Configuration Management Tools: 5 You Should Know in 2019

Eric BoersmaMon, 08/26/2019 - 08:26

There is a myriad of reasons that a team might be looking for a new configuration management tool. Maybe your team doesn’t have any configuration management at all and is just starting out. Could be that what you’re using now isn’t working. Whatever the reason, picking a new configuration management tool can be a trying process. There are dozens of options on the market, and they all promise the world. If you’re evaluating configuration management options, you’re probably not going to sample a dozen different tools before choosing. Thankfully, you’ve come to the right place. We’re going to take a look at the five best configuration management tools on the market today and talk about why you might want to choose one over the other.

Understand Your Needs

Before we start, a quick word on what this post is not. This isn’t a post that’s about virtualization or containerization. Some people tend to get those confused. Tools like Docker are terrific for teams setting up swarms of small servers, but they’re not true configuration management. If you’re looking to adopt containerization, this probably isn’t the post for you. You don’t want to mix these kinds of tools with Docker’s containers. The results won’t be good.

Instead, this post is going to dive into configuration management that’ll help you manage dedicated or virtual servers. Servers which each run their own dedicated operating system.

Additionally, if your needs are minor configuration changes on a server or two, adopting a full-blown configuration management system might not be the right answer for you. Jumping into a tool like Chef or Ansible is a big ask for a team. It’s very difficult to do piecemeal. If all you need to do is make sure that a script or two runs on a server the first time it starts up, these tools are probably overkill for your needs. Configuration management tools are for ensuring the state of a system remains good over a long period of time. Don’t adopt a system that has way more power than you need.

Understand Your Strengths and Weaknesses

This is another important part of choosing a configuration management tool. If you already have a team, knowing what skills they bring to the table are going to influence your decisions. Adopting Chef while your entire team is Python experts is probably a mistake because Chef’s interfaces are Ruby-based.

This is an important factor. There is no single “best” configuration management system. If there were, this post would be a lot shorter! Instead, each configuration management system excels at different things. Some are quicker to set up or offer blazing speed when configuring a system. Those same systems might trade-off features in robustness of configuration options, or have fewer community options.

Listen to your team, and understand their skills before you make a final decision. That’s the best way to find a tool which will work for you over the long run.

The 5 Best Tools

Here are the top five tools, plus a few features of each that may help you decide which is right for your team.


Puppet is one of the earliest configuration management tools. Their initial release was in 2005, and they’ve been at the forefront of the field since then. This is a real bonus because they’re tested in organizations from the very small to the very large. If you choose Puppet, you know that you’re choosing a tool that’s been proven to work.

Unfortunately, Puppet’s age can also work against it a little bit. Puppet designed their workflows before modern conceptions of DevOps were popularized. The result is that Puppet feels a bit like a tool that’s designed for system administrators, not developers. If you’re looking for a tool to manage your servers in a fast-paced DevOps environment, Puppet might not be the right choice. However, if you’re a team that still employs dedicated system administrators, Puppet’s tooling will probably be much easier for them to learn.

One advantage of a mature configuration management system is the community. Puppet comes with their Forge, which is a place for people to share manifests that they’ve written. Whatever you’re trying to do, chances are someone’s already done it before. If you’re starting a new Puppet installation, this is a great place to check out.


The other extremely heavy hitter in the configuration management world is Chef. Chef is younger than Puppet but still battle-tested. It originally launched in 2009. When Chef and Puppet are commonly compared, Chef is usually judged to be a bit more developer-friendly. Once again, this can be a double-edged sword. If your systems administrators are strong developers, they might be more at home with Chef than they would be with a tool like Puppet.

Much like Puppet, one of Chef’s greatest strengths is its community. Chef enables easy sharing of popular configurations via the concept of “Cookbooks.” Sharing these on a website like the Chef Supermarket is simple and straightforward.

Both Chef and Puppet operate in a client/server mode. That is, whenever a new machine comes online, it connects with the designated server, and registers itself. Then, the server pushes down a configuration to the client. Once the initial configuration has completed, the client periodically checks in with the server to make sure it’s still correctly configured. If it’s not, it downloads the specified state from the server and applies it.


Salt is a bit different from Puppet and Chef in a couple of different ways. First off, unlike Puppet and Chef, Salt’s programming language is Python. The developers chose Python because it’s installed on pretty much every Linux machine you might ever boot up. This means getting started with Salt on a new server is a pretty trivial task. If your team is full of seasoned Python devs, Salt is a great choice.

Another thing that differentiates Salt is that it operates in a push method, instead of Chef and Puppet’s pull method. Once a configuration change has been made on the Salt server, it immediately pushes that change out to clients. This means that your clients are in sync more quickly.

Unfortunately, Salt’s support for Windows isn’t particularly robust. If you’re a shop that’s looking to configure Windows servers or a mixed environment, you’ll want to look for another tool.


Ansible is another experienced player in the configuration management world. Unlike the first three items on our list, Ansible is a bit easier to pick up because it doesn’t rely on specific knowledge of any programming language. This is a boon if your administrators are inexperienced with the languages that other tools require. This can come back to bite you, though. If you make a syntax error in a Puppet file, for instance, Puppet will fail to run right at the start. Instead, Ansible commands are run one-by-one. If you make a mistake in the syntax of an Ansible file, you won’t discover until that step is about to run. It can take a long time to discover a simple mistake during your initial setups.

With that said, Ansible still brings some real benefits to the table. It doesn’t require installing an application on each client, instead just needing SSH to be configured. From top to bottom, that’s the biggest design philosophy behind Ansible. It’s built to be easy to set up and use. Choosing Ansible means you’ll set up as quickly as any tool on this list.

JuJu as a Service

JuJu is a bit of a wild card on this list. It’s designed to work specifically in the cloud. Designed by the folks at Canonical (behind Ubuntu), JuJu can be used to easily set up common applications on a tool like AWS. Instead of saying that you want to install a particular package on a client, Juju instead takes a command to deploy something like “Mediawiki.” That’s the software behind Wikipedia. Juju will then install everything you need for a Mediawiki installation on a specified cloud provider.

If you’re looking to install some common systems on the cloud, Juju might be the right tool for you.

Finding the Right Tool for You

As we noted, no tool on this list is one-size-fits-all. That’s OK. The teams who built these tools needed to make trade-offs, just like you do. When you’re looking for a configuration management tool, take your time. Figure out what you need, and what skills your team brings to the table. Once you’ve done that, engage with communities around those tools. Spending time talking to people who’ve already taken the leap will teach you more than anyone post can. Configuration management can have some tough first steps but pays off in the long run. Investing time now to make sure that you make the right decisions will pay those same dividends.