Puppet

Puppet is a configuration management tool written in Ruby. It is designed to make it easier to deploy servers and scale applications across a network, and it does so using a custom declarative language. It has both open source and commercial (closed source, or proprietary) versions.

Puppet does four basic things. First, it provides a place for you to define the desired state for your infrastructure’s configuration. Second, Puppet simulates changes before enforcing them. Third, Puppet enforces the desired state automatically, making corrections for drifting configurations. Finally, Puppet gives you a report on the differences between the actual and desired states before you make any changes.

The Puppet Forge website (https://forge.puppetlabs.com) provides access to downloadable modules, which are bits of Puppet code for automating tasks, such as setting up a specific type of server. Instructions there are also available for creating and sharing your own modules.

Much of the power of Puppet is made available in its for-payment Enterprise version, which also includes a nice GUI. The open source version works with Amazon for provisioning, manages configurations for operating systems and applications, lets you use Puppet modules from Puppet Forge, and has community support via the Web. If you need anything more than this, either find a different product or pay to use Puppet’s Enterprise version, which has a good reputation for maturity and usefulness.

Chef

Chef is a configuration management tool, also written in Ruby. It uses a service-oriented architecture to help automate tasks. With Chef, you write recipes that describe how you want your server or specific server software to be configured (for example, an HTTP server or a database server). A recipe describes each resource, such as services that should be running or packages that should be installed, and the state in which each should be found. It then makes sure that configuration is maintained or updated across all servers being managed.

Chef is open source. However, to really use it, you must pay for a hosted version (called Hosted) or a standalone version (called Private) that you can install inside your corporate firewall with a service contract. Downloading the source code and getting it up and running is not a trivial task, and support for the open-source version (called Open Source) without a service contract is limited. That said, like Puppet, Chef is mature and well respected and worth your time if you need what it offers.

Ansible

Ansible is an orchestration engine. It does configuration management, application deployment, and more. It was a proprietary product, but Red Hat bought the company that created it and promptly worked its magic to release the code with an open source license. Much the way Red Hat handles its enterprise Linux and middleware products, it provides free and open source Ansible code—but only in source form. You can license binaries from Red Hat, which the company will then support. Ansible is well respected and worth looking into.

SaltStack

SaltStack automates infrastructure, networking, and security. It works both on premises and in the cloud and at scale. It is popular (second only to Ansible at the time of this writing) and does things that are tedious and important, including continuous compliance policy checks and native CVE scanning, including automated remediation in many instances.

CFEngine

CFEngine is probably the oldest option for automating infrastructure. It is written in C, so it might be a little faster than the other options. It manages server builds, deployment, and management, and it performs some very useful audits and reports. Some really big names are known to use CFEngine, such as AT&T, IBM, Pixar, and Qualcomm.

CFEngine has open source and enterprise versions. The differences are a little less extreme than with some of the other options, but again, the enterprise version has all the flashy chrome and a few really useful features that make it worth the expenditure for most users who need or want the added benefits they offer.

Juju

Juju enables you to deploy services quickly and easily across multiple servers, simplifying the configuration process, and is particularly designed with cloud servers in mind. It is described in Chapter 32, “Ubuntu and Cloud Computing.”

Landscape

Landscape is an enterprise-focused systems management and monitoring tool that is available from Canonical. It is a part of the Ubuntu Advantage program (www.canonical.com/services), which is a paid service. You can run Landscape as a hosted service from Canonical’s Ubuntu Advantage, or you can install it locally. It can monitor both local servers and cloud servers, such as those discussed in Chapter 32.

References

▸ www.puppetlabs.com—The official website for Puppet

▸ https://forge.puppetlabs.com—The official website for Puppet Forge

▸ www.chef.io/chef/—The official website for Chef

▸ www.saltstack.com/—The official website for SaltStack

▸ https://cfengine.com—The official website for CFEngine

▸ www.ansible.com—The official website for Ansible

▸ www.ubuntu.com/support—The official website for Ubuntu Advantage

▸ https://help.ubuntu.com/20.04/serverguide/index.html—The official Ubuntu server guide