Puppet & Chef in the DevOps Toolchain 1 A discussion regarding tools and DevOps should Introduction therefore begin by considering the individuals who will be utilizing the tools. The rise of so- DevOps Depends on People called “polyglot programmers” and systems In a few short years DevOps has gone from administrators with coding proficiency reflects a fringe movement to a must-have for any a general trend in IT towards despecialization. IT leader. There’s a lot of buzz around it, but Developers these days are adept in a number there’s a lot of practical knowledge in there of languages and approaches, applying each as well. Provisioning environments, deploying accordingly based on the problem at hand. applications, maintaining infrastructures--these Similarly, most systems administrators are all critical yet delicate tasks traditionally possess competent programming abilities for done by hand. What if we could get a machine to traversing the stack-- on top of the requisite do all that stuff for us, not just saving hours of skills for managing IT operations. The industry work, but also removing the element of human has been quick in attaching new labels to these error? emerging hybrid roles: DevOps Engineer and DevOps Specialist being the most common. So began the boom in configuration management Notwithstanding, the key takeaway is that no (CM) tools. Some regard CM solutions as single IT skill is more important or valuable than “DevOps in a Box,” but that’s not right. DevOps another; subsequently, many different tools are is about collaboration between people, while required to do the job effectively. So as DevOps CM tools are just that: tools for automating the is comprised of a group of concepts clustered application of configuration states. Like any around the premise of continuous software other tools, they are designed to solve certain delivery, these concepts in turn encompass a problems in certain ways. How effectively they range of associated tools for fulfilling particular do so depends on the knowledge and ability of functions. the person wielding them. Puppet or Chef? So when it comes to CM automation solutions, should you choose Puppet or Chef? This age old question of configuration automation & 2 Understanding the DevOps Toolchain Project Infrastructure changes are tracked as tickets in UpGuard Examples: Management and sent to your project management tool of choice. Jira, Asana, Pivotal Requirements The requirements of current applications are avaliable in Examples: Gathering UpGuard’s system state documentation. Word, Wikis, Spreadsheets Artifacts Code and UpGuard policies are versioned and Examples: Versioning checked in to be used in build and deployment process Git, SVN Continuous integration and deployment tools use Examples: Continuous UpGuard policies to validate environments before Jenkins, Team City, Travis, Integration and after deployment. CircleCI, Drone.io UpGuard generates manifests for configuration Configuration Examples: management tools like Puppert, Chef, Powershell DSC, Management Puppet, Chef, Ansible Ansible, Salt and more. Configuration state is continuously checked for deviation Examples: Monitoring from baseline, much like you would with Shell Scripts performance monitoring. Complete configuration state is documented and Examples: Discovery accessible for anomaly analysis and troubleshooting. CMDBs After confirming the system state’s health, Examples: New Baseline UpGuard documents the new baseline None for development. UpGuard provides the feedback mechanism from the Examples: Standardize end of one development cycle to the beginning of the next. None 3 Versioning and Source Control Configuration Management (CM) Tracking code level changes is a common CM tools allow one to define the desired state and necessary activity of today’s software of a system and/or environment in regards to developers. Doing so enables concurrent configuration files, software installed, users, development, merging, and rollback capabilities groups and many other resource types. They for applications/software. Source Control also provide functionality to automatically push Management (SCM) tools are popular options for changes onto specific machines, also known as keeping track of software code; many DevOps automation and orchestration. This is where practitioners also track versions of their systems Chef and Puppet live in the toolchain. Let’s take configuration with these tools, essentially a closer look now at CM tools to understand how managing their infrastructure “as code.” For Chef and Puppet compare in this role. example, it’s a common practice for systems administrators to store and manage their Puppet Configuration Manifests or Chef Cookbooks in GitHub. Continuing Integration Management and Orchestration Continuous integration (CI) and orchestration Tools tools enable the integration of development code Aside from Puppet and Chef, which we will look into the overall software product frequently at in detail, there are other CM tools available on and early in order to mitigate potential conflicts the market. down the line. Typically, these tools are employed to automate software builds and testing, and are CFEngine crucial for applying quality control on a continual CFEngine runs on C, as opposed to Puppet’s basis (as opposed to after the software has been use of Ruby. C is the more low level of the two developed and released). These tools can also languages, and one of the main complaints be used to track and manage changes for CM-- regarding CFEngine is that the learning curve is for example, CI tools can be used to test Chef very steep. It does mean though that CFEngine Cookbooks and Puppet Manifests for bugs and has a dramatically smaller memory footprint, it errors, and be configured to do so automatically runs faster and has far fewer dependencies. every time infrastructure changes are committed and merged. SaltStack Salt, like Ansible, is developed in Python. It was Testing and Validation also developed in response to dissatisfaction Tools and frameworks for testing and validation with the Puppet/ Chef hegemony, especially their are important for ensuring quality at all phases slow speed of deployment and restricting users of development. In many cases, unique solutions to Ruby. Salt is sort of halfway between Puppet are applied to a specific aspect of testing-- for and Ansible – it supports Python, but also forces example, one tool may be used for unit testing users to write all CLI commands in either Python, while another is used for integration testing. or the custom DSL called PyDSL. It uses a master 4 server and deployed agents called minions to Now that we’ve seen some of the various control and communicate with the target servers, offerings of Configuration Management tools but this is implemented using the ZeroMq for DevOps, let’s dive into the two most popular messaging library at the transport layer, which solutions for configuration automation, Chef and makes it a few orders of magnitude faster than Puppet. Puppet/ Chef. Anisble Ansible consists of two offerings: Ansible and Ansible Tower, the latter featuring the platform’s UI and dashboard. Despite being a relatively new player in the arena when compared to competitors like Chef or Puppet, it’s gained quite a favorable reputation amongst DevOps professionals for its straightforward operations and simple management capabilities. Docker To think about CM in a different way, consider Docker. Docker deploys software applications with all the necessary parts in a container, thereby ensuring it will run on any Linux server, regardless of configuration and/or settings. Containers can be created, configured, and saved as templates for use on other hosts running the Docker engine. These templates can then be used to create more containers with the same OS, configuration, and binaries. Powershell DSC For Microsoft shops, DSC is a management platform in Windows PowerShell that enables deploying and managing configuration data for software services and managing the environment in which these services run. DSC provides a set of Windows PowerShell language extensions, new Windows PowerShell cmdlets, and resources that you can use to declaratively specify how you want your software environment to be configured. It also provides a means to maintain and manage existing configurations. 5 Versioning and Source Control Confirguation Management (CM) Tracking code level changes is a common CM tools allow one to define the desired state and necessary activity of today’s software of a system and/or environment in regards to developers. Doing so enables concurrent configuration files, software installed, users, development, merging, and rollback capabilities groups and many other resource types. They for applications/software. Source Control also provide functionality to automatically push Management (SCM) tools are popular options for changes onto specific machines, also known as keeping track of software code; many DevOps automation and orchestration. This is where practitioners also track versions of their systems Chef and Puppet live in the toolchain. Let’s take configuration with these tools, essentially a closer look now at CM tools to understand how managing their infrastructure “as code.” For Chef and Puppet compare in this role. example, it’s a common practice for systems administrators to store and manage their Puppet Manifests or Chef Cookbooks in GitHub. Chef and Puppet Chef Continuing Integration Merely labeling a tool as a DevOps solution does