Got a few machines in the cloud you got to manage predictably? Want to make sure they are all configured securely exactly to the spec you need? Don’t have much time to waste?
Having spent a few weeks doing configuration management with shell scripts and Puppet, I learned the hard way that that former are simply unsustainable in the long term (without considerable investment at least), and the latter is simply not worth it.
The issue with Puppet is that it’s a full-blown world view that you need to adopt and adapt to. It’s a DSL, a custom language that you need to learn from scratch. It’s an extremely opinionated tool that has no conception of “getting out of the developer’s way”, instead it makes sure to force you into its own flow, whether you like it or not. It has a lot of quirks, but even worse, a lot of severe design bugs that can make you scratch your head for hours. For example, you’d think that nesting “classes” (Puppet’s term for an isolated unit of manifests) would be the most obvious way to manage complexity, setting dependencies on a class level rather than item level. Yes, in theory, but in practice bug 8040 has been sitting there for 2 years preventing you from doing that, and you need to use a pretty ugly boilerplate hack (the so called anchor pattern) to work around it. Did I mention dependency cycles? Lots and lots of them, not fun.
If you’re like me and don’t have patience for tools that get in the way, and you encounter enough of these issues, it’s time to bail.
Ansible is a fantastic light-weight alternative to both shell scripts and Puppet. No DSL, no need to install the agent on target machines, runs against all your instances in parallel. It uses YAML as its language and there’s no easy way of causing a dependency cycle. Mdehaan, the creator of the tool is (as far as I can tell) on IRC 24/7 and has been really helpful as I was hammering him with questions. This is despite the fact that his tool has over 2000 stars on github. He’s seriously dedicated to his product.
With Ansible, in under a day, I was able to move a good chunk of our CM from Puppet, was able to take out the need for custom AMIs (no agent, no AMI), and I haven’t hit any design horrors so far, making the tool actually quite fun to use. What’s the last time your CM was fun?
The only downside is that because of its remote nature, it’s not nearly as fast as executing manifests from a git repo on the target machine itself, but everything else vastly makes up for it. At this point I pretty much refuse to touch anything on my instances, unless it’s done remotely through Ansible.