Configuration management tools ease the IT burden. Explore the top configuration management tools in DevOps, evaluate their features and consider key aspects that set them apart.
Change is an essential part of IT, but it's often disruptive. An adjustment to one asset can throw other resources out of alignment -- sometimes in ways no one anticipated. Those misconfigurations can result in poor performance, application inconsistencies or noncompliance.
Configuration management can help avoid those outcomes because it delivers documentation, consistent maintenance and change controls. These capabilities help an organization identify its IT assets and understand the relationships between them.
What are configuration management tools and what are they used for?
Configuration management (CM) tools track and control software environments across the enterprise, enabling IT administrators to manage the relationships between different services and IT resources.
CM codifies and automates the steps to bring an asset in line with a current definition of how that asset should look. Under that broad umbrella, there are subsets that pertain to specific system and build concerns. In addition to general CM tools, such as Chef, Ansible and Puppet, there are tools to provision infrastructure as code (IaC), such as AWS CloudFormation, Terraform and Pulumi. These are primarily concerned with automating a software build environment.
Build tools that help codify and manage software delivery pipelines also fall under the rubric of configuration management. Tools such as Jenkins, CloudBees, Ansible and GitHub can help developers better understand the creation and modification of artifacts. Finally, source control tools, such as GitHub, CVS, Apache Subversion and Mercurial, can codify script automation and accurately track change history. Each of these subsets represent fundamental aspects of CM adoption and are critical to consider as the organization moves toward wider adoption.
What are the benefits of configuration management tools?
The automation built into configuration management tools enables sys admins to create checks and redundancies that keep assets in a desired state. That higher level of automation improves overall efficiency and helps admins to offset problems that result from human error and manual server configurations. These benefits are amplified when an organization shifts to a DevOps workflow.
Effective configuration management can boost productivity, reduce IT costs and help to ensure consistent CI/CD. A standard approach for successful management is to deploy CM agents installed on multiple servers that take commands from the primary server. An administrator can send a configuration file to the primary server to execute specific actions on multiple target hosts, whether on-premises, in the cloud or in a hybrid environment.
Configuration management tools offer advantages that go beyond simple IT cost reductions, improved status accounting and faster recoveries. Organizations also avoid deficits due to lost productivity, data breaches, system failures related to state changes and additional IT burden. For instance, along with automated, CM-driven maintenance, DevOps teams and IT leaders can achieve better data control and overall infrastructure consistency.
Additional benefits of CM tools include the following capabilities:
Maintain accurate version control, essential for managing hardware/software assets, application development and debugging, and project management.
Provide effective change management to restore services faster and eliminate system implementation failures.
Ensure consistency and governance to maintain compliance and adhere to regulatory standards.
Employ automation to increase IT staff productivity and reduce the adverse consequences of human error.
Reduce downtime related to compromised security and cyberattacks, which can result in brand damage and negative customer effects.
Control and document system changes to accurately track the history and status of each configuration item.
Top 8 configuration management tools
In general, effective configuration management requires multiple tools to build and maintain an efficient infrastructure. Moreover, all CM tools have idiosyncrasies with master/masterless approaches, agent software installations and numerous server deployments. The goal for IT leaders and DevOps teams is to choose the best combination of tools for the task at hand.
Configuration management tools offer advantages that go beyond simple IT cost reductions, improved status accounting and faster recoveries.
The following selection of CM tools is based on extensive IT research as well as feedback from experienced DevOps leaders. The list incorporates the results from TechTarget surveys, long-term analysis and recent industry innovations. It includes both vendor-supported and open source tools with versions for Linux, Unix, Windows and macOS.
Ansible
Best for: Quick adoptions, building automation and organizing environments/inventories.
The Red Hat Ansible Automation Platform is ideal for small DevOps teams that need a lightweight configuration management tool. Teams can store current system states and maintain accurate records of changes. The tool features a diverse array of modules, from popular cloud storage integrations to container orchestrations. Ansible offers a foundation for automation across multiple systems; administrators can send shell commands to entire sets of services and organize their environments. In addition to accessing Ansible Galaxy for role frameworks and playbooks, sys admins can deploy modules for diverse tasks, such as dynamic AWS integrations, container orchestration and basic configuration files. Ansible users must write large amounts of procedural code, so familiarity with Python lessens this burden.
Chef
Best for: Fast change management.
Chef is a useful DevOps tool for achieving speed, scale and consistency. It requires IT to run a primary server for storing infrastructure state and then deploy agent software to configure multiple servers. An open source version of Chef offers a standalone configuration format called Chef Solo. The integrated suite of Chef tools enables IT teams to manage configurations in the cloud, on premises or in hybrid environments. Chef incorporates "recipes" written in Ruby, an open source programming language. The Chef Enterprise Automation Stack represents the commercial distribution and offers unified security, compliance, infrastructure and application automation with monitoring.
CFEngine
Best for: Large-scale systems management.
