Puppet or Chef: The configuration management dilemma
Puppet is model-driven, Ruby is procedural, and both are large, messy, open source ecosystems plagued with pitfallsFollow @peterwayner
These lists are often derived from the various plug-ins. Much of the most interesting work is done in these subprojects. Once you get Puppet or Chef running, you'll spend most of your time obsessing about the plug-ins.
Both environments compete heavily with each other, so it's common for them to duplicate each other's innovations. After playing with both, I can't say that one is definitively better than the other. If you want to do things in one, you can usually accomplish the same task with the other or come pretty close.
In general, you can use either tool with most major operating systems. Puppet doesn't come with a Mac installation wizard, but it will work with Mac OS X as it does with most Unixes. Chef is easier to use on the Mac, but still building a full installer for Windows that works with many of the different variants.
While we're on the topic of Macs and Windows, it's worth noting that some companies are using these tools to manage desktop installations in diverse offices. Puppet Labs, the company behind Puppet, notes that Los Alamos National Laboratory uses Puppet to manage its Macs.
Whether you're using the tools for desktops or servers, you'll also be swayed by the status of some of the modules and the state of development. Puppet Enterprise, for instance, offers more support for VMware. If the particular version works well with your cloud stack and the modules are tried and tested, you should choose it.
Puppet Labs vs. Opscode
A harder question is choosing between the business models of the companies. Both fund the development of open source software by selling something else. In Puppet's case, Puppet Labs distributes a rather anemic open source version for free. If you get tired of the command line, you can upgrade to Puppet Enterprise and graduate to a working graphical user interface, better access control, and support. Puppet Enterprise is free for the first 10 nodes, then costs about $99 per node after that. Moderate discounts kick in as your cloud grows into the hundreds and thousands of nodes.
(It's worth noting that Puppet tallies nodes by counting the digital certificates used to encrypt and sign all the commands. The encryption simultaneously protects the entirety of instructions flowing through your empire and gives the company a good way to track how much you're using the software.)
Opscode, the main company shepherding Chef, gives you another choice. Instead of free open source Chef, it will let you install the more capable Private Chef behind your firewall at prices beginning at $120 per month for up to 20 nodes. The company doesn't count individual nodes and makes a slightly ambiguous promise to look the other way if you occasionally use 21 or 22 nodes. It's not concerned about a bit of testing, just sustained use. There aren't many tiers, so crossing a threshold can push up your bill.
If configuring Chef inside your firewall is one more hassle you don't need, Opscode will host the Chef server infrastructure for you for much the same price. It handles making sure there is enough Chef firepower to handle the job of managing your worker bee machines.
Some might find this silly and a potential security hole. To reconfigure your own machines, you send your instructions for your infrastructure to the Hosted Chef machine and it parcels them out to your own machines as needed. But it also makes some sense because keeping Chef running is yet another chore and Opscode is willing to do it for you. It's all just a cloud, and the lines between what's yours and what's theirs is blurring more and more.