ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Opinions: Ansible vs. SaltStack

    Scheduled Pinned Locked Moved IT Discussion
    devopsansiblesaltautomationsaltstack
    88 Posts 17 Posters 12.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates @scottalanmiller
      last edited by stacksofplates

      @scottalanmiller said in Opinions: Ansible vs. Salt:

      @stacksofplates said in Opinions: Ansible vs. Salt:

      I don't think it's slow at all. I've run both Puppet and Ansible and they seem pretty comparable.

      Not necessarily a good comparison, Puppet is one of the slow ones that Salt specifically was designed to address. Not saying Ansible is slow, I don't know. I just know that Salt was specifically designed to be fast because Puppet was so slow.

      I have seen it be really slow. I don't like saying one is faster than the other with anecdotal evidence, that's why I worded it that way. So with that said:

      I've found Ansible to be faster in a lot of areas (again anecdotal). It also depends on how you're running. Pull is faster than push. I mistakenly said in another area it SSHs into the local machine, but it has a local connection that you specify. If you are doing push you still do the local machine with the local connection. You can also cache facts which speeds things up. My stuff checks in every 10 minutes and on a no change run it takes about 10-20 seconds, and we do all of our SCAP hardening with it. We don't really do users and groups, that's all through LDAP, but I have done it and it didn't seem slow at all.

      1 Reply Last reply Reply Quote 0
      • matteo nunziatiM
        matteo nunziati
        last edited by matteo nunziati

        tbh I think that speed really matters only after you scale a bit. having to administer a few tens of VM is not so influenced by speed. having to manage few hundreds is a different thing.

        I've choosed ansible in the past because you have less stuff to learn at first and I prefer the no-agent approach (and usually I have an ssh connection open anyway). but my needs are really limited.

        btw, zeromq is the fastest thing you can have in the python world, so if speed really matters, there is no other solution than salt.

        1 Reply Last reply Reply Quote 0
        • stacksofplatesS
          stacksofplates
          last edited by

          I have different separate networks but each has a little less than 100 machines (physical and virtual) and they are all managed with Ansible. Even with full changes the playbooks take less than a minute.

          Pipelining also drastically improves speed. You have to disable requiretty (which is arguable in its adding security anyway).

          One thing that would be nice is central reporting for ansible-pull logs.

          1 Reply Last reply Reply Quote 0
          • RomoR
            Romo
            last edited by

            @stacksofplates Doesn't the use of tags allow for writing tasks that are not idempotent and this is not recommended?

            stacksofplatesS 1 Reply Last reply Reply Quote 1
            • stacksofplatesS
              stacksofplates @Romo
              last edited by

              @Romo said in Opinions: Ansible vs. Salt:

              @stacksofplates Doesn't the use of tags allow for writing tasks that are not idempotent and this is not recommended?

              They're still idempotent. But you just don't include the installation of the application if it's just configuration. You don't have to do that, and it might not save that much time.

              However, its really nice for dev machines to make sure something is running properly.

              1 Reply Last reply Reply Quote 2
              • momurdaM
                momurda
                last edited by

                learned a new English word today.

                1 Reply Last reply Reply Quote 0
                • ObsolesceO
                  Obsolesce
                  last edited by

                  I found a more up to date (march of 2017) article doing a good SaltStack vs Ansible comparison.

                  https://www.upguard.com/articles/saltstack-vs-ansible-revisited

                  F 1 Reply Last reply Reply Quote 0
                  • Emad RE
                    Emad R @scottalanmiller
                    last edited by

                    @scottalanmiller

                    I think SS works better under Windows, especially the ready modules for RDP/local group policy, and the installer, so they are targeting that better.

                    1 Reply Last reply Reply Quote 2
                    • F
                      flaxking @Obsolesce
                      last edited by

                      @tim_g said in Opinions: Ansible vs. SaltStack:

                      I found a more up to date (march of 2017) article doing a good SaltStack vs Ansible comparison.

                      https://www.upguard.com/articles/saltstack-vs-ansible-revisited

                      I didn't find this article particularly useful.