CFEngine was first introduced in 1993 and is an established open source CM tool. CFEngine runs on the C language and, because of its small memory footprint, performs faster with fewer dependencies than most other tools. The tool offers a comprehensive DSL for real-world use, and a wide variety of companies use it because of its longevity. Another key benefit of CFEngine is its ability to function even if network communications are down, as each CFEngine agent retains a local copy of policy. The learning and customization processes are technically advanced, but the tool's enthusiastic community offers support and guidance. There is an enterprise version that has technical support.
Consul
Best for: Automating service discovery and connecting services across runtimes and cloud providers.
HashiCorp Consul offers straightforward management for configuration storage and access. The tool employs its own control plane as part of the network infrastructure, so administrators can use Consul to register, query and secure services deployed across a network. In addition to being easy to deploy and use, Consul is written in Go and available as a native binary, making it effective across large, distributed systems. Through dynamic service discovery, Consul provides health checking, key-value stores and support for maintenance of multiple data centers. Consul functionality is available for free in the community edition, which is geared to smaller businesses and teams. Larger organizations can subscribe to Consul Enterprise for diverse collaborations, advanced scalability and governance.
Puppet
Best for: Complex workflow automation and mutable infrastructure.
Puppet uses the Ruby language to simplify setup processes and usage. Puppet is organized into modules with manifest files that describe the desired state to maintain consistency and meet system requirements. Since the tool offers an IaC approach, administrators can perform operations with little or no knowledge of preexisting physical servers, network components or storage. Puppet offers the ability to automate tasks, from installing packages to automatically updating configurations. It requires a primary server for storing state information, offers easy-to-manipulate modules and relies on the push model for sending updates. The open source edition of Puppet is free; Puppet Enterprise integrates well with major DevOps tools.
Rudder
Best for: Infrastructure automation for compliance, asset management and Windows PowerShell implementations.
A derivative of CFEngine, open source Rudder offers an appealing UI for CM novices. Its web front end is built with the Scala language, but local agents are written in C. Rudder installs these lightweight local agents on every managed instance. The tool automatically identifies nodes and their characteristics to smooth the CM process. Easy access to the built-in template library simplifies the management of users, Network Time Protocol, SSH key distribution and DNS. Rudder implements the Desired State Configuration feature, which enables PowerShell scripts to specify the config parameters of Windows-based servers. DevOps teams can use the Rudder API for easy integration with third-party tools. IT leaders can gain useful insights across user groups, files and machines through visual analytics.
Salt
Best for: Optimizing on-premises, cloud and edge infrastructures, and implementing future-based CM for all hosts.
Salt is an open source offering with master or masterless configuration approaches. The Salt SSH enables administrators to run commands or states, as well as use the Salt master/minion model to manage configurations, similar to Puppet and Chef. Salt provides fast, event-driven automation using ZeroMQ as a brokerless, asynchronous messaging library. It was created for high-speed data collection and offers integrations with the major cloud providers, supporting the IaC approach. Salt's features are designed for environments that rely on cloud computing, virtualization and containerization -- all key elements of DevOps.
Terraform
Best for: Changing and improving overall infrastructure.
Terraform is a configuration management tool geared to provisioning. Using TerraForm, administrators can quickly provision servers as well as other parts of an infrastructure, including load balancers, databases and network configurations. The tool enables IT teams to codify APIs for easy editing, revising and versioning of shared configurations. An organization that relies on containers and virtual machine images will find Terraform to be especially useful. The tool employs an immutable configuration approach to prevent drift and to keep servers synced at a desired state. For monitoring cloud-based configurations, Terraform relies on the cloud provider's APIs; admins can simply use API keys for authentication.
Considerations for choosing CM tools
DevOps leaders and sys admins must keep several elements in mind as they pick a configuration management tool. These concerns include the build, run and governing processes as well as handoffs and how individuals or teams respond to issues. Some main concerns with CM adoption include replacing system components with new, flawed versions that impede reversion to previous states, or modifying components incorrectly, which can complicate root cause identification.
By systematically thinking through adoption steps, IT leaders can avoid lost productivity. It's important to be aware that there are many different tools for configuration management. Often, organizations deploy combinations of CM tools to work together. CM tools have idiosyncrasies; some will meet administrative and maintenance goals, such as future scalability, better than others. There are a host of other variables to factor in. IT leaders might ask themselves the following questions:
Is the organization focused more on server provisioning or server configuration?
Does the organization need an agentless CM tool that uses playbooks written in YAML for server management?
Is the team looking for the absolute fastest tool to implement?
Does the team need to manage the configuration of Windows-based assets from a central machine?
Is the organization primarily concerned with configuring servers for applications hosted on cloud platforms?
Does the team want to store management routines in cookbooks that can be shared across teams?
These questions combine both broad and specific concerns. IT leaders should identify the specific system and team requirements when assessing configuration management tools to find the best match.
Kerry Doyle writes about technology for a variety of publications and platforms. His current focus is on issues relevant to IT and enterprise leaders across a range of topics, from nanotech and cloud to distributed services and AI.
Dig Deeper on Systems automation and orchestration
