August 11, 2016

Puppet vs. Chef: Comparing Configuration Management Tools

Written by

Over the past decade, enterprise IT environments have grown more complicated by several orders of magnitude. Thanks to the cloud/mobile revolution and the resulting wave of commercial and proprietary business apps, the days of simple closet servers are gone. According to Gartner, the average firm makes 10,000 changes to its IT environment every year.

To account for this complexity, many IT departments decide to implement a configuration management system.

Configuration management software (CMS) is designed to help systems admins and engineers control and document their IT infrastructure, including applications, utilities, servers, virtual machines, physical machines, cloud services, and other components. For that reason, many people also refer to CMS as “IT automation.” Automation, of course, means you don’t have to write hundreds of custom scripts and spend your days manually logging changes and investigating component status.

ALSO READ: Top 5 Security-as-a-Service Providers

If you’re shopping for a configuration management system, you’ve probably come across Puppet and Chef — two of the industry’s most trusted and well-known vendors. At first glance, they might seem interchangeable, but these open-source tools have their own unique strengths and weaknesses.

In this article, we’ll compare Puppet vs. Chef based on systems and pricing, features, and integrations to help you make the right choice for your company.

Puppet vs. Chef: Product Overview

Puppet is an open-source platform IT managers can use to record their system components, continuously “discover” information, and create a catalog of dependencies. Although Puppet was written in Ruby, you’ll usually be recording data in Puppet’s own declarative language, which is reminiscent of JSON. The platform uses your desired configuration state (indicated by “manifests”) to audit and regulate your environment. Many also hail Puppet as one of the industry’s “infrastructure as code” tools, though IaaC is arguably more an approach than a tool.

puppet screenshot

 

Puppet’s customer list includes more than a few big names — like Intel, NASA, Salesforce, and Verizon — but they’re also scalable enough to meet the needs of small businesses and startups.

Chef, also an open-source platform, is tailored more to the needs of DevOps users, or at least they have been, historically. Chef’s “recipes” are similar to Puppet’s “manifests,” but you’ll use pure Ruby to create procedural scripts, rather than desired state models. A bunch of recipes grouped together = a “cookbook.” A bunch of cookbooks available for download through Chef’s online community = the “Supermarket.” You get the idea. Thanks to its strong procedural approach, Chef can also support IaaC, perhaps even more so than Puppet.  chef compliance report

Although Chef is four years younger than Puppet, they still have still managed to build a broad and elite customer base, including the likes of Intuit, Target, Gannett, and GE Capital.

Systems and Pricing

Puppet’s main platform comes in three editions. The first, as open-source etiquette would dictate, is free for up to 10 nodes. 

For organizations with more than 10 nodes, pricing starts at $120 per node and will buy you a standard or premium support package, depending on which edition you select.

Core components of the Puppet platform include:

  • Puppet Language: Use their declarative language to specify how your systems should be configured.
  • Puppet Server: JVM application that provides Puppet’s core HTTPS services
  • PuppetDB: collects and analyzes data to display on the web interface
  • Facter: system profiling tool
  • Hiera: hierarchical data lookup tool (can separate configuration data from configuration logic)

Chef also comes in three editions with a free starting tier. They don’t limit the number of nodes for the free version, but they do scale back features. You’ll get Chef client, server, and development kit, but no hosting services, no supported content, and only a limited trial of customer support.

Pricing for paid editions starts at $72 per node, but requires a minimum of 20 nodes. Available product components include:

  • Chef Server: “Define your infrastructure as code and have that code manage systems consistently and quickly as they scale.”
  • Chef Automate: DevOps platform for teams, adds workflow automations, compliance measures, and administrative visibility.
  • InSpec: serves the auditing function for Chef environments; manage compliance and security
  • Habitat: Build, deploy, and manage apps

That’s a fairly different spread than Puppet if you’re comparing portfolios, but the core product is still focused on configuration management and IT automation

Configuration Management Features

Now we get to the meat of the comparison. How do these two platforms, both trusted by many, approach configuration management?

Let’s start with what they have in common.

Both use a client/server installation, which means your nodes will sync with the instructions coded or modeled in the platform’s server component. They both offer a wide variety of pre-built scripts and/or modules through their online developer communities (Puppet Forge and Chef Supermarket). And they both provide reporting and analytical tools that can crunch data about nodes, resource status, configuration events, and various infrastructure metrics.

As you start to look deeper, the two platforms reveal their distinctions. Chef is heavily reliant on code, and most of what you do in the system will require pure Ruby scripts. That can be good, in terms of flexibility (you can create just about any kind of configuration imaginable), but it can be bad if you don’t come from a DevOps background and aren’t ready to trust your environment to a bunch of custom procedural scripts.

Chef lets you Use search-based policy to dynamically update node configuration based on data from other nodes.

Chef lets you dynamically update node configuration based on data from other nodes.

Puppet, on the other hand, uses a model-based approach to enforce your “desired configuration state.” I.e. you create manifests to show the server a model of how you want everything to look, and the server enforces your will by pushing instructions to your nodes . . . or something like that. As you can imagine, that means Puppet is a better choice for systems admins looking for a lower initial learning curve (although, thanks to a recent update, Puppet will allow developers to create manifests using pure Ruby).

puppet node management screenshot

Courtesy of Puppet

 

Integrations/Elasticity

If you’re trusting a configuration management platform to monitor and automate your entire IT environment, it’s important to make sure the platform will be able to exchange data with all of the servers, applications, utilities, etc. within your organization. It’s also good to know what plugins are available, in case you decide to expand or add new functionality.

Puppet integrates with most of the leading cloud service providers, including Amazon, Microsoft, VMware, OpenStack, and Google. They also support a broad range of operating systems: Linux, BSD, Unix, Windows, and more. And, as I already mentioned, you’ll have access to more than 4,000 pre-built modules created by users and Puppet staff through Puppet Forge. Puppet plug-ins are distributed within their corresponding modules, or you can build your own to enable new features. Other notable integrations include Splunk, HipChat, and Docker.

Similarly, Chef integrates with a wide variety of cloud providers, including Amazon EC2, VMWare, IBM Smartcloud, Rackspace, OpenStack, Windows Azure, HP Cloud, Google Compute Engine, Joyent Cloud and others. The Chef Supermarket offers roughly 3,000 “cookbooks” for IT automation — a slightly smaller spread than Puppet’s, but not a huge distinction in itself. In addition to cookbooks, the Supermarket contains a number of tools and plugins that can help you automate processes or increase visibility. Most plugins are open-source and available on GitHub.

Making Your Final Decision

If you’re comparing Puppet vs. Chef online, it’s important to take what you read with a grain of salt. Everyone will offer an opinion that reflects their own unique experiences. A developer who spends a lot of time using Chef’s developer kit and Knife plugin architecture may swear by the platform. A systems admin who prefers the simple, declarative language of Puppet may swear that Chef is too risky and too hard to learn.

At the end of the day, both tools offer phenomenal IT automation power — just different process and presentation. The question isn’t necessarily which is better, but what is your skill set, and how do you plan to approach configuration management? Still can’t decide? Call one of our experts for a free consultation.  

Free Download

IT Software Buyer's Guide

Get My Free Guide