4. Principle
• A client/server architecture.
• The server has a reference configuration.
• The client queries the server.
• The client makes change in order to match
the reference configuration.
5. Principle
1. “Can you give my configuration model ?“
2. “Ok, for you, that's it.”
3. “I make the necessary in order to fulfil it.”
4. (optional) “Thank you, I'm ok, no error” or
“I had a problem”.
10. Comparison
3 major solution :
• Puppet
• Chef
• Cfengine
Pretty similar possibilities.
Some specificities.
11. Comparison
Puppet Chef Cfengine
Pull Yes Yes Yes
Push No No No
Idempotence Yes Yes Yes
Config language Declarative Ruby Declarative
Web UI Yes (limited) Yes No
OS Support Linux/Unix – Linux/Unix –
Linux Linux/Unix –
Windows Windows Windows
(experimental) (experimental) (experimental)
Licence GPL v2 Apache GPL
Company Puppet Labs OpsCode Cfengine
Cloud Yes SaaS platform Yes
25. Chef
• Created in 2009 by Opscode
• Sustained development
• Configuration language : Ruby
• Modular configuration
• Template
• Asymmetric Key Encryption
27. Chef
• Chef server : chef-server
• Chef client : chef-client
Main steps once installed :
• Key exchange
• Chef-server configuration
• Chef client checks every 30 mn by default
28. Chef
Vocabulary :
• Recipes
• Cookbook
• Role
• Node
• Attributes
• Knife
• Chef Repository
30. Chef
Chef Server is in fact several processes.
•API Service
Used to interact with server for node configuration.
•Management Console
WebUI which permits to do administrative tasks.
31. Chef
• File indexer
Apache SOLR, a search engine.
• Data store (CouchDB)
Used for store roles, nodes and data bag JSON data. Sends
it to SOLR, through AQMP queue.
•AQMP Server
Used by CouchDB as queue.
39. Chef vs Puppet
Chef Advantages
• Cookbooks sharing
• Stricter configuration rules
• Ruby
• Useful WebUI
Disadvantages
• A bit more complex
• More setup needed
• Usable in production, but still young
41. Cfengine
• Created in 1993 by Mark Burgess
• The first configuration manager
• Major update in 2009, Cfengine 3
• Proprietary configuration language
• Template
• Asymmetric Key Encryption
48. Cfengine
•With Cfengine, you have to do configure
everything. From the promises, to the host
authorized, or the failsafe procedure.
49. Cfengine vs Puppet vs Chef
Cfengine is powerful. But...
• Painful configuration
• Have fun with log (excessively verbose... Or not.)
• Seems outdated compared to Puppet and Chef
Keep in mind that you have as much
possibilities as Puppet & Chef. But the time
you pass configuring and master it is
incomparable.
51. Migration advices
• Migration have to be progressive.
• Writing configurations take time.
• Be extremely rigorous.
• Don't forget the revision control.