cfengine vs puppet vs chef

Forums › IT Pro and developers › cfengine vs puppet vs chef

ptinson

677 posts

Ultimate Geek

Trusted

#94647 15-Dec-2011 22:50

Hi all.
I have been looking at many and varied ways of managing the configuration of large number of hosts, invariably I am drawn back to either cfengine3 or Puppet as being reasonable options.
Both have good and bad qualities, cfengine for example has a learning curve that makes hard to sell in any meaningful way to an ops team.

I was pointed towards Chef today though and am left wondering if anyone is using it.
http://wiki.opscode.com/display/chef/Home

It seems sane and usable, so i must be missing something.

So the question is, has anyone here used it before?

I am going to do an eval on it so I will post what i find but actual accounts of how it has worked would be very useful.

Paul

meat popsicle

zzamboni

3 posts

Wannabe Geek

#558554 16-Dec-2011 07:56

Hi,

(disclaimer: I work at CFEngine, but I'll try to be balanced here)

Chef is a nice and mature system (and they are very nice guys - I got to meet several of them last week at LISA'11 in Boston). One of its very strong points is that it's very approachable and easy to get started, and they have a good collection of "cookbooks" for managing many different components. One of its disadvantages is that, being written in Ruby, it requires Ruby and a lot of dependencies to be installed. On a clean Ubuntu system, running "apt-get install chef chef-server" brings in around 290 packages as dependencies. To install just the client ("apt-get install chef") requires installing around 50 packages as dependencies.

On the other hand, in my opinion, CFEngine's reputation for having a steep learning curve is greatly exaggerated, particularly in recent releases. Since CFEngine 3.2.0, you can bootstrap both servers and clients with a single command (cf-agent --bootstrap), which gives you a bare-ones install with policies that do nothing except update themselves. So you can easily install CFEngine and have it running without any adverse effects, and then gradually add policies that manage different parts of the system. CFEngine is very lightweight - its only dependencies are OpenSSL, PCRE and a BerkeleyDB (or equivalent, I prefer using Tokyo Cabinet).

For learning CFEngine, I would suggest starting with the Concept Guide and the Quick Start Guide. Neil Watson's CFEngine 3 tutorial is also very good. And if I may do a shameless plug, my book "Learning CFEngine 3" is now available as an Early Release, which contains already all the "basic concepts" and "getting started" chapters of the book, as well as some of the more advanced topics.

All the documents I mentioned (and many others) can be found from http://cfengine.com/tech. The forum at https://cfengine.com/forum/ is a very friendly place to ask questions. For information about the book see http://cf-learn.info/

Hope this helps,
--Diego Zamboni

ptinson

677 posts

Ultimate Geek

Trusted

#558560 16-Dec-2011 08:22

Thanks for that.
I must admit i used cfengine3 before it had the --bootstrap option, so it was a fair amount of work to get something useful, and functional.

I am not so worried about the learning curve for myself, more for the people that would end up using this on a daily basis, or have to trouble shoot it.

I hear you on the dependency tree, there is also a stigma to ruby, as there is any language, can generally start a religious war of what the superior language is.

All accounts welcome, even if they may be biased;)

meat popsicle

zzamboni

3 posts

Wannabe Geek

#558563 16-Dec-2011 08:49

Always happy to help. Sorry for the lack of links in my replies, but being new here, the forum doesn't yet let me post links.

About ease of maintenance: one of the nice new things in CFEngine 3 is the ability to compose promises into higher-level, reusable blocks. This makes it much easier to write policies and to understand them, since you can look at the policies only at the level that is necessary, hiding lower-level details. There is already a collection of pre-made blocks in the CFEngine standard library (http://cfengine.com/starterkit )

For example, if you want to edit the sshd configuration file, you can use a bundle like the one I posted here: http://blog.zzamboni.org/editing-sshd-configuration-files-with-cfengin . The edit_sshd() bundle uses the set_config_values() bundle, which is the one that knows how to edit the file (and in turn uses stuff from the stdlib). But at the top level, you use it like this:

bundle agent configfiles
{
vars:
"sshdconfig" string => "/etc/ssh/sshd_config";

# SSHD configuration to set
"sshd[Protocol]" string => "2";
"sshd[X11Forwarding]" string => "yes";
"sshd[UseDNS]" string => "no";

methods:
"sshd" usebundle => edit_sshd("$(sshdconfig)", "configfiles.sshd");
}
Which is very clear and easy to understand.

Best regards,
--Diego