With so many configuration management tools available, it can be difficult to select the right one. Interestingly, all of the tools provide similar capabilities. What's different are the ways that they do it.
The tools for configuration management range from new to well-established. They use varying approaches and a variety of programming languages. Deciding what you need and what will be most effective for a specific environment involves many factors, but be sure to consider these important elements:
- identification, which allows the tool to identify the current configuration;
- control, the feature that allows you to change the configuration;
- status accounting, which allows you to identify the current status of the configuration, a particularly important feature in a development environment; and
- auditing, which ensures you verify that a configuration contains the required components.
So which tools for configuration management are worth a look? Let's examine some of the leading options to see how they work and whether they might fit your configuration management plan.
CFEngine, Puppet and Chef
CFEngine is one of the oldest configuration management tools. It is written in the C programming language, which makes it rather difficult for users to create custom configurations. An agent is used on clients for communication.
CFEngine is offered in both open source and enterprise versions. The open source version is free, but it lacks features that are typically needed in a large corporate environment. The enterprise version is free for up to 25 users, so administrators can test and try it before implementing it on a large scale. Although CFEngine is fast, it doesn't offer the flexibility that other CM tools do. For that reason, its use is not widespread.
Puppet is another of the older tools for configuration management. Developed in the Ruby scripting language, Puppet makes it is relatively easy to create configurations containing the desired state of the target and apply them to the managed nodes. Nodes that are managed through Puppet require an agent component to be installed.
Puppet has a free and open source version as well as a paid enterprise version. Features such as role-based access, an event inspector and orchestration are available only in the enterprise edition. Administrators can create configurations relatively easily in Puppet, and, being open source, free modules are provided. The enterprise edition comes with more than 2,000 configurations that have been verified to make Puppet easier to use.
Similarly, Chef is written in the Ruby programming language and offers free and paid versions. The Ruby aspect makes it rather simple for users to create their own configurations for Chef, which are known as cookbooks. To work with Chef, an agent needs to be installed on managed nodes.
Ready-to-use and verified cookbooks are available through the enterprise version of Chef. Apart from that, there is the Chef Supermarket, an open source platform where users can publish their creations. The paid version includes Chef Analytics, which allows administrators to provide real-time reporting and notifications.
Ansible, Salt and PowerShell DSC
Ansible uses secure shell (SSH) for communications between managed nodes and the Ansible server. Ansible is agentless (though it requires SSH), with the disadvantage that it doesn't know about the state of managed machines. Like the other tools, Ansible has an open source version and a paid enterprise option.
Ansible is written in YAML, which is relatively easy to use. YAML is also used to write the Ansible playbooks, which are used to pass instructions about the desired state to the managed machines. Because of its Linux origin, Ansible is heavily oriented to the command line; it offers a relatively limited web user interface.
Salt, made by SaltStack, is relatively new among the tools for configuration management. Developed to be fast and simple, Salt uses configurations that are provided as easy-to-work-with YAML files. Salt works with a Salt master that is used to push configurations to the Salt minions, which are the agents running on the managed nodes.
For scalability, Salt uses proxies. This means not every minion needs to reach out to the master to get its desired configuration. Salt employs the ZeroMQ protocol to optimize speed in communication between minions and master. There's a limited free version as well as a paid enterprise version with extra features.
Microsoft's PowerShell Desired State Configuration (DSC) has been included with Windows Server since the 2012 R2 edition. As it comes with the Windows OS by default, it is a good choice for managing Windows environments. It uses configuration files in the management object format, which is intuitive and easy to apply.
Powershell DSC also can be used in Linux environments. Working with multiple operating systems has been a design goal for PowerShell since the beginning, but there's no framework to manage different OSes from one interface. Other configuration management tools recognize that missing piece, and that's why Puppet, for instance, communicates with PowerShell DSC to manage it from the Puppet environment.
With hybrid IT deployments, it's even more difficult to know the current correct configuration.
Configuration management systems are supposed to make the little things easier, freeing up IT staff to devote themselves to high-level operations and tasks.
Adjustments to PowerShell Desired State Configuration in Windows Server 2016 are designed to help admins get the upper hand on server configurations.
Can intent-based networking help organizations enhance their network configuration management process? Here, Amy Larsen Decarlo discusses the role IBN has in the configuration management process, and how it can help to improve and enhance it.