All of the Orchestration softwares out there have had recent updates. Im currently looking to implement one of them. I've used Puppet in the past, but its always felt thrown together, and the installation is horrifying. Chef is nice and clean, and has a simple implementation path -- but doesnt have a simple fileserver like puppet.

Which do you prefer and why?

Puppet! Enough said.

I agree the puppet install can be tricky at first but can be scripted easily enough.


Here are some scripts someone wrote to automate the process for CentOS/Red Hat distros: https://github.com/boardstretcher/puppet


I learned Puppet first, got over the nuances of it and learned to love and live by it. I've implemented it at the last two places I've worked as they haven't had any configuration management solution and at this point I've got it down so I guess it's just like everything else gotta use it to learn it.

1 members found this post helpful.

Nice. Thats actually my script github repo

The only thing i didnt put in the scripts is the 'external node classifier' thing. You have a script to do that? (Disclosure: I would add it to the installation script you mentioned.)

I did a cursory analysis of all three, and ultimately selected CFEngine. The promise syntax for CFEngine seemed the most logical to me (personally), and I like that it's written primarily in C (rather than Ruby). In practice, these may not be major pros or cons, but they were enough to nudge me in that direction.

I currently have CFEngine 3.5 Community Edition deployed for 35+ production RHEL (5 and 6), Scientific Linux (6), and Debian (6 and 7) servers. The types of problems I need to solve mainly consist of:

• Installing baseline packages for every system
• Installing specialty packages on some systems
• Configuring each server as an LDAP client (for ssh sessions)
• Creating local accounts and groups for various purposes on some systems
• Deploying an ssh_known_hosts file to every system
• Configuring sshd, nfs, rsyslogd, ntpd
• Setting up home directories with proper ownership and permissions
• Deploying a set of standard scripts and cronjobs to each servers (e.g. backups, performance monitoring)
• Enabling specific packet filtering on some systems
• And a few other quirky things

Given some trial and error (and eventually putting together my own set of documenation), none of this was particularly difficult to implement or troubleshoot. If you take an interest in CFEngine, I have some advice to share on particular strengths and pitfalls.

I actually went to a linuxfest episode about this. I was very informative and I would say puppet just because I'm most familiar with that language. But soon enough I will reach that point were I will reach a quirk or limitation that forces me to go to another solution. It ulimately will boil down to those two factors.