Comparing Configuration Management Tools: Chef vs. Puppet vs. Ansible



DevOps Technical Lead

Published Jan 01 1970

Configuration management is the process of tracking and controlling the changes in a software with respect to its requirement, design, function, and development of a product. There are two types of configuration management approaches.

Pull Model: The nodes are dynamically updated with the configurations that are present in the server.

Push Model: Centralized server pushes the configurations on the nodes.

Puppet, Chef, and Ansible are three different tools that represent different paths to achieve a common goal of managing a large-scale server infrastructure efficiently with minimal input from the developers and system administrators. All three configuration management tools are designed to reduce the complexity of configuring distributed-infrastructure resources, enabling speed, and ensuring reliability and compliance.


Puppet is a software configuration management tool that is mainly used by system administrators and cloud administrators. It helps an administrator to declare the system configuration and apply it across one or many systems at a time. Puppet is an open-source configuration management solution, which is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, offering a declarative-paradigm programming approach.

Puppet follows a client-server model, wherein one machine in any cluster can act as a client, called the puppet master, and the other can act as a server, called the slave nodes. Puppet can manage any system from the scratch, starting from its initial configuration till the end-of-life of any machine.

Puppet provides an automatic way of inspecting, delivering, operating, and future-proofing all our infrastructure and software. Puppet server can run on any Ruby-installed platform, such as Microsoft Windows Server, CentOS, Linux, or Oracle Enterprise.

Puppet Components:

Puppet Master: Puppet Master is a mechanism that handles all configuration-related activities and helps in configuring nodes using a Puppet Agent.

Puppet Agents: Working machines that are managed by the Puppet Master are known as Puppet Agents.

Configuration Repository: This repository saves and pulls all nodes and server-related configurations, when required.

Facts: Facts are the details related to the node or the master machine that are used for analysing the status of any node. Changes are done on any target machine based on the facts. Puppet has pre-defined and custom facts.

Catalog: All manifest files or configurations, which are written in Puppet, are first converted into a compiled format called catalog. Later, these catalogs are applied on the target machine.

Some of the other areas where Puppet plays a pivotal role are orchestration, role-based access control, automated provisioning, configuration automation, code management, and node management.


Chef is a configuration management technology, developed on the basis of Ruby DSL language and is used to automate the infrastructure provisioning. It is a flexible cloud infrastructure automation framework that allows the users to install the apps to bare metal VMs and cloud containers. A user can manage the infrastructure through the code rather than using a manual process. Chef architecture is just like the Puppet Master-Agent model, which uses a pull-based approach; additionally, it needs a logical Chef workstation to control configurations from the master to agents.

We can easily integrate Chef with any cloud-based platform, like Microsoft Azure, Amazon EC2, Internap, SoftLayer, and Rackspace, to configure new machines. Chef supports multiple platforms, like AIX, RHEL/CentOS, Solaris, Ubuntu, and all Linux flavours.

Chef Components:

Nodes: A node is any machine (physical, virtual, cloud, network device, etc.) that is under management by Chef.

Workstations: A workstation is a computer where Chef Development Kit (Chef DK) is run to author cookbooks, and also to interact with the Chef server and nodes.

Knife: Knife is a Chef command-line tool that provides an interface between a local Chef repository and the Chef server.

Repository: The repository structure in which cookbooks are authored, tested, and maintained is called Chef repository (or Chef repo).

Cookbooks: A cookbook is the fundamental unit of configuration and policy distribution that defines and supports a scenario. Chef cookbooks contains recipes, attributes, custom resources, libraries, files, templates, tests, and metadata.

Some of the other areas where Chef plays a pivotal role include application deployment, infrastructure configuration, and network configuration management.


Ansible is a simple open-source IT engine which automates application deployment, intra-service orchestration, cloud provisioning, and many other attributes. It is relatively easy to deploy an Ansible since it does not use any agents or custom security infrastructure.

Compared with Puppet and Chef, Ansible was developed to simplify complex orchestration and configuration management tasks. Ansible platform is written in Python and it allows the users to script commands in YAML as an imperative programming paradigm. Ansible is designed for multi-tier deployment and does not manage one system at a time; it models IT infrastructure by describing all interrelated systems. Ansible is completely agentless, which means that it works by connecting nodes through ssh (Secure Shell), i.e, by default. It also gives a leverage of using other methods of connection, such as Kerberos.

After connecting to nodes, Ansible pushes small programs called Ansible Modules. It runs those modules on nodes and removes them when finished. Ansible manages inventory in simple text files (or the hosts files) to group the hosts and control the actions on a specific group in the playbooks.

The following diagram will give you an idea about how Ansible enables one or more command centres to execute commands onto remote machines or run a sequenced instruction set via playbooks.

It is easy to customize a Ansible configuration file to reflect the settings in an environment.

Ansible Components:

Control Node: Any machine with an installed Ansible can act as a control node and can run the commands invoking usr/bin/ansible or /usr/bin/ansible-playbook.

Managed Nodes: Ansible can enable the management of the network devices or servers. Managed nodes sometimes called “hosts”.

Inventory: An inventory is a file which contains a list of managed nodes; it is also known as a ‘host-file’. Inventory file can contain the information like IP address of the managed nodes.

Modules: The units of code that are executed by Ansible are known as Modules. We can invoke a single module with a task or invoke several different modules in a playbook.

Tasks: The unit of action in Ansible is called a Task. It can be execute once with an ad-hoc command.

Playbooks: It is a list of tasks that runs repeatedly in an order. Playbooks can contain variables and tasks that are written in YAML (Ain't Markup Language).

It will be safe to say that Ansible is easy to learn, streamlines provisioning, in addition to helping in configuration management, app deployment, automatic step-by-step reporting, simplifies orchestration, and is agentless.

Take a look at a comparative analysis of the three configuration management technologies:

Puppet Chef Ansible
Scalability Highly scalable. It can handle large scale applications. Highly scalable. It can handle large scale applications. Highly scalable. It can handle large scale applications.
Ease of Setup Puppet server runs on master machine and Puppet clients runs as agent on each client machine. Chef server runs on master machine and Chef clients runs as agent on each client machine.

It also contains an extra component, called workstation. This workstation is a machine that contains all the configurations.
Ansible only has master running on server machine but no agents running client machine, uses ssh to login to client systems.
Availability Puppet is highly available. It has a multi-master architecture where if the active master goes down, the other master takes the active master’s place. Chef is highly available. When there is a failure in the primary server, or a chef server, it has a backup server to take the place of the primary server. Ansible also highly available. It runs with a single active node, called the primary instance. If primary goes down, there is a secondary instance to take its place.
Management It is not very easy to manage the Puppet configurations as it uses its own language called Puppet DSL. Client pulls the configurations from the server and applies a non-immediate remote execution. Chef supports the Pull mechanism. As a programmer, you can manage the configurations in Ruby DSL. Client pulls the configurations from the server. Ansible supports the Push mechanism. It is easy to manage the configurations since the server pushes the configurations to all the nodes. Good for real-time application and immediate remote execution.
Interoperability Puppet master only works on Linux/Unix and puppet agents also works on windows. Chef server works only in Linux/Unix but chef client and workstation can work in Windows as well.