Configuration Management History & Basics

Configuration Management

What is it?

Configuration management is the process of standardizing resource configurations and enforcing their state across IT infrastructure in an automated yet agile manner.

History of CM

Infrastructure as code

Common Features for CM

Running the CM tool multiple times shouldn't change the state each time, only if a change is needed.
System "facts"
Specific information about a machine which may include things like machine hardware, software installed, network information, etc
Use of templates
Building dynamic config files by using templates and variables.
Community code
Many CM platforms have user contributed "modules" that can be shared and used globally.

CM Platforms

Lightweight agent system. Manages configuration of a large number of computers using the client–server paradigm or stand-alone. First released in 1993 by Mark Burgess and also the oldest CM Platform still widely used today.
Puppet consists of a custom declarative language to describe system configuration, distributed using the client–server paradigm. First released in 2005 by Luke Kanies.

CM Platforms

Chef is a configuration management tool written in Ruby, and uses a pure Ruby DSL for writing configuration "recipes". A collection of recipes are called a cookbook. Also a client-server model. First released in 2009 by Adam Jacob.
Ansible is written in Python. Combines multi-node deployment, ad-hoc task execution, and configuration management in one package. Utilizes SSH with little to no remote agents. First released in 2012 by Michael DeHaan and purchased by Red Hat in 2015.

Puppet Example

package { "apache":
  name    => "httpd",
  ensure  => present,

service { "apache":
  name    => "apache",
  ensure  => running,
  enable  => true,
  require => Package["apache"],

Chef Example

package 'apache' do
  package_name 'httpd'
  action :install

service 'apache' do
  action [:enable, :start]

Ansible Example

- hosts: all
    - name: 1. Install Apache
      yum: name=httpd state=present
    - name: 2. Start Apache Service
      service: name=httpd state=running enabled=yes

Push vs. Pull

  • Clients poll a centralized master periodically for updates (i.e. Chef, Puppet, Cfengine)
  • Pros: Full automation capabilities, increased scalability
  • Cons: configuration management specific DSL, difficult to send immediate changes
  • Server calls client and can execute an immediate remote execution usually using ssh (i.e. Salt, Ansible)
  • Pros: Control, simplicity, can send commands immediately
  • Cons: Automation requires more work, Lack of scalability

Config Management Tool Comparisions



Lightweight agent system. Manages configuration of a large number of computers using the client–server paradigm or stand-alone. Any client state which is different from the policy description is reverted to the desired state. Configuration state is specified via a declarative language. CFEngine's paradigm is convergent "computer immunology".

When to use it:

Performance and low memory usage is the primary motivating factor for your environment. If you also agree with the convergent and promise theory behind CFEngine, its for you.

CFEngine: Pros

CFEngine: Cons



Puppet code design works as a list of dependencies, which can make your life easier or more confusing, depending on the setup. Historically been the choice for more sysadmins.

When to use it:

Puppet is a good choice if stability and maturity are key factors for you. It's good for large enterprises with a heterogeneous environment and range of skills on the DevOps team.

Puppet: Pros

Puppet: Cons



The Chef design is transparent and based on following the instructions it's given, which means that you’ll have to make sure your instructions are clear. Historically been the choice for developers.

When to use it:

If you already use Git and have a solid understanding of the Ruby language, it's a great fit. Chef is good for development-focused teams and environments. It's good for enterprises looking for a more mature solution for a heterogeneous environment.

Chef: Pros

Chef: Cons



Ansible: When to use it

Ansible: Pros

Ansible: Cons