SUSE Manager: Comparing the Alternatives – Ansible, Chef, Puppet and SaltStack
Comparing the Alternatives
In my previous blog series we took a dive into SUSE Manager 3.2, looking at what SUSE Manager is, how it works and how it is configured. In this follow on blog we take a look at how SUSE Manager 3.2 compares with Chef, Puppet, Ansible and SaltStack.
SUSE Manager is one of several open source tools that inhabit the Linux space. Although the benefits of each depend on the details of your network and the needs of your organization, the following analysis offers a quick look at how SUSE Manager compares with the competition.
SUSE Manager vs Puppet
The Puppet cross-platform orchestration tool comes in an open source version, as well as in a commercially supported Enterprise edition, which however is not entirely open source.
By default, Puppet requires an agent on each client, which adds complexity and additional effort to configuration and roll-out for new systems. In the original Puppet working mode, changes are not implemented immediately, but only the next time the agent asks the server for an update – that is, after an interval configured by the administrator. Overcoming these limits is the task of newer, add-on tools like Puppet Tasks and Puppet Bolt, which are not yet fully integrated with the rest of the Puppet environment. SUSE Manager can natively operate in both declarative (“this is what the system should look like”) and imperative (“do this now”) modes, with or without agents, thus allowing more versatile and direct control of the managed environment.
Puppet configuration directives require advanced knowledge of the custom Domain Specific Language (DSL). Many of the advanced Puppet features required for full functionality are found in additional modules, either from the official Puppet Forge website or from the larger Puppet Community.
Interaction of modules from independent developers can add complication and lead to uncertainty or unpredictability in long-term support. Regardless of modules issues, several advanced tasks still demand input from the command line, even in Puppet Enterprise.
Puppet’s support for containers is limited, making it more difficult to manage bare metal, VMs, containers, and cloud instances through a single interface. The Puppet model relies on users setting up their machines before bringing them under Puppet’s control, thus reducing the possibilities for automation.
To summarize, Puppet has a significantly higher learning curve than SUSE Manager, and Puppet forces users to spend more time configuring the system in order to achieve an equivalent level of functionality.
SUSE Manager vs Chef
Chef is a cross platform, open source tool that is also available in a commercial version called Chef Automate. Like Puppet, Chef requires an agent on each node, and the “recipes” used to define client configurations require developer-level knowledge of Chef-based DSL.
By default, a Chef installation requires an agent on each managed node. The same installation, in addition to the server that directly serves the recipes to those agents, also needs a separate, dedicated machine , called Chef Workstation. The purpose of the Workstation is to host all the configuration recipes which are first tested there, and then pushed to the central Chef server. A Chef Workstation can apply configuration updates directly over SSH, and the Web interface of Chef Automate supports agent-less compliance scans. However, the correct interaction of Chef server, Workstation and nodes is difficult to understand for beginners and requires a lot of initial setup, supported by preliminary study.
Many of the advanced features required for a comparison with SUSE Manager are only available in the commercial Chef Automate edition. For instance, the separate tools for compliance management (InSpec) and application management (Habitat) are only integrated in the commercial version of Chef, whereas these capabilities are fully integrated into the basic, upstream version of SUSE Manager.
SUSE Manager vs Ansible
The Ansible management tool puts the emphasis on simplicity, and Ansible is best suited for small and relatively simple infrastructures. Part of the simplicity of Ansible is that, unlike other similar products, it has no notion of state and does not track dependencies. The tool simply executes a series of tasks and stops whenever it fails or encounters an error. When the administrator provides a playbook to Ansible, Ansible compiles it and uses SSH to send the commands to the computers under its control, one at a time. In small organizations, the performance impact is typically unnoticed, but as the size of the network increases, performance can degrade, and in some cases, commands or upgrades may fail.
In general, this stateless design makes it more difficult for Ansible to execute complex assignments and automation steps. Ansible’s playbooks are easier to create and implement than the DSL rules used with Puppet or Chef, but the YAML markup language used with Ansible is not as versatile, and, although Ansible is written in Python, it does not offer a Python API to support advanced customization and interaction with other products. Ansible also does not provide compliance management or a central directory of the systems it manages.
Ansible has a graphical interface called AnsibleWorks, or AWX for short, which is not as mature as those of SUSE Manager. The commercial version, called Ansible Tower, consists of selected releases of Ansible/AWX, hardened for long-term supportability. As it happens with the other SUSE Manager competitors, not all extra features in Ansible Tower are available under open source licenses.
SUSE Manager and SaltStack.
The SaltStack orchestration and configuration tool comes in an open source edition, as well as through the SaltStack Enterprise commercial version. Like SUSE Manager, SaltStack uses the Salt configuration engine for managing installation and configuration services.
SUSE Manager offers many more features than the open source version of SaltStack. For instance, SUSE Manager supports both state definition and dynamic assignment of configuration via groups through the web interface, as well as offering auditing and compliance features that aren’t available in the open source SaltStack edition.
Like SUSE Manager, SaltStack Enterprise is an enterprise-level management tool based on the Salt configuration engine. In many ways, SaltStack Enterprise is the most similar to SUSE Manager of all the tools described in the paper, and the choice might depend on cost or the details of your environment.
Users who prefer to operate from the command line might prefer SUSE Manager because of its sophisticated command-line interface, and of course, networks with a large investment in SUSE Linux will appreciate SUSE Manager’s tight integration with the SUSE environment.
In other cases, the choice between SUSE Manager and SaltStack Enterprise might depend on cost, the size of your network, what Web interface best matches your workflow and other factors. Keep in mind that SUSE Linux is an ideal platform for supporting SaltStack Enterprise. SaltStack Enterprise is meant to serve as a master of Salt masters, a role that doesn’t conflict with SUSE Manager, so it is very possible for the tools to coexist without conflict.
If you are using SaltStack now and wish to continue to use it, the experts at SUSE can help you with a plan for how to integrate SaltStack with SUSE Manager and the SUSE Linux environment.
SUSE Manager provides a single, full featured interface for managing the whole lifecycle of Linux systems in a diverse network environment, either from a clean graphical interface, or from the command line. You can manage bare metal, virtual systems, and container-based systems within the same convenient tool, attending to tasks such as deployment, provisioning, software updates, security auditing, and configuration management. The flexible Salt configuration system allows convenient configuration definition and easy automation, and it is capable of acting in agent or agentless mode.
In these ways, SUSE Manager greatly reduces the complexity and risks of dealing with highly dynamic Linux infrastructures and operations.
Unlike several of its competitors, SUSE offers the full feature set of SUSE Manager through its upstream, community-based development project Uyuni, thus preventing lock-in, simplifying evaluation, and maximizing the benefits of open source development.
Strong support for customization and complex configurations, along with the ease and convenience of a single-source management solution, make SUSE Manager a powerful option for managing Linux systems in a diverse, enterprise environment.
Talk to the experts at SUSE for more on how you can scale down overhead and scale up efficiency by adding SUSE Manager to your Linux network environment.
SUSE Manager Technical Overview Blog Series