This past Tuesday (March 12th), I went to the DevOpsDC meetup. The topic was automation. They had someone from CFEngine and Canonical come in to present their automation toolsets. The organizers represented Chef and Puppet. The idea was a kind of “automation tool thunderdome”. While it wasn’t quite that exciting, I did learn a good bit. Here are my perceptions of the “contenders”.
There were a couple of CFEngine guys there. The one that did the presentation seemed like the seasoned sysadmin type. He told us about how CFEngine evolved, embracing theories and philosophies along the way to growing up. He offered a high level overview of how CFEngine works. This is where the presentation started to falter though. The attendees started to latch on to points of insecurity. Unfortunately, this threw the presenter off kilter to the point where he couldn’t even properly finish his presentation. I’m sure the attendees had legitimate concerns about security, but that would be something to bring up after the presentation, not during. It did seem to revolve around IP authentication which, if true, is horribly foolish. Unfortunately, the presentation degraded into pointlessness after miscommunication and an overwhelming sense of “tear the ‘expert’ down” destroyed it.
Unfortunately for CFEngine, that wasn’t so much what gave me a bad taste about it. What did it for me is when the talk, fairly early on, shifted from “technology and applied theories” to “Look at our big clients”. Whenever a product presentation starts resting on the laurels of its large clientele, instead of the power and superiority of its offering, I tend to tune out and discount it. Perhaps this is just a bias of mine. Sure, some really big banks and organizations use it extensively. That doesn’t mean I want to use it in my infrastructure. To its credit though, CFEngine is really fucking fast. It is written in C, requires no dependencies, and outshines all others I’ve seen, in speed. Unfortunately, speed isn’t everything and there were some security flaws brought up. Personally, I’ve moved on.
The guy from Canonical definitely had a west coast air about him. A sort of laid back, cocky, cool guy vibe. Totally fits in with my vision of Canonical. He was a developer on the Juju project, so he generally knew his project stuff well. The downside is that he was overwhelmingly a developer. Juju, and consequentially his presentation, is aimed at Ubuntu. Sorry, not just aimed at… but solely for Ubuntu. Of course, this immediately put off the ole’ salty dogs of the Unixes past. Personally, I’ve got no problem with Ubuntu and, if given the choice of which OS is going on my server, it’s my go to distro. However, I know this made the presentation, from a really early point, completely unpalatable to a few attendees.
About the technology side of things. Juju is a completely different take on the whole idea of automation. Really, it’s not about automation. It’s about orchestration. Not really system orchestration though, but service orchestration. Unfortunately, right now, it’s in its early stages. By early, I mean alpha-beta. Would I want it handling my production architecture? Hell no! Would I toy with it in a cluster of virtual machines? Sure, could be fun. Right now, Juju just needs to grow up. Maybe it will have something to show off in a few years. Currently, don’t waste your time.
Puppet didn’t really receive a fair shake. Honestly, I didn’t really learn much about it and so, in the interest of fairness, I will not be passing a judgement on it. I know lots of people love it. I know plenty hate it. The overwhelming tone of the presentation did make me feel like it was painful, both the presentation and the use of puppet. Ultimately, I felt like the presenter was actually making a great case for…
Chef was the final presentation of the night. The presentation had a welcome depth to it, while still maintaining an “overview” feeling to it. My own personal experience with automation has been with Chef, so much of the presentation felt familiar to me.
Chef has the good theory parts of CFEngine with some of the hackiness of Puppet, and a giant bucket of polish. While it is still new and growing, as the presenter pointed out, so much is available for you to do with Chef. The whole of the Ruby language is at your disposal.
As the presentations ended and the meetup came to a close, we were given a proverb that I hold as a tenant of the DevOps movement. “Use what works for you. If the tool fits the job well, you like using it, and it makes your life easier, then use it.” Really, this is all it comes down to, at the end of the night.
My opinion, I’m rolling with Chef any time I need automation. That’s not to say I don’t recognize the others. It’s just what I prefer. Some things are worth pointing out though, about the others. Chef is where it is today, by standing on the shoulders of giants. CFEngine pushed the paradigms that we now see in both Chef and Puppet. Puppet surely influenced Chef, if with nothing but Ruby. Juju is playing it’s own game right now, and it will be interesting to see where it goes. I do believe that, if you couple Juju with something like the “platform as a service” (PaaS), then you will go far. It just isn’t meant for getting into the nitty gritty of a system. It’s much more high level and, really, it just wouldn’t be the right tool for that job.
CFEngine seems great if you have complete and perfect control of your network, you need many more servers (orders of magnitude more) than the average business, and you therefore need the shear speed of well-compiled C.
Juju has too much growing up to do for me to take seriously, right now. It does, however, seem really good at standing up a local wikimedia install on your laptop. Then again, so are my shell scripts.
Puppet seems great if you already know a lot of Puppet stuff or have the willpower to do the hacky work required.
Chef is the go to standard (or should be) of most sysadmins I meet everyday. It has struck a good balance of power and simplicity. If you’re starting out, start here.