The ever increasing popularity of virtual computing, coupled with the availability and ease of cloud computing has left the standard systems administrator with a huge number of servers and services that need to be managed in their day to day activities.
The days of walking down the hallway to the server room or data center are, for the most part, over, and systems administrators must be able to quickly provision, deploy and manage many servers at the same time. Since, in many cases, large groups of identical servers run identical services to support customer facing applications, the ability to click a button and patch, update or modify all servers in a specific group is becoming more and more essential.
Three of the most popular tools for infrastructure automation today are Chef, Puppet, and Ansible. Each was built to accomplish the goals mentioned above, and each has its own way of getting the job done, coming with its own set of pros and cons. Without an infrastructure management tool, your systems are at the mercy of forgetful and ever-more busy IT staff, and any team needs one of these tools at their fingertips.
Puppet is probably the most widely used of the three automation tools, and as such offers the most tools, modules and actions. Its web user interface is easily the most functional and complete as far as managing your servers and configurations. Most operating systems and system configurations can be managed by Puppet, and changes, updates and patches are pushed out automatically when a server ‘checks in’, or via a manual push that performs the required tasks immediately.
Puppet is written in Ruby, and all configurations and modules it contains are also built using Ruby or a Puppet-specific, Ruby like language. As such, it is beneficial to either know or learn Ruby (or have access to someone who does) if you aim to make full use of Puppet, and if you dislike Ruby this may be a barrier you don’t want to cross.
Puppet’s install process is very easy and can be done using an automated installer. The installer will handle the creation of a single Puppet master and as well as an agent on each client that will be managed by Puppet. Depending on the OS you are installing Puppet on, you need to just enable appropriate dependencies (such as RHEL ‘optional’ channel if on RedHat), enable the Puppet Labs repository for your OS, and run `yum install puppet-server`.
After installation, the `puppet` command can be used to download modules or perform installations. Configuration files need to be tailored to each type of server that will be managed by Puppet, and each system will periodically ‘check in’ with the Puppet master to ensure their individual configurations are in line with your standards.
Chef has many similarities with Puppet. Both are based on Ruby, and both utilize a master-agent architecture, with Chef also having a ‘workstation’ that controls the master node. The workstation itself is what performs agent installations. Chef, like Puppet, has a plethora of available and functional modules to help you manage your systems. Unlike Puppet, however, Chef relies heavily on Git, and familiarity with Git is required in order to efficiently manage a Chef installation.
Chef’s installation is also handled using an installer, requiring you to only download the appropriate package for your OS, and run the `chef-server-ctl` command to create your administrative user, organization, and a few other tasks to configure your installation.
Chef also lacks a push feature, and systems must check in with the Chef master in order for configuration changes to take effect. This means that immediate implementation of changes is not possible, which can be a big issue in some environments. Chef has a less complete web user interface than Puppet, having no reporting and, like Puppet, not allowing configuration modifications. The web UI is, however, useful for inventory management.
Ansible has little in common with either Chef or Puppet, and is better suited to those who have little experience in Ruby. All actions performed by Ansible take place over SSH, and there is no client agent required, so environments that do not want a client agent, and need simply quick, streamlined functionality should consider Ansible rather than other solutions.
Ansible also differs in that it is built using Python, which may be a big factor for those more familiar with Python who want automated configuration management. The install begins with a Git clone, which provides an installer name env-setup, or can be done using yum/apt.
After installation, each node that Ansible will manage needs to be added to the configuration, and SSH keys are appended to each node. The SSH keys allow Ansible to communicate and perform tasks on any managed node, and either root SSH access must be allowed or sudo credentials must be enabled for the Ansible user.
Ansible offers two ways to interact with managed nodes, either via command line or YAML configuration files termed ‘Playbooks’, which can also use templates for easier systems management. Playbooks provide the core of Ansible’s functionality, able to manage anything from single node configuration to complex deployments involving monitoring services, load balancers and a variety of network infrastructure.
As with Puppet and Chef, there are many modules available for Ansible to manage virtually any infrastructure, from physical to cloud. Modules can be created and customized using your preferred language, as long as the final output is JSON. There is a web user interface, but it lacks most of the functionality of the command line, and is the least complete of the three options.
No matter what you choose, whether it be Ansible, Puppet, Chef, or another available solution, infrastructure automation is something that you must do no matter the size of your organization. If you are more involved in development, or have collegues who enjoy development, Chef or Puppet is probably more suited to your group.
If, however, your team is composed mostly of systems administrators and operations staff, Ansible may be the easiest solution. Managing, provisioning and securing of systems is a complicated and time consuming endeavor, and any organization should be sure to have an excellent tool to make the task easier.