CM is the process of using automation to standardize resource configurations across your entire infrastructure and applications. CM tools such as Chef, Puppet, and Ansible can help you manage IaC and automate most system administration tasks, including provisioning, configuring, and managing IT resources. By automating and standardizing resource configurations across the development, build, test, and deployment phases, you can ensure consistency and eliminate failures caused by misconfiguration.
CM can also increase the productivity of your operations by allowing you to automatically deploy the same configuration to hundreds of nodes at the push of a button. CM can also be leveraged to deploy changes to configurations.
Although you can use registry settings or databases to store system configuration settings, a configuration management application allows you to maintain version control as well, in addition to storage. CM is also a way to track and audit configuration changes. If necessary, you can even maintain multiple versions of configuration settings for various versions of your software.
CM tools include a controller machine that manages server nodes. For example, Chef requires a client agent application to be installed on each server that it needs to manage, and a master Chef application installs on the controller machine. Puppet also works the same way with a centralized server. However, Ansible has a decentralized approach and doesn't require the installation of agent software on the server nodes. The following table shows a high-level comparison between the popular configuration management tools:
|
Ansible |
Puppet |
Chef |
Mechanism |
Controller machine applies changes to servers using Secure Shell (SSH) |
Master synchronizes changes to Puppet node |
Chef workstation looks for changes in Chef servers and pushes them to Chef node |
Architecture |
Any server can be the controller |
Centralized control by Puppet master |
Centralized control by Chef server |
Script Language |
YAML |
Domain-specific on Ruby |
Ruby |
Scripting Terminology |
Playbook and roles |
Manifests and modules |
Recipes and cookbooks |
Test Execution |
Sequential order |
Non-sequential order |
Sequential order |
CM tools provide their own domain-specific language and set of features for automation. Some of these tools have a learning curve whereby the team has to spend some time to learn the tool.
As security is becoming a priority for any organization, so bringing complete automation security is the need of the hour. To avoid human error, organizations are moving to tight security implementation and monitoring, using the DevOps process popularly known as DevSecOps. Let's explore more about DevSecOps (short for development, security and operations) in the next section.