In DevOps, configuration management is a very important part of the whole DevOps lifecycle. Configuration management, as the name itself explains is nothing but managing all the configurations of the environments that the software application hosts upon. But the question is, why do we need configuration management?
Let’s take a scenario where I am a system administrator and I am looking out for servers of my organizations. What happens if one of my servers goes down? Nothing much, I can bring it back up manually and very quickly. But what if 100’s of servers of my organization go down? I can’t bring those many servers back online very quickly. This is where configuration management and its tools come into the picture. I can use these tools to put the correct configurations on all the servers to bring them up and running within no time.
In this blog, I am going to discuss two very important configuration management tools Ansible and Puppet and how they are different from each other.
What is Ansible?
Ansible is a popular configuration management tool which automates application deployment, infrastructure orchestration, cloud provisioning and many other IT tasks. Ansible used playbooks to describe automation jobs and these playbooks are written in a very simple language called YAML.
When you have a complex infrastructure with tons of servers, some IT tasks can be time-consuming and tedious to do manually. For example, you have 50 servers running your application new-app, now a new version of the new-app has come and you need to deploy this new version on all 50 servers. Automating this IT task with tools like Ansible is the smarter way. With just a few lines of configuration in an ansible YAML file, the new version of the application can get deployed on all 50 serves automatically.
In the Ansible architecture, you will have a local machine and the local machine is where you’re going to have all your instructions that you would be pushing out to the remote servers. Connected from the local machine are all the different nodes on which you will push all the configurations that you would set up on the local machine. You would write those in configuration codes within a module, so you do this on your local machine for creating these modules and each of these modules is actually consistent playbooks. The local machine also has a second job and that job is to manage the inventory of the nodes you have in your environment. The local machine is able to connect to each of the different nodes that you would have in your hardware network through SSH.
Ansible Advantages and Features:
- It is agentless. You can access all the servers from your control machine by simple SSH. You don’t need to install any agent on all the servers to connect them, which most of the other tools like puppet and chef do.
- It was built on top of Python. This helps in providing a lot of functionalities of Python.
- Uses SSH for secure authentication.
- It has a push-based deployment model for sending configurations on all the servers/nodes.
- Ansible Tower is used for the visual dashboard of IT infrastructure, access controls etc.
- Uses YAML, which is a human-readable language, so no special coding skills are required.
What is Puppet?
Puppet is also a configuration management tool that ensures all your systems are configured to a desired and predictable state. Puppet can also be used as a deployment tool for deploying the software automatically to all your systems or to specific systems. This is all done with code which means you can test the environment and you can have a guarantee that the environment you want is deployed accurately.
Puppet has a master-slave architecture, and it works on a pull-based configuration deployment model. Puppet-master contains the main configuration files and those are comprised of manifests that are actual codes for configuring their clients. This whole package containing manifest files is called the puppet module. On each client machine, you have puppet agents which communicate with the master in regular interval of time to pull configuration if there has been any change.
Firstly, an authentication happens between master and slave machines by secure certificates. After successful authentication, the puppet agents on the client machines send the facts (information of their system) to the master. If there are any changes to be made on the client machine, the master creates a catalog that has the updated list of configurations. It is then sent to all the agents to update the configurations of client machines as instructed by the master machine. Finally, the agent sends back a report to the master once all the changes have been made.
Puppet Advantages and Features:
- It offers a variety of products (enterprise, remediate, replay, comply) for infrastructure automation, event-driven automation, security automation etc.
- It has a master-slave architecture. It has a puppet agent which does all the task for puppet master on the client (slave) machine.
- It follows a push-based deployment model to manage the configurations of all the client machines automatically.
- It uses secure certificates for authentication.
- It provides 6000+ ready-made modules to give you a head start.
Key Differences: Ansible vs Puppet
Ansible does configuration management using a push-based model. Here, you have a local machine with all the configurations which will be pushed to all the servers connected to it. Whereas Puppet performs configuration management using a pull-based model. It installs an agent on all the client machines which pulls configuration from the master machine within a regular interval of time. If the configuration shared by the master has changes, the agent installs those configurations on the client machine. If the configurations pulled from the master is the same as of client machine, then no configuration change is required.
Both the DevOps configuration management tools Ansible and Puppet are highly scalable. But in Ansible, the scalability is more convenient and happens with ease. Comparative, scalability is not that simpler in Puppet.
Ansible is written in Python and the configurations files in Ansible are written in YAML. Where Puppet is written in ruby and the configuration files (manifests) are written puppet’s domain-specific language (DSL).
Ease of Use
One of the areas where Ansible performs extraordinary well is the ease of use because of its focus on simplicity. It is very simple to install/setup and manages even the complex environments with ease. This doesn’t mean Puppet is very complex to use as compared to Ansible. But Ansible has a slight edge over Puppet because it uses YAML for its configuration files, which is very easy to read (English like language) and write.
Both are open-source tools and offer free versions of their tools. The Ansible Tower enterprise standard version costs 10000$/year with 8*5 support for 100 nodes and the premium version which offers 24*7 support costs 14000$/year approximately. The Puppet enterprise standard version costs 100$ per node per year and the premium version costs 199$ per node per year.
Puppet was founded in 2005, whereas Ansible started in 2012. So, obviously Puppet currently has a better developer community than Ansible. But since Ansible is written in python and currently python is hot in the developer community, even Ansible’s community is strong and growing at a very fast pace.
Which Tool to Choose?
Ansible and Puppet both are excellent and widely used tools used in the market for configurations management. So, depending on the business need, you need to decide which tool would be preferable. If you want to have a small and faster deployment, then Ansible is better suited, whereas if you have a large-scale production deployment, Puppet is more suitable because it is more mature than Ansible.
Just to summarize, here is a comparison table of Ansible and Puppet.
|It is Agentless.
|It has a master-slave architecture. Uses Puppet-master and Puppet-agent.
|Highly scalable, simpler to scale than puppet
|Ease of Use
|Easy to setup, learn and use.
|Master and agent both need to be installed. Learning curve is more.
|Standard version: 10000$ per year for 100 nodes with 8*5 support
Premium version: 14000$ per year for 100 nodes with 24*7 support
|Standard version: 100$ per node per year
Premium version: 199$ per node per year
|Available, Ansible Galaxy
|Available, Puppet Forge with 6000+ modules
|Earlier release as CLI, later UI was added but not as good as Puppet
|Better and interactive user interface
|Community and Support
|Growing at a rapid pace
|Huge, strong and active
There are several repetitive tasks which administrator take hours to do manually, like updates, backups, system reboots, creating users, assigning groups, assign permissions, etc. With tools like Ansible and Puppet, you can execute such tasks more efficiently and it will also be less time consuming. Now that you know their features and differences between them, go ahead and choose one of the tools and start automating your IT tasks now.