Chef vs. Puppet vs. Ansible vs. SaltStack – configuration management tools compared

by Ned Hallett
As Digital Marketing Manager and JAM’s primary pair of lungs, I provide the JAM-y take on the ever-evolving worlds of DevOps, SaaS, MACH - and acronyms yet to be coined.
Published on April 2023

Choosing a configuration management tool can be a bit of a headscratcher. 

There are many great options out there, but that’s part of why it’s so hard to choose!

For just this reason, we’ve put together a handy graphic and scored 4 of the most popular options – Chef, Puppet, Ansible and SaltStack (now offered through VMware) – along 9 key criteria, with a little more explanation below.

It’s worth noting that, these scores are general and partly based on preference. Your mileage will vary depending on use case!

But with that little caveat out of the way – let’s get to it.

an info graphic

 

Now let’s take a look in detail.

Availability 

Chef

When the primary Chef server fails, a backup will take its place.

Score: 4

Puppet

Puppet uses a multi-master architecture, so if the active master fails, another steps in.

Score: 4

Ansible

Ansible runs on a single active node. This is called the primary instance. If the primary instance goes down. A second will start up to take its place. If you’re running Ansible Tower 2.2, you can make further use of playbooks in your backup.

Score: 4

SaltStack

You can configure multiple masters on SaltStack. If one goes down, agents will connect with another. 

Score: 4

Configuration language 

Chef

Ruby DSL. Not a lot of options and requires a developer.

Score: 2

Puppet

Ruby, Puppet DSL, ERB (Embedded Ruby). Many options but still a high-skill barrier. Suited to a system administrator.

Score: 2

Ansible

Python, YAML. Relatively simple. A system administrator could take this on but they’d have an easier time of it.

Score: 3

SaltStack

JSON, Python, SLS (Salt State Language) YAML. Relatively simple. SaltStack will also suit a system administrator more than a developer. 

Score: 3

Architecture/set-up process 

(as these are closely related, we chose to answer these two questions together)

Chef

Chef’s master-client architecture is quite distributed. The master machine runs the Chef server while the client portion runs on every client machine. Configurations are tested in an additional component – Chef Workstation – which then pushes to the central server. This all makes setting Chef up a little daunting.

Score: 2

Puppet

Puppet’s master-client architecture also makes for a less-than-thrilling installation. As in the case of Chef, the Puppet server runs on the master while the Puppet clients run as an agent on client machines. There is also further setup around the certificate system enabling communication between master and agents – which adds a further layer of complexity. If you’re struggling, tagging in a DevOps agency is always a safe bet.

Score: 2

Ansible

Again, the master runs on the Ansible server, but there are no agents to speak of. The client machines need to have Python installed but communication is done via SSH – much more streamlined.

Score: 4

SaltStack

Based on its own master-minion architecture model, setting SaltStack up entails setting up the master on a dedicated machine which controls all minions. SaltStack can be a little difficult to set up, much like Chef.

Score: 3

Management 

Chef

Chef uses the pull model and Ruby DSL, which can be a little trickier than YAML, usually requiring programmer-level understanding. Because it’s a pull-based tool, Chef is well-suited to DevOps and cloud-native environments using containers, since it enhances standardisation. 

Score: 2

Puppet

Puppet is also pull, and though it runs Ruby, Puppet DSL and Embedded Ruby, Puppet also suffers from not being YAML compatible. There are a few other languages here but Puppet is also relatively high-skill in terms of management. As with Chef, Puppet’s pull-based nature makes it suited to constantly changing cloud-native environments.

Score: 3

Ansible

Ansible can run push or pull and is primarily compatible with YAML. Overall much easier than Puppet and Chef (because it’s both push and pull) Ansible has great flexibility in the types of workloads it can effectively run. In addition to the benefits of the pull approach, Ansible is also suited to critical production environments where there is a greater need for granular control.

Score: 4

SaltStack

SaltStack is push, and amongst other languages is also compatible with YAML, making it easier to manage. Being push-based, SaltStack is also suited to critical production environments and distributed systems.

Score: 2

Scalability 

Chef

High but slightly limited by the complexity of the configuration language.

Score: 3

Puppet

High.

Score: 3

Ansible

High and slightly enhanced by the simplicity of the configuration language.

Score: 4

SaltStack

See above.

Score: 4

Interoperability 

Chef

Chef server: Linux/Unix; Chef client and Workstation: also Windows. Compared to the other options on this list, there’s a little more manual work in terms of Chef’s interoperability.

Score: 2

Puppet

Puppet master: Linux/Unix; Puppet agent/client: also Windows. However, puppet’s integrations with OSs and cloud platforms have better out-the-box capabilities than Chef.

Score: 3

Ansible

Ansible server: Linux/Unix; Ansible client: also Windows. Further, because of Ansible’s agentless architecture, it can work with any system that has an SSH server. This makes it highly interoperable.

Score: 4

SaltStack 

Salt master: Linux/Unix; Salt minion: also Windows. Like Puppet, SaltStack also boasts good out-the-box integrations.

Score: 3

Capabilities 

Chef

CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Chef offers native support for many CI/CD pipelines and compliance and has more advanced features for automated provisioning. 

Score: 4

Puppet

CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Like Chef, Puppet provides native support for CI/CD pipelines and security and comes in with a strong focus on code management.

Score: 3

Ansible

CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Lacking the native support of Chef and Puppet, Ansible is distinguished by its overall simplicity and flexible, agentless architecture.

Score: 3

SaltStack

CI/CD, infrastructure automation, code management, reporting, security and compliance automation and management and orchestration. Like Ansible, Salstack doesn’t offer the same degree of native support for some processes. However, SaltStack is best known for its strong orchestration and event-driven automation.

Score: 4

Pricing 

Chef

At 13700 USD a year for up to 100 nodes, Chef is toward the top of the range, but this reflects its complexity and range of features.

Score: 3

Puppet 

At 11200-19900 USD a year for up to 100 nodes, there’s more variance in Puppet’s pricing depending on the features used.

Score: 2

Ansible

10000 USD. The cheapest on the list, but by no means the substandard option. Being cheap and easy to use, Ansible is a great option for teams just starting.

Score: 2

SaltStack

15000 USD. Like Chef, SaltStack is a little more expensive, but you get a deep platform with a lot of capabilities.

Score: 3

Community 

Chef

Chef has a large and active community – it’s been around for a while and offers an open-source version, which will always draw a crowd.

Score: 4

Puppet

Puppet is entirely open source, and as such has a large and active community.

Score: 3

Ansible

Same as above.

Score: 3

SaltStack

SaltStack is open source, but with a slightly smaller user base, you might not see quite the same community around it. Although it’s active and growing.

Score: 2

How we can help

If you need any extra help choosing a DevOps tool, we’re always here to help. We’ve carried out DevOps projects for household names around the world and, with our DevOps as a service offering, we can fill any DevOps gap you care to mention. 

So, to chat with us about getting your CI/CD pipelines up and running, or anything else, just get in touch.

SHARE

CONTACT US

With partners across the USA, Europe and APAC, we provide a truly global service. So wherever you or your clients are based, contact us today to find out what we can do.