, SaltStack has gained a sizable following despite making a relatively late appearance on the market due to its many integrations with cloud providers like Google Cloud, Amazon Web Services (AWS), etc
"Salt, like Ansible, is developed in Python. It was also developed in response to dissatisfaction with the Puppet/ Chef hegemony, especially their slow speed of deployment and restricting users to Ruby. Salt is sort of halfway between Puppet and Ansible – it supports Python, but also forces users to write all CLI commands in either Python, or the custom DSL called PyDSL. It uses a master server and deployed agents called minions to control and communicate with the target servers, but this is implemented using the ZeroMq messaging lib at the transport layer, which makes it a few orders of magnitude faster than Puppet/ Chef."
We compare Ansible with SaltStack, two newer players in CM: Ansible vs. Salt
Since launching back in 2013, Docker is a relative newbie that has taken the DevOps and software development world by storm. The key to Docker's success is its lightweight containerization technology:
"Their technology deploys software applications with all the necessary parts in a container, thereby ensuring it will run on any Linux server, regardless of configuration and/or settings. Containers can be created, configured, and saved as templates for use on other hosts running the Docker engine. These templates can then be used to create more containers with the same OS, configuration, and binaries."
Learn more about Docker: Getting Started with Docker
7. PowerShell DSC
Not one to be outdone by open source technologies, Microsoft's solution for CM is PowerShell DSC:
"DSC is a new management platform in Windows PowerShell that enables deploying and managing configuration data for software services and managing the environment in which these services run.
DSC provides a set of Windows PowerShell language extensions, new Windows PowerShell cmdlets, and resources that you can use to declaratively specify how you want your software environment to be configured. It also provides a means to maintain and manage existing configurations."
Learn more about PowerShell DSC: Windows PowerShell Desired State Configuration (DSC) with UpGuard
8. TeamCity Configuration tool
TeamCity is also one of the management and continuous integration server developed by Jet Brains and based on Java Programming Language.
Learn more about TeamCity vs. Jenkins for continuous integration.
9. JUJU Configuration Tool
Juju is an open source tool which mainly emphasizes on decreasing the operational overhead of new generation software. Juju offers features like configuring, scaling, quick deployment, integration, etc. JUJU provides no clear instructions on using OpenStack cloud provider.
Rudder is an open-source IT infrastructure management tool that works on top of CFEngine. Rudder's unique asset-management function is capable of identifying nodes as well as their characteristics, and this can prove useful when performing configuration management actions. This CMT makes use of asset management to identify nodes for configuration management.
Rudder depends on a light local agent which are installed on each and every managed system. Rudder’s server-side web interface is built by Scala language and its local agent is written in C language.
Plan for Success
Regardless of what tool you use for configuration management, the way to start your automation project is to discover what you have. Automating poor processes or poorly understood infrastructure is a fast and expensive way to multiple your problems. To truly get the most out of any automation tooling, you first need to understand where the landmines already exist.
For that, UpGuard Core offers a simple, three step process to discover, control and monitor your infrastructure to prevent outages and security breaches.