

Chef vs Puppet - jrussbowman
http://joerussbowman.tumblr.com/post/22817676989/chef-vs-puppet

======
kennu
I can share Puppet's two greatest weaknesses from my point of view (managing
an AWS infrastructure of a few dozen servers):

\- It handles dynamic host environments like AWS badly. Puppet's SSL
infrastructure gets often confused when hostnames and IP addresses of servers
change and you can't disable certificate checking completely, even if you
don't need it. As a result, Puppet sometimes dies and can't continue until you
manually resolve the certificate issue (usually by deleting the client
certificate and letting it regenerate). This can be helped by using fixed
certificate names, but I've still seen these problems occur and they
shouldn't.

\- The dependency based configuration model gets very hard to manage when you
keep adding new features to servers over time. Unless you reinstall the server
from scratch every now and then to test it, you're bound to make subtle
mistakes in the dependencies. This will bite you the next time the server is
being fully reinstalled (e.g. after EC2 instance termination), as Puppet needs
to run multiple times to satisfy the dependencies and this will take hours
(because it runs in 30 minute intervals).

Because of these problems, I've been considering switching to Chef for a while
but haven't gotten around to it yet.

~~~
jrussbowman
If you're building the server, can you just puppet apply multiple times? I
wonder how Chef handles this. This is going to be interesting to play with.

We have lots of automated build procedures which I'm hoping to eventually fold
into Chef.

------
dmayle
I dug into to this looking for some greater insight, but found the article a
bit lacking.

I looked into the both of them for managing a couple of personal machines, and
decided against Chef because of the very heavy stack.

What I found really lacking, however, was the bootstrap process. I want a way
to provision a machine from the ground up, automated installation, followed by
insertion into the managaed network, and then management following my
policies.

Trying to get this into place was quite difficult, and I'm currently stalled
in my project. Does anyone have any insights?

~~~
ashayh
Not sure where you are stuck, but maybe Foreman can help?
<http://theforeman.org/> . It does VM (and bare-metal) creation, DNS, DHCP,
PXE, Kickstart and then Puppet.

