Puppet, Chef, Cfengine

Jérémy MATHEVETPresented by

Configuration Manager

Topics

1. Principle

2. Comparison

3. Puppet

4. Chef

5. Cfengine

6. Migration advises

Principle

Principle• A client/server architecture.

• The server has a reference configuration.

• The client queries the server.

• The client makes change in order to match the reference configuration.

Principle

1. “Can you give my configuration model ?“

2. “Ok, for you, that's it.”

3. “I make the necessary in order to fulfil it.”

4. (optional) “Thank you, I'm ok, no error” or “I had a problem”.

Principle

Why to do this ?• Centralized management

• Automated management

• Mass deployment

• Configuration customization

• Abstraction Layer

• Idempotence

What can we do ?• File transfer

• Service management

• Package management

• Command launching

Comparison

Comparison3 major solution :

• Puppet

• Chef

• Cfengine

Pretty similar possibilities.

Some specificities.

ComparisonPuppet Chef Cfengine

Pull Yes Yes Yes

Push No No No

Idempotence Yes Yes Yes

Config language Declarative Ruby Declarative

Web UI Yes (limited) Yes No

OS Support Linux/Unix – Windows

(experimental)

LinuxLinux/Unix – Windows

(experimental)

Linux/Unix – Windows

(experimental)

Licence GPL v2 Apache GPL

Company Puppet Labs OpsCode Cfengine

Cloud Yes SaaS platform Yes

Puppet

Puppet• Created in 2006 by Puppet Labs

• The easiest solution

• Proprietary declarative language

• Modular configuration

• Template

• Asymmetric Key Encryption

Puppet• Prerequisite :

• Configured DNS

• Ruby

• Installation Sources :

• Debian Repositories

• RubyGem

• Sources

Puppet• Puppet server : Puppetmaster

• Puppet client : Puppet (agent)

Main steps once installed :

• Key exchange

• Puppetmaster configuration

• Puppet agent checks every 30 mn by default

PuppetVocabulary :

• Node

• Manifest

• Module

• Class

• Template

Puppet

PuppetHere is the read order.

•site.pp : global config

•nodes.pp : manage hosts

• init.pp : module classes

•Files : module files directory

Puppet

Puppet• Facter : Give node facts.

• Permit to have customized configuration node.

• Possibility to create your own facts.

PuppetTemplates

• ERB

• Customize configuration using Facts

Exemple :

PuppetPuppet Dashboard

• WebUI

• Still in development

• Very buggy

• Only for monitoring

• Useless for the moment

Chef

Chef• Created in 2009 by Opscode

• Sustained development

• Configuration language : Ruby

• Modular configuration

• Template

• Asymmetric Key Encryption

Chef• Prerequisite :

• Configured DNS

• Ruby

• Installation Sources :

• Opscode Repositories

• RubyGem

• Sources

Chef• Chef server : chef-server

• Chef client : chef-client

Main steps once installed :

• Key exchange

• Chef-server configuration

• Chef client checks every 30 mn by default

ChefVocabulary :

• Recipes

• Cookbook

• Role

• Node

• Attributes

• Knife

• Chef Repository

Chef

ChefChef Server is in fact several processes.

•API ServiceUsed to interact with server for node configuration.

•Management ConsoleWebUI which permits to do administrative tasks.

Chef• File indexer

Apache SOLR, a search engine.

• Data store (CouchDB)Used for store roles, nodes and data bag JSON data. Sends it to SOLR, through AQMP queue.

•AQMP ServerUsed by CouchDB as queue.

Chef

ChefCookbook

ChefRecipes

ChefRecipes

Like in Cooking, one of the more interesting thing is to share our cookbooks and recipes.

http://community.opscode.com/cookbooks

ChefOhai and templates

A tree of node facts, which can be used as attributes.

The same kind of customization as Puppet with Facter.

ChefAdministration

•Knife or Management Console

•CLI or Web UI

•Two powerful tools

Chef vs PuppetChef Advantages

• Cookbooks sharing

• Stricter configuration rules

• Ruby

• Useful WebUI

Disadvantages

• A bit more complex

• More setup needed

• Usable in production, but still young

Cfengine

Cfengine• Created in 1993 by Mark Burgess

• The first configuration manager

• Major update in 2009, Cfengine 3

• Proprietary configuration language

• Template

• Asymmetric Key Encryption

Cfengine• Prerequisite :

• libc

• Installation Sources :

• Debian Repositories

• Sources

CfengineCfengine has an atypical mechanism.

There is neither cfengine-server nor cfengine-client package.

CfengineArchitecture

CfengineVocabulary

• Promises

• Body & bundle

• Class

CfenginePromises

Cfengine•Bundles and bodies

Cfengine•With Cfengine, you have to do configure

everything. From the promises, to the host authorized, or the failsafe procedure.

Cfengine vs Puppet vs ChefCfengine is powerful. But...

• Painful configuration

• Have fun with log (excessively verbose... Or not.)

• Seems outdated compared to Puppet and Chef

Keep in mind that you have as much possibilities as Puppet & Chef. But the time you pass configuring and master it is incomparable.

Migration advices

Migration advices• Migration have to be progressive.

• Writing configurations take time.

• Be extremely rigorous.

• Don't forget the revision control.

Questions?

Content under Creative Commons BY license.

Email : jeremy.mathevet@supinfo.comStatusNet : jeyg@status.jeyg.infoTwitter : @Jeyg

Contact: