Culture is an important reason as to why people gravitate to one tool or another. Chef will draw in Ruby developers because it’s not declarative, and because it’s easy.

My experience is that most developers don’t do declarative systems. Everyday languages are imperative, and when you’re a developer looking to get something deployed quickly, you’re most likely to pick the tool that suits your world view.

Systems Administrators tend to use more declarative tools (make, etc.)

Developers and Systems Administrators also have a divergent set of incentives. Developers are generally rewarded for delivering systems quickly, and SA’s are rewarded for stability. IMHO, Chef is a tool to roll out something quickly, and Puppet is the one to manage the full lifecycle. That’s why I think Chef makes a good fit for cloud deployment because Vm instances have a short lifespan.

I think it’s still anybody’s game. The opportunity for Chef is that the developer community could build out an ecosystem very quickly.

It seems to me that both system have quite a bit of support out there and it really comes down to what you as the sysadmin/developer prefer.

I would also agree with ripienaar’s tweet about disagreeing with point 6. Configuration management systems are not really intended for deploying software but for making sure that systems conform to a certain policy ie. webserver policy etc.

I’m a SA and have worked closely with developers for years. It never ceased to amaze me how differently we think. It does boil down to priorities, culture, and incentives as Julian mentioned. I have not used Chef but I saw quite the stir the last time I mentioned puppet Puppet Works Hard To Make Sure Nodes Are In Compliance.

I have used puppet both as a deployment tool and a configuration management tool. It really can do both just fine as a deployment is essentially a configuration change. But I have found it easier to use a tool like fabric when I need to perform “actions” on a group of machines, especially when those actions are many and very possibly one time. I have found it a bit daunting if you put too much into your configuration management tool as over time it becomes a lot to sift through, and when its time to remove a configuration you have to leave that part of the configuration there (the part that removes whatever it was).

Maybe I haven’t looked around enough but I really want to see a puppet reporting tool. I know bcfg2 has a decent one. I want to be able to know the current stats of my nodes, who is in compliance, who isn’t, when I last spoke with what node, last time nodex changed and what changed.

As with many comparisons between software packages, it’s very hard to be objective - most people do research on multiple solutions, but only have real-world experience with one.

What’s your experience in configuration management - have you used Chef at all?

Readers, do you homework too and stop reading articles with the title ‘versus’, the hallmark of propaganda. If you must read on, some specific points, with disclosure that I’m a Chef early adopter with previous Puppet exposure.

#1, #2, #5, #7, #10: puppet is more mature than Chef

All software starts with a small install base, fewer adherents, etc. That doesn’t make it more suitable for your specific environment or taste in software development (configuration management is development too). The answer here is to try both systems yourself and compare them - something the author of this article seems to not have done yet. It’s not just about the code, it’s about the software used to deploy it, the way it authenticates, etc. These things should also influence your decision.

#9: Dependency management

“Chef has no support for specifying dependencies (ordering resources). Chef is like a shell script: things are done in the order they’re written, and that’s all.”

Chef’s default behavior is to process resources in the order you write them. It has other dependency features just like Puppet does - see below.

“A resource in Puppet can ‘listen’ for changes to things it depends on: if the Apache config changes, that can automatically trigger an Apache restart. Conversely, resources can ‘notify’ other resources that may be interested in them.”

This has been possible in Chef for a long time. See this real world example: http://gist.github.com/276246

http://wiki.opscode.com/display/chef/Resources - See the ‘notifies’ attribute in the Meta section.

#3 Dedicated configuration language

“Ruby is a good general-purpose programming language, but it is not designed for configuration management - and learning Ruby is a lot harder than learning Puppet’s language.”

Sysadmins who can code can learn Ruby quickly, and there are plenty of resources on how to write Ruby. While most of the time you can stick to the Chef style of Ruby, you have access to the power of a mature programming language for free. If you think this language is easier, show why that would be the case for someone who already knows at least one programming language.

I see nothing inherent in Puppet’s language that makes it better suited to configuration management. If you think there is, show some examples.

#6: Language/framework neutral

Straight up bullshit here. There is nothing in Chef specific to Ruby on Rails. All chef deployments I know of (including our own) are used for deploying entire stacks of software totally unrelated to Ruby or Rails, just like Puppet.

Conclusion: In the next installment, show more code examples and tell us why Chef didn’t work for you where Puppet did. Try both software packages the day before you write the article, not 6 months before. Assume your readers write code and already know that adopting less mature software is more risky.

