Ansible, Puppet, and Chef
Ansible
Ansible is a powerful open platform for automating configurations, managing deployments, and orchestrating tasks. Unlike other configuration management systems that often use complex agents, Ansible is powered by agentless architecture. That is, to perform its tasks, it only requires SSH access and Python on managed nodes. What could be simpler?
Ansible configurations are described in YAML format in files called Playbooks. These Playbooks allow you to declaratively describe the state of the system, eliminating the need to execute complex command scripts. The point is that you can tell Ansible what the final result is needed, and it takes care of all the details rough work.
With Ansible you can:
Automatically deploy applications.
Manage services, install and update packages.
Integrate with cloud platforms like AWS, Microsoft Azure, and Google Cloud.
Orchestrate virtual machines and containers, including Kubernetes and Docker.
Manage users and access rights.
Configure network devices from various manufacturers.
Ansible has idempotency – the ability to run the same Playbook many times, and changes will only be applied in case of deviations from the desired state.
Puppet
Puppet already using the model client-server, where the Puppet Master management server interacts with agents installed on managed nodes. The main feature of Puppet is its ability to declaratively describe the state of system resources using its configuration language – Puppet DSL.
For example, you can manage files and their contents this way:
file { '/etc/nginx/nginx.conf':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('nginx/nginx.conf.erb'),
require => Package['nginx'],
}
This description is then compiled into a directory that contains all the resources and their dependencies needed to achieve the desired system state.
It is also worth noting that Puppet, like Ansible, supports the concept of idempotency; it is achieved due to the fact that Puppet checks the current state of a resource before applying changes and actively makes changes only if necessary.
Puppet features:
Modularity: It is possible to create modules that can be reused in different projects and environments.
Hiera: A configuration data management tool that allows you to separate data from code.
Factor: A utility that collects system information such as OS, IP addresses, RAM and other facts, which can then be used in configurations.
Chef
Chef is a powerful automation platform that lets you manage infrastructure as code using Ruby. That is, the configurations of servers, devices, and entire clouds are described in the form of code, which can then be versioned, tested and reused in different environments with a high degree of consistency.
Main components of Chef:
Chef Server: A central server where all recipes, cookbooks, and policies are stored, as well as state information for each managed node.
Chef Client: Installed on each managed node and is responsible for applying the configurations set on the server.
Chef Workstation: A place where they create and test their cookboxes and recipes before distributing them through the Chef Server.
For example, let's set up a server with Chef, where the goal is to install and configure the Nginx web server on a node running Ubuntu OS. Let's skip all the installation points, everything is quite simple there.
In Chef Workstation we create a new cookbook that will contain all the necessary instructions and resources:
chef generate cookbook nginx_cookbook
The command will create a directory structure for a new cookbook called nginx_cookbook
.
Next, go to the cookbook directory and create a recipe that will manage the Nginx installation. Open the file recipes/default.rb
and write there:
# установка пакета Nginx
package 'nginx' do
action :install
end
# управление службой Nginx
service 'nginx' do
supports status: true, restart: true, reload: true
action [:enable, :start]
end
# создание и публикация основной страницы Nginx
file '/usr/share/nginx/html/index.html' do
content '<html>
<head><title>Welcome to Chef managed Nginx!</title></head>
<body><h1>Hello from Chef managed Nginx!</h1></body>
</html>'
mode '0644'
owner 'www-data'
group 'www-data'
notifies :reload, 'service[nginx]', :immediately
end
Upload the cookbook to the Chef server for further distribution:
knife cookbook upload nginx_cookbook
Let's add the recipe from the cookbook to the run list for the target node via Chef Server using the command knife
or via Web UI. After this, Chef Client installed on the target node will be able to apply the settings:
knife node run_list add NODE_NAME 'recipe[nginx_cookbook]'
Launch Chef Client on the node to apply the settings:
sudo chef-client
Let's compare these tools in the table
Characteristic | Ansible | Puppet | Chef |
---|---|---|---|
Type | Declarative and procedural | Declarative | Declarative |
Architecture | Agentless (uses SSH) | Client-server (agents on nodes) | Client-server (agents on nodes) |
Language | YAML | Puppet DSL | Ruby (recipes) |
Configuration management | Idempotent but easy to manage | Idempotency, powerful management capabilities | Idempotent, flexible and powerful |
Integration | Integrates well with most CI/CD tools | Good support for integration with other tools | Flexible integration thanks to Ruby |
Scalability | Better for smaller or less complex environments | Highly scalable for large infrastructures | Highly scalable for large infrastructures |
Features | Easy to use, no agents required | Detailed control over every aspect of management | Scripting flexibility thanks to Ruby |
Best suited for | Fast deployment, smaller teams or projects | Large enterprises with strict configuration management requirements | Organizations needing flexibility and customization |
In conclusion, I remind you of the open lesson on configuration management and infrastructure stabilization. The lecture will discuss methods and tools for automating configuration management processes, change control and ensuring system integrity. Join us follow the link to register.