Which Configuration Management Tool Should I Use? Spotlight on Puppet
Back in the nineties and early noughties, enterprises didn’t have to juggle too many servers. The rise of cloud computing has changed all that. Technologies like virtualization and containers now mean that the typical infrastructure is composed of many servers, hosting many applications.
As always, a sharp increase in scale makes it hard to maintain visibility and control. With the proliferation of servers within enterprise infrastructures, apps have sprung up to help IT professionals cope. These are usually referred to as Configuration Management (CM) or Remote Execution (RE) tools. These tools enable a process called infrastructure as code (IaC), in which an IT environment is represented via a programming language, and the tool automates the actions necessary to match the environment to this state. This can include actions like installing software, adding users, or partitioning storage devices.
There are four big players in this space: Puppet, Ansible, Chef, and SaltStack. Here’s a deep-dive into Puppet, the most popular option, which can be used for KernelCare mass deployment.
The Good: Market leader for a reason
Puppet has been around since 2005, and has been a leading CM tool ever since. Puppet has the credibility that comes with being utilised by some big names: Google, Reddit, Dell, PayPal, Oracle, Stanford, and more. Puppet is an open source app, developed on Ruby, and it runs on all the big operating systems. Support and a commercial enterprise version of the app are offered by PuppetLabs.
Puppet is composed of both a graphical user interface (a GUI) and a Ruby-based command line interface (CLI). Puppet follows a client-server (or agent-master) architecture: you install Puppet Server on your servers, and then you install Puppet Agent on the required nodes. The web UI is very intuitive, and makes real-time node management easy.
Puppet’s big plus is its long-standing stability. Puppet is a mature, solid, and well-developed tool. Installation is easy, and the architecture is such that syntax errors are easy to triage—Puppet won’t compile a catalog if there are issues. Puppet works well with shell-level constructs, and the compliance automation and reporting tools are strong. The support is generally good.
Puppet Forge, Puppet’s huge repository/library, is well-organised and makes handling modules easy. The quality of the modules is unparalleled, and their PuppetLabs team mark those that they support or approve, which affords users peace of mind. Puppet has a large development community, and Puppet’s technical account manager (TAM) tier offers fantastic support.
The Bad: Not as nimble as some
Puppet’s size is one of its big strengths; but it is also one of its weaknesses. Ask around in the DevOps world, and you’ll find people grumbling that bugs can take a while to be fixed, and that requests for new features fall on deaf ears. You’ll also find people complaining that PuppetLabs can be pushy with trying to persuade you to purchase the commercial version of the product.
There is some technical sluggishness as well. Puppet requires agents on nodes; these agents require packages, which can cause problems with security groups that require additional approval. Puppet requires extra infrastructure to support true automation: for example, extra components often need to be installed on the destination server, even if you’re already masterless. Using multiple masters makes remote execution trickier. All of this can add up to overhead.
The biggest blocker of all is that while the Puppet CLI currently supports pure Ruby, they are moving toward making their CLI compatible exclusively with their in-house DSL (domain-specific language). This makes for a steep learning curve for current and new users, and introduces scaling issues.
For smaller, more agile, and more short term deployments, Puppet might not be the best choice. Users need to learn the Puppet DSL, as advanced tasks usually require input from the CLI. This DSL code-base can swell as you scale, causing issues.
However, Puppet is ideal for more complex or more long-term deployments. If you are managing a fixed set of machines, or managing out configuration drift, it is the best choice. Puppet is very stable, and there is a good reason why it is the go-to option for large enterprises capable of managing a heterogeneous infrastructure. Setup is smooth, performance is robust, and the support community is the best in the business.
Watch this video to learn how to deploy KernelCare
Read more solution overviews by KernelCare team here:
- Which Configuration Management Tool Should I Use? Spotlight on Chef
- Which Configuration Management (CM) Tool to Use? Focus on SaltStack
- Which Configuration Management Tool Should I Use? Spotlight on Ansible
- Which Vulnerability Management Solution to Choose? Focus on Qualys
- Which Vulnerability Management Solution to Choose? Focus on Rapid7