                      1 Reply Last reply Reply Quote 0
                      • D
                        David_CSG
                        last edited by David_CSG

                        I do realize this is an OLD post (relatively speaking) but I appreciate(d) finding it, as I'm currently revisiting "Salt vs. Ansible," and while I thought I was leaning towards Salt, perhaps it might be Ansible instead at this point. Not yet settled.

                        Nothing needs to be used, anything that is used will be primarily to ease my job of administering - primarily - client machines. (Currently not rolling out enough Linux (or Windows for that matter) servers to be considering a/ny config mgmt system - at this time).

                        Most sites have or can have a linux vm that I setup and maintain.
                        My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                        Security is also (especially, as we all know) not at all a non-factor.
                        I do like that as of now - with the current build of Windows 10, ssh(d) is included.
                        And I hope to use a setup that will work over ssh, with client-nodes limiting connections (from source IP) by firewall, and ssh config limiting connections to/by key only.
                        I know that the default config of OpenSSH in Windows uses
                        "C: \ProgramData\ssh\administrators_authorized_keys"

                        for said config, I have yet to verify if the MS-included (Apps > Optional Features) sshd uses the same.

                        DustinB3403D 1 Reply Last reply Reply Quote 4
                        • DustinB3403D
                          DustinB3403 @David_CSG
                          last edited by

                          @David_CSG said in Opinions: Ansible vs. SaltStack:

                          My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                          This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                          black3dynamiteB ObsolesceO 2 Replies Last reply Reply Quote 4
                          • black3dynamiteB
                            black3dynamite @DustinB3403
                            last edited by

                            @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                            @David_CSG said in Opinions: Ansible vs. SaltStack:

                            My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                            This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                            Probie!
                            giphy.gif

                            1 Reply Last reply Reply Quote 3
                            • ObsolesceO
                              Obsolesce @DustinB3403
                              last edited by

                              @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                              @David_CSG said in Opinions: Ansible vs. SaltStack:

                              My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                              This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                              If it's mostly Windows, I find SaltStack much easier to use with Windows. Lots more functionality, at least the last time I was deep into it. If it was mac/Linux clients only, then I'd choose Ansible likely, of course depending on things.

                              DustinB3403D 1 Reply Last reply Reply Quote 1
                              • F
                                flaxking
                                last edited by

                                @David_CSG so what's your plan for ssh into laptops that are out and about?

                                D stacksofplatesS 2 Replies Last reply Reply Quote 0
                                • DustinB3403D
                                  DustinB3403 @Obsolesce
                                  last edited by

                                  @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                  @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                  @David_CSG said in Opinions: Ansible vs. SaltStack:

                                  My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                                  This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                                  If it's mostly Windows, I find SaltStack much easier to use with Windows. Lots more functionality, at least the last time I was deep into it. If it was mac/Linux clients only, then I'd choose Ansible likely, of course depending on things.

                                  We're mostly mac.

                                  ObsolesceO 1 Reply Last reply Reply Quote 0
                                  • ObsolesceO
                                    Obsolesce @DustinB3403
                                    last edited by

                                    @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                    @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                    @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                    @David_CSG said in Opinions: Ansible vs. SaltStack:

                                    My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                                    This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                                    If it's mostly Windows, I find SaltStack much easier to use with Windows. Lots more functionality, at least the last time I was deep into it. If it was mac/Linux clients only, then I'd choose Ansible likely, of course depending on things.

                                    We're mostly mac.

                                    Sorry to hear that.

                                    wrx7mW DustinB3403D 2 Replies Last reply Reply Quote 1
                                    • wrx7mW
                                      wrx7m @Obsolesce
                                      last edited by

                                      @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                      @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                      @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                      @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                      @David_CSG said in Opinions: Ansible vs. SaltStack:

                                      My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                                      This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                                      If it's mostly Windows, I find SaltStack much easier to use with Windows. Lots more functionality, at least the last time I was deep into it. If it was mac/Linux clients only, then I'd choose Ansible likely, of course depending on things.

                                      We're mostly mac.

                                      Sorry to hear that.

                                      This^^^

                                      1 Reply Last reply Reply Quote 0
                                      • DustinB3403D
                                        DustinB3403 @Obsolesce
                                        last edited by

                                        @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                        @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                        @Obsolