Updated on March 31, 2017 by UpGuard
Retail giant Amazon through its AWS platform is the largest IaaS and PaaS provider in the world. In early 2013 Amazon announced the rollout of Opsworks, an “Integrated DevOps application management solution”, according to the website (http://aws.amazon.com/opsworks/). So it’s basically a customized CM tool for AWS is what they’re saying. This brings it into competition with another CM giant, Puppet Labs, though as we’ll see this may not be the apples-to-apples comparison it initially appears to be.
Opsworks is built on the Chef framework. Chef is a major competitor of Puppet, and Amazon’s decision must have caused quite a bit of discomfort at Puppet’s parent company Puppet Labs. The choice of Chef, with its flexibility and power due to its use of base Ruby (rather than a Ruby-derived but simpler DSL like Puppet uses), implies that Amazon views Opsworks as a tool for developers and devops as well as sysadmins. This is in contrast to most CM tools which typically lean towards either developers or sysadmins. Puppet’s DSL is easier to learn and use as a CLI command tool, but offers less flexibility than the pure Ruby CLI of Chef/Opsworks; this together with Puppet’s powerful and user-friendly GUI, also reveal that Puppet is really a sysadmin tool. Opsworks offers the same advantages as Chef, but also shares many of its blights as well. For instance Chef is known to be notoriously difficult to learn, especially for first-timers. And Chef doesn’t have a good push capability for deploying changes and configs from the master server to the agents installed on the client nodes. You must configure agents to periodically check in with the master and pull any config changes.
Puppet is a titan of the CM world. Introduced in 2005 and supported by Puppet Labs, it is an open-source CM tool and boasts the largest market share and user community. It uses a model-driven rather than procedural approach – you define the various states you want your nodes to be in, and Puppet executes the necessary actions to get them into those states. This is accomplished via a slick GUI (arguably the best in the business) and a Ruby-derived DSL.
Platforms & Pricing
Opsworks is completely free. Since you’re already paying to use the AWS resources, Amazon throws in Opsworks for free to make life easier for you, their valuable customer. But wait, since it’s already possible to integrate Chef recipes with Amazon CloudFormation, why couldn’t Amazon just have built on that, instead of going through all the pain of creating a whole new Chef-based CM tool? Well, using Opsworks the crafty execs at Amazon have actually created a ‘sticky’ environment or ecosystem that makes it hard for the customers to get out of its fiefdom. Once a multi-tier application gets deployed through Opsworks, it’s a tedious affair to try and move it out of AWS. Customers will not be dealing with plain vanilla EC2 VM’s anymore; with Opsworks you get even more entrenched into the AWS ecosystem, which means you spend more time on AWS, which in turn means [insert cash register sound here]. Opsworks will support any EC2 instance platform, which already encompasses all the major OS’s.
Documentation, Community & Support
Having been around for a long time, Puppet has an especially active user community (http://projects.puppetlabs.com/projects/1/wiki/Irc_Channel) and a resultant ecosystem. There are numerous templates available for free for various setups, including AWS templates, as well as useful 3rd-party apps like Foreman (http://theforeman.org/), built on top of Puppet. In addition, Puppet Labs offers comprehensive corporate support, though there are murmurs of discontent at Puppet Labs’ slowness at fixing reported bugs, and the manner in which they aggressively push users towards the commercial version. Documentation (http://docs.puppetlabs.com/) is great and well segmented into advanced and getting-started versions, as well as concise installation guides and reference manuals.
Opsworks is a product of corporate giant Amazon, so manufacturer support and documentation are both understandably excellent, rivaling anything offered by Puppet. Since AWS is used by people self-deploying their own servers and not necessarily IT techies, the documentation and how-tos (http://docs.aws.amazon.com/opsworks/latest/userguide/welcome.html) are especially easy to figure out and start using. The user community is still in its infancy given the tool’s newness, but it has already spawned a huge number of Q&A’s on the discussion forums (https://forums.aws.amazon.com/forum.jspa?forumID=153#); not surprising given the size of AWS’ customer base. No word yet on whether there will be an Opsworks version running exclusively on the Kindle tablet!
A decision between Opsworks and Puppet should now be easier to make after all this. But keep in mind that they are both excellent tools with large corporate backing and a large user community. The 2 main differences between them are a philosophical one (a sysadmin tool vs. a developer tool) and whether you are operating on AWS or not. Opsworks is not really a new tool, it is an adaptation of the existing Chef CM tool to the AWS environment. Puppet can actually be used to manage EC2 instances, but now Amazon has unleashed their own product to compete with it. The pros-cons chart below can help you in your Opsworks vs. Puppet decision.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.