Completely unscientific poll: cfengine, puppet, other?

Roger Marquis marquis at
Tue Mar 1 18:11:00 UTC 2016

Christoph Moench-Tegeder wrote:
>  Some systems (e.g. cfengine) are using a pull model, where the "managed"
>  machines connect to a central hub periodically, fetch the configuration
>  and "do what needs to be done", while e.g. ansible follows a "push"
>  model, where the "agent" is executed "somewhere" and connects to the
>  managed node to do it's work.

It should also be noted that one of the primary differences between
ansible and the other configuration management / deployment options is
that ansible is agent-less i.e., you don't run anything other than an
sshd on the clients.  This precludes a range of potential problems from
version-skew to client security.  That said you do also need to run
python on the clients (an unfortunate design decision IMO).

Most places I see these tools used inappropriately.  If you're not spinning
up new instances frequently or maintaining more than a few dozen hosts
you're better off using simple shell scripts, or at least you are if you
know a bit of shell programming (as in /bin/sh).  Otherwise your time is
better spent learning shell than the domain-specific languages of any of
these tools.

Even with hundreds of hosts to maintain most features of deployment tools
appeal to those with less sysadmin experience than software development
experience, unless perhaps you have to perform the same operation over
several different operating systems.  Even then using tool-specific
methods limits your flexibility (which may well be a design goal).


More information about the freebsd-ports mailing list