Here’s a better, more balanced article comparing real world usage of Chef and Puppet.

http://bhuga.net/2009/09/puppet-vs-chef

Chef has more contributors than Puppet.

http://www.ohloh.net/p/compare?metric=Contributors&project_0=Puppet&proj…

Hi John! Thanks for being passionate about my favorite space - configuration management. You do great work, and I know your intent wasn’t necessarily to sow discord - but I wanted to take a moment to comment on a few of your points that I think are either wrong or missing some important context.

1) Large installed base

Chef has somewhere in the neighborhood of ~1500 working installations. It’s true that our early adopters are primarily large web players like Wikia, Fotopedia, and 37signals. We also have a growing number of people integrating Chef directly into their service offering - it’s not just Engine Yard, it’s RightScale and others.

2) Large developer base

According to Ohloh, 39 developers have contributed to Puppet in the last 12 months, and 71 over the projects entire history.

Chef has been open source for a year. We just had our 100th CLA (contributor license agreement, meaning they can contribute code). Over the course of the year, 52 different people have contributed to Chef, including significant functionality (for the record, 5 of them work for Opscode.) We’re incredibly proud of the community of developers who have joined the project in the last year, and the huge amount of quality code they produce.

3) Dedicated Configuration Language

To each their own, man. :) My preference for writing configuration management in a 3GL was born out of frustration with doing the higher order systems integration tasks. By definition, internal DSLs aren’t meant to do that - when they start being broadly applicable, they loose the benefits they gained from domain specificity. For me, the benefit of being able to leverage the full power of a 3GL dramatically outweigh the learning curve, and I think a side-by-side comparison of the two languages shows just how close you can get to never having to leave the comfort of your DSL most of the time.

4) Robust Architecture

Chef is built to scale horizontally like a web application. It’s a service oriented architecture, built around REST and HTTP. Like cfengine, it pushes work to the edges, rather then centralizing it. There are large (multi-thousand node) chef deployments, and larger ones coming. Chef scales just fine.

5) Documentation

It’s true, we’ve been focused pretty intently on refining Chef in tandem with our earlier adopters, and that focus has had an impact on the clarity of our documentation. Rest assured, we’re working on it.

6) Language/Framework Neutral

I’m not sure where this comes from, other than we’ve had great adoption in the Ruby community. People deploy and manage every imaginable software stack with Chef - Java, Perl, Ruby, PHP - it’s all being managed with Chef.

7) Multi-Platform

It’s true that, at release a year ago, Chef didn’t support many platforms. Since then, we’ve been growing that support steadily - all the platforms you list run Chef just fine, with the exception of AIX. We have native packages for Red Hat (community maintained by the always awesome Matthew Kent!) and Ubuntu that ship regularly at every release. As for the Chef Server only running on Ubuntu - that’s just not true.

8) Doesn’t re-invent the wheel

Again, to each their own. I think Chef’s deterministic ordering, ease of integration, wider range of actions, directly re-usable cookbooks, and lots of other things make it quite innovative. I’m pleased to explain it to you over beer, on my dime. :)

9) Dependency Management

While I understand how you can think this would be true, it isn’t. Chef does have dependency management, and a more robust notification system then Puppet. Each resource is declarative and idempotent. Within a recipe, resources are executed in the order they are written - meaning the way you write it is the way it runs. This is frequently the way puppet manifests are written as well. The difference being, there is no need to declare resource-level dependency relationships.

With Chef, you focus on recipe-level dependencies. “Apache should be working before I install Tomcat”. You can ensure that another recipe has been applied at any point, giving you great flexibility, along with a high degree of encapsulation.

One added benefit of the way Chef works is that the system behaves the exact same way, every time, given the same set of inputs. This greatly eases debugging of ordering issues, and results in a system that is, in my opinion, significantly easier to reason about at scale (thousands of resources under management).

10. Big Mindshare

There is a bit of survivor bias happening here. I meet people every day who are starting with, or switching to, Chef. You don’t, because, well - you don’t use Chef.

* Conclusion

Thanks for taking the time to write about Puppet and Chef - I know your heart is in the right place. Next time, come talk to us - we’re pretty accessible guys, and I would be happy to provide feedback and education about how Chef works. I won’t even try and convince you to switch. :)

Best regards,
 Adam

Some of these points (6, 7, and 9) are just completely false.. Which makes me wonder if you’ve even used Chef? I’m no fanboy.. Chef has its ups and fowns.. But just lets be objective here..

As for point 3, its actually a benefit. There is a high learning curve to figure out how to properly use Puppet’s DSL. Puppet is also coded in Ruby, but you have to learn their obscure DSL on top of that (which is non-trivial). Chef has a curve as well, but once you get the basics, you can use the expressiveness of the ruby language to add whatever functionality you want

> If you’re already using Puppet, Chef doesn’t really offer anything new which would make it worth switching.

