Choosing a configuration management tool can be a bit of a headscratcher.
There are many great options out there, but that’s part of why it’s so hard to choose!
For just this reason, we’ve put together a handy graphic and scored 4 of the most popular options – Chef, Puppet, Ansible and SaltStack (now offered through VMware) – along 9 key criteria, with a little more explanation below.
It’s worth noting that, these scores are general and partly based on preference. Your mileage will vary depending on use case!
But with that little caveat out of the way – let’s get to it.
Now let’s take a look in detail.
Availability
Chef
When the primary Chef server fails, a backup will take its place.
Score: 4
Puppet
Puppet uses a multi-master architecture, so if the active master fails, another steps in.
Score: 4
Ansible
Ansible runs on a single active node. This is called the primary instance. If the primary instance goes down. A second will start up to take its place. If you’re running Ansible Tower 2.2, you can make further use of playbooks in your backup.
Score: 4
SaltStack
You can configure multiple masters on SaltStack. If one goes down, agents will connect with another.
Score: 4
Configuration language
Chef
Ruby DSL. Not a lot of options and requires a developer.
Score: 2
Puppet
Ruby, Puppet DSL, ERB (Embedded Ruby). Many options but still a high-skill barrier. Suited to a system administrator.
Score: 2
Ansible
Python, YAML. Relatively simple. A system administrator could take this on but they’d have an easier time of it.
Score: 3
SaltStack
JSON, Python, SLS (Salt State Language) YAML. Relatively simple. SaltStack will also suit a system administrator more than a developer.
Score: 3
Architecture/set-up process
(as these are closely related, we chose to answer these two questions together)
Chef
Chef’s master-client architecture is quite distributed. The master machine runs the Chef server while the client portion runs on every client machine. Configurations are tested in an additional component – Chef Workstation – which then pushes to the central server. This all makes setting Chef up a little daunting.
Score: 2
Puppet
Puppet’s master-client architecture also makes for a less-than-thrilling installation. As in the case of Chef, the Puppet server runs on the master while the Puppet clients run as an agent on client machines. There is also further setup around the certificate system enabling communication between master and agents – which adds a further layer of complexity. If you’re struggling, tagging in a DevOps agency is always a safe bet.
Score: 2
Ansible
Again, the master runs on the Ansible server, but there are no agents to speak of. The client machines need to have Python installed but communication is done via SSH – much more streamlined.
Score: 4
SaltStack
Based on its own master-minion architecture model, setting SaltStack up entails setting up the master on a dedicated machine which controls all minions. SaltStack can be a little difficult to set up, much like Chef.
Score: 3
Management
Chef
Chef uses the pull model and Ruby DSL, which can be a little trickier than YAML, usually requiring programmer-level understanding. Because it’s a pull-based tool, Chef is well-suited to DevOps and cloud-native environments using containers, since it enhances standardisation.
Score: 2
Puppet
Puppet is also pull, and though it runs Ruby, Puppet DSL and Embedded Ruby, Puppet also suffers from not being YAML compatible. There are a few other languages here but Puppet is also relatively high-skill in terms of management. As with Chef, Puppet’s pull-based nature makes it suited to constantly changing cloud-native environments.
Score: 3
Ansible
Ansible can run push or pull and is primarily compatible with YAML. Overall much easier than Puppet and Chef (because it’s both push and pull) Ansible has great flexibility in the types of workloads it can effectively run. In addition to the benefits of the pull approach, Ansible is also suited to critical production environments where there is a greater need for granular control.
Score: 4
SaltStack
SaltStack is push, and amongst other languages is also compatible with YAML, making it easier to manage. Being push-based, SaltStack is also suited to critical production environments and distributed systems.
Score: 2
Scalability
Chef
High but slightly limited by the complexity of the configuration language.
Score: 3
Puppet
High.
Score: 3
Ansible
High and slightly enhanced by the simplicity of the configuration language.
Score: 4
SaltStack
See above.
Score: 4
Interoperability
Chef
Chef server: Linux/Unix; Chef client and Workstation: also Windows. Compared to the other options on this list, there’s a little more manual work in terms of Chef’s interoperability.
Score: 2
Puppet
Puppet master: Linux/Unix; Puppet agent/client: also Windows. However, puppet’s integrations with OSs and cloud platforms have better out-the-box capabilities than Chef.
Score: 3
Ansible
Ansible server: Linux/Unix; Ansible client: also Windows. Further, because of Ansible’s agentless architecture, it can work with any system that has an SSH server. This makes it highly interoperable.
Score: 4
SaltStack
Salt master: Linux/Unix; Salt minion: also Windows. Like Puppet, SaltStack also boasts good out-the-box integrations.
Score: 3
Capabilities
Chef
CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Chef offers native support for many CI/CD pipelines and compliance and has more advanced features for automated provisioning.
Score: 4
Puppet
CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Like Chef, Puppet provides native support for CI/CD pipelines and security and comes in with a strong focus on code management.
Score: 3
Ansible
CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Lacking the native support of Chef and Puppet, Ansible is distinguished by its overall simplicity and flexible, agentless architecture.
Score: 3
SaltStack
CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Like Ansible, Salstack doesn’t offer the same degree of native support for some processes. However, SaltStack is best known for its strong orchestration and event-driven automation.
Score: 4
Pricing
Chef
At 13700 USD a year for up to 100 nodes, Chef is toward the top of the range, but this reflects its complexity and range of features.
Score: 3
Puppet
At 11200-19900 USD a year for up to 100 nodes, there’s more variance in Puppet’s pricing depending on the features used.
Score: 2
Ansible
10000 USD. The cheapest on the list, but by no means the substandard option. Being cheap and easy to use, Ansible is a great option for teams just starting.
Score: 2
SaltStack
15000 USD. Like Chef, SaltStack is a little more expensive, but you get a deep platform with a lot of capabilities.
Score: 3
Community
Chef
Chef has a large and active community – it’s been around for a while and offers an open-source version, which will always draw a crowd.
Score: 4
Puppet
Puppet is entirely open source, and as such has a large and active community.
Score: 3
Ansible
Same as above.
Score: 3
SaltStack
SaltStack is open source, but with a slightly smaller user base, you might not see quite the same community around it. Although it’s active and growing.
Score: 2
How we can help
If you need any extra help choosing a DevOps tool, we’re always here to help. We’ve carried out DevOps projects for household names around the world and, with our DevOps as a service offering, we can fill any DevOps gap you care to mention.
So, to chat with us about getting your CI/CD pipelines up and running, or anything else, just get in touch.