Cfengine or puppet?

I'm looking to deploy a configuration management system at my company and was wondering which config management was better: cfengine or Puppet? Pros/Cons? I'm looking to deploy the free version of each.

Any advice would be greatly appreciated. Thanks.

I used cfengine for 2 years. After switching to puppet I relised that I'll not chage it ever for something else

Puppet has a realy great community and support. So you'll find mode help about puppet or patches if needed than cfengine. This is my opinion. I know there are people out there how think cfengine is better, and if cfengine works well for them thats fine for me. But cfengine in my opinion does't have a bright future as puppet.

So my advice is to go with puppet.

1 Like

I'll give Puppet a shot.

I'm currently trying out CFEngine, and I am having a really hard time wrapping my head around the syntax.

Thanks for your input! Anymore input from anyone else would be greatly appreciated as well. Thanks!

Puppet tries to ensure quality.
CFengine is a hack.
If you are not a genius, go for puppet. If you are a genius, you rather build your own distribution infrastructure.

CFEngine is based on 20 years of research, and everything but a hack. CFEngine runs on more servers throughout the world than any other system, and is especially trusted among financial and telecom organizations.

Some find It harder to learn CFEngine than Puppet, because there is more to learn. CFEngine offers more granularity while Puppet offers abstractions (makes decision on behalf of the user)

If security is important to your organization, be careful with Puppet. According to NIST National Vulnerability Database, they have more than 20 incidents so far this year.

2 Likes

Does anyone have experience with ansible ?

I tend to agree with Raspberry Fan. It is anything but a hack. In full transparency, I work for CFEngine, but would also go on to say I evaluated Puppet and other such recent technologies as part of my previous job at VMware.

The question to ask imho is not whether you should use Puppet or CFEngine or Ansible, but what it is you are trying to achieve.

CFEngine is robust technology, that is built on fundamentals of promise theory. Look it up and also look up autonomous automation.
On the practical side, its the most secure software in this category having no NIST vulnerabilities to date. Also it is much more scalable than the 200-300 servers/entities some of these other softwares can manage.
Lastly, if you are looking for a 'fire and forget' approach and believe system administration is about managing routine and mundane tasks day in and day out cfengine could do that very well. But then you must also believe systems are immutable as well a fallacy on which these fire and forget softwares are built.
But if you are looking for a truly autonomous sytem one that is lightweight, super scalabale (talking thousands of machines served by a policy master), secure, and has the capability to provide autonomic control in your infarastructure only CFEngine does it.
And lets dispel this myth. The power you get from spending some time with the CFEngine rewards you many times over. But if you want to take the easy approach there are enough useful abstractions in CFE as well to get you started.

So, there you go. It all depends on what you want to do and why you want to do so, before you choose how.

thanks
mahesh

---------- Post updated at 04:30 PM ---------- Previous update was at 04:20 PM ----------

you may also find some of these thoughts interesting as you make your decision would be great to know what you find independently as we value your opinions and reasons for choosing or not choosing to go with CFEngine

I cant post URL's here and dont want to spam either so here are some resources for you to do independent study:

  1. look for marco's blog and reasoning for "why i gave up puppet and chose cfengine"
    edit by Scott: added link to blog post

  2. there are other neat use cases (both routine and extreme in terms of scale/leveraging ec2 spot rates etc) that have been presented by LinkedIn, percolate... etc. look on youtube or the cfengine website

  3. and as pointed out some of the largest fin-serv orgs are users of cfengine. JPMC being one of them and having inducted CFEngine into the hall of fame. search for it and you can see why managing directors on at JPMC they feel CFEngine is solid technology bar none when it comes to automation software

I doubt a software that is a "hack" would get this kind of credibility!!

2 Likes