Updated on June 30, 2017 by Alan Sharp-Paul
So, Puppet or Chef? A question of configuration automation & provisioning that has started more than one flame war in its time. Whilst perhaps not helpful for those charged with implementing an automation solution for their business the most appropriate answer really is "It depends." Many have argued that (considering the alternative) using either is fine. Just get started!
There are differences though, both with the technologies and the companies behind them, that an understanding of both may make your choice a little easier.
* check out Puppet vs. Chef Revisited for an updated comparison.
Complexity & Power
When looking into each tool some themes consistently arise. It is frequently stated that Puppet is a tool that was built with sysadmins in mind. The learning curve is less imposing due to Puppet being primarily model driven. Getting your head around json data structures in Puppet manifests is far less daunting to a sysadmin who has spent their life at the command line than ruby syntax is. Chef on the other hand is procedural, you write your recipes in ruby code. If you're on the Dev side of DevOps, particularly if you already have ruby experience, this approach feels natural to you. If you're a sysadmin it can be more problematic. The steep learning curve of Chef is also viewed as a risk in larger companies. Skilling a large team up, and then maintaining those skills over time, is seen as a additional risk.
The flip side to this argued by Chef users is that, once you are over the initially steep learning curve, you get a lot more power and flexibility out of Chef. Its reliance on code means you can bend configurations to your will much more easily. They would also argue that the model driven approach of Puppet, which determines installation based on defined dependencies, suffers in practice due to the loss of control. When defining procedurally there are no surprises.
It should also be pointed out that Puppet now allow developers to work with pure ruby to build manifests (as of version 2.6).
What's New in Puppet & Chef? (updated January 2014)
Both Puppet and Chef have been busy providing updates to their toolsets. Puppet released Puppet Enterprise 3.0 in June 2013 that emphasizes scalability & performance, new orchestration capabilities, and updated to the Puppet DSL to help with software-defined infrastructure demands. Puppet has made iterative releases since then and is currently shipping v3.4.2 to customers - you can read detailed release notes here. For Chef, beyond the big news that they've now officially renamed the company to the same name, they released Chef 11.0 in February 2013 that emphasizes speed, scalability and ease of use. Chef has made iterative releases since then and is currently shipping v11.8.0 to customers - you can read detailed release notes here.
As a more mature product Puppet has a larger user base than Chef. Chef has also been considered more US centric to date. Having said this Chef has been making huge gains over the past couple of years. It can be argued again here that a sysadmin may get more from the Puppet community and a developer from the Chef one.
Whilst early on both Puppet and Chef had awful documentation they have both improved significantly. Their respective online documentation repositories can be found here. I actually prefer the Puppet docs but I'm still carrying scars from early attempts to make use of Chef's offerings so I could be biased:
In terms of reference texts both Puppet and Chef have excellent options available:
Both Puppet and Chef offer free open source versions. Puppet Enterprise is free for the first 10 nodes and then $99 per node (per year) after that. Discounts kick in in tiers after that until you hit 2500 nodes.
Private (behind the firewall) Chef ranges from $120 per month for 20 servers to $600 per month for 100 servers. Chef also have a hosted (SaaS) offering which is priced the same. Be prepared for pain with their UI though. It hasn't won any user experience awards :)
If you have time to try both then do. It's a bit of a case of horses for courses and you may be surprised. If you're a large shop with a diverse range of skills in operations and development you may lean towards Puppet. If you're a Rails shop you'd probably go straight to Chef. There really is no definitive answer though. As mentioned above, doing one is light years better than doing neither so if you're agonizing over the decision just stop, toss a coin and get going today.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.