That’s not true. I think the problem is that there aren’t any real-world people blogging about innovative uses of chef yet (but they will). Puppet’s custom DSL will *always* be limited compared to a DSL embedded in a real language. Once you try to do something nobody ever thought of, you will “fall off the cliff” of complexity and find it’s easier to implement outside than inside. Sure, you can write your own objects deep inside the system, but that’s not the same as being able to say call functions to compute attributes, or having complex if-then logic and complex subroutines.

In may ways, I find that Chef is similar to Rails. First, they both share the “everything in it’s place” big directory structure. Second, they can be extended in ways nobody has thought about. Third, they take time to learn, so they will ramp up slowly. When Rails started, the documentation was terrible. But once some bigwigs started blogging about real-world problems they solved elegantly, it was clear that Rails was on to something. The same will happen with Chef.

4) you are calling Chef architecture “not robust” without any evidence. If you make the claim, you have to supply the evidence. FUD.
6) Chef deploy is similar to Capistrano, and that’s used by many non-ruby folks. Chef just does a git checkout and runs a UNIX command. How is that Ruby specific? FUD.
7) The server is just Ruby, so there isn’t much work to “porting” it. The clients require a few tweaks for different package systems. Plus, you can use Chef-solo without the server. Chef is already multiplaform, so the title is FUD.
8) Seriously, you think Chef re-invented the wheel, but Puppet didn’t? Triple FUD.
9) Dependencies work fine in Chef. FUD.

John: your article contains so many proven false statements that you should put a big disclaimer at the top. Let’s stop spreading the FUD so we can start a real dialog.

Adam: lean on your users to start brag^H^H blogging more. Searching cookbooks isn’t the same as a blog post about why someone did it that way.

MCollective works just fine with both Puppet and Chef and anything else that can make a text file with list of configuration management object. Further for facts it works with Ohai as well as Facter - and in fact with a simple yaml file if thats your thing.

MCollective is also not designed as a Puppet plugin and has basically nothing to do with it, it just happens to compliment either Puppet or Chef well.

http://code.google.com/p/mcollective/wiki/UsingWithChef
http://code.google.com/p/mcollective/wiki/UsingWithPuppet

The chef guys have been more than helpful when I needed the integration, kudos to them. Puppet I could do myself being a user.

Honestly, 2 minutes of homework is all it takes.

One point that, IMO, is not emphasized enough by IT analysts is that when you ‘invest’ in learning a new ‘language’ or skillset, you want that investment to payoff as often as possible. Do bitfieldconsulting really advise their clients that there can be a long term payoff, for their teams, from time spent learning Puppet’s DSL?
Of course there is a ‘glorious-isolation’ world view, and some IT people do think that having the most narrow or obsure skill base makes them more valuable. IMO this misses the fact that your ‘value’ can only increase if _demand_ for your skills exceeds the supply. It is a common trap to twist the logic and think ‘If I tool up on things fewer people know then my time will be more valuable’ - totally ignoring that several people have to _simultaneously demand yours, and no-one else’s time before you even get to think about premium’s.
What to make of the user base size comparison, given Chef is one year old? No insight from bitfieldconsulting. What to make of Puppet introducing ‘Puppet’s Ruby DSL’? (Actually what does that mean, I thoight Puppet is a Ruby DSL). Sounds like even Puppet’s parents eventually learned some lesson about somthing and are trying to switch. Bitfieldconsulting could have given some insight into what this reveals about insights, into the domain knowledge, driving both projects - anything?
What to make of the licenses? What to make of the issue of non-idempotent deployments? A non-issue? At scale? Again what does this allow someone to infer about ‘Why Puppet wins’.

From what I’ve gathered from various blogs, Puppet might be suitable when:
- You are never going to deploy at scale (when you will hit the issue of your machines being in some random state - good luck tracking that down), or it doesn’t matter if things get tangled you are able to just keep retrying until things are the way you want them to be. Together, these characteristics suggest very small low-IT-skill base shops (usually the owner doubling as the IT), of which there are many, so is a viable market (how many laywers, accounts, doctors, dentists want to learn Ruby? Does Puppet really trump a Redmond firm’s offering in this segment?)
- You will never have need for a more generally applicable language like Ruby (see above user list). This could be due to genuine time constraints (understandable if you’re the ‘IT-dentist’ in a four partner practice) or you’re one of IT’s ‘glorious-isolationists’ (puzzling).

Most puzzling is why a consulting firm would publish this analysis under their company’s blog?
After reading this post I wouldn’t touch bitfieldconsulting with a barge pole. So the post _has_ given me important and valuable information (steer clear of bitfieldconsulting, and reconsider technologies they advocate), but that information harms the firm. Puzzling indeed.

That’s all you got? I mean, it’s something I guess, but still.