In a nutshell configuration management involves the detailed updating and recording of information that describes an enterprise’s software and hardware. It covers both device configuration management and the whole set of processes related to network operations and support. Some the actions involved in configuration management include – device configuration collection and inventory, change management, archiving, and backup among others. As cloud computing continues to infiltrate enterprise IT, configuration management has never been more important. Despite the fact that the cloud makes it exceedingly simple to deploy hundreds or even thousands of machines, system admins are left with the daunting task of managing each of those devices. When there are only a few machines, maintenance tasks like applying security patches, fixing security holes, and downloading updates only took a few minutes but multiply those minutes by hundreds or thousands and you get chores measured in weeks and months. The good news is that software can be used to automate the tasks associated with configuration management. Sys admins can utilize various open source stacks of code that were designed to reach out and touch files in the vast empire of virtual machines.

Ansible

Ansible is a model-driven configuration management tool, ad-hoc task execution tool, and automated app deployment tool all in one. For the above reason, the company prefers to categorize it as an ‘orchestration engine’. Ansible is built on five design principles – ease of use, quick learning curve, comprehensive automation, efficiency, and security. Ansible can be installed via a git repository clone to an Ansible master server. It is built on python but its modules can be written in any language, provided the output of the module is valid JSON. Ansible has a vast collection of modules that can be used to manage different systems and cloud infrastructure like OpenStack and Amazon EC2. Like several other open source projects, Ansible also has a paid product that is available via a web UI referred to as Ansible tower.

CFEngine

CFEngine is probably the oldest and one of the most established configuration management tools. It has been described as the grandfather of configuration management tools. CFEngine has undergone numerous iterations allowing it to maintain relevance as OS have migrated from local data centers to the cloud. It runs on C and despite having a significantly smaller footprint, CFEngine runs quickly and has few dependencies. There is a library of reusable data-driven models that can help CFEngine users model their desired states. The main drawback of CFEngine is its steep learning curve.

Chef

Chef is a powerful IT infrastructure configuration management tool that is offered as both an enterprise and open source product. Chef has a scalable and flexible automation platform and provides integration with leading cloud providers. It also provides enterprise platform support, including Solaris and Windows and enables users to develop, bootstrap and manage OpenStack clouds. Chef is written in Erlang and Ruby, extensions or specifications are written in pure ruby. Aside from configuration management, Chef can also be used to rapidly provision and deploy servers for automated delivery of services and applications.

Fabric

Fabric is a Python command-line tool and library for streamlining the use SSH for systems administration tasks or application deployment. It offers a fundamental suite of operations for executing remote or local shell commands and downloading/uploading files, as well as additional functions like aborting execution or prompting the running user for input. The main advantages of Fabric is that it uses simple primitives (reboot(), get(), sudo() etc.) and all you need is a remote command API, this eliminates the need for abstraction or a DSL.

Pallet

Unlike most of the other CM tools, Pallet is more of a CM library or framework built with developers in mind as opposed to a standalone CM tool. Its lightweight nature means it can easily be embedded or integrated into other applications. Despite the fact that it can work in traditional on premise servers, Pallet is designed for cloud based environments. Pallet is relatively new in the market so its documentation is still a work in progress but its user community is quite helpful. Pallet is built with Clojure, a JVM implementation of the LISP programming language.

Puppet

Puppet is one the most complete configuration management tools in terms of user interfaces, modules, and available actions. It is an ideal representation of the entire picture of data center orchestration, including virtually every operating system and providing deep tools for the main operating systems. Puppet is written in Ruby, and like Chef, it comes in both an enterprise and open source version. However, unlike Chef whose offering of features is healthy across both enterprise and open source versions, a majority of Puppet’s features are placed into enterprise status. Setting up Puppet is relatively easy and it requires the installation of a master server and client agents on every system that is to be managed.

Salt

As part of a bigger enterprise ready application, the configuration management section of Salt is feature-full and robust. Like Ansible, Salt is a CLI based tool that uses a push method of client communication. Users can issue commands like install packages or start services to “minions” directly from the CLI, which receives the commands from the central salt master and replies with the results of the command(s). Salt can be installed via a Git or via the package management systems on masters and clients.

Slaughter

Slaughter is a Perl-based utility tool that is used to automate the deployment, configuration, and maintenance of a large number of servers. Despite the fact it was written from scratch, it is greatly inspired by CFEngine. Slaughter is considerably small in terms of code, and the concepts required to understand and use it. Despite its simplicity, Slaughter is flexible and facilitates a wide range of functions. Slaughter is a client-pull application, this basically means that each machine that has slaughter installed on it is expected to schedule itself. There is no central server in charge of mediation, control or scheduling.

Author: Gabriel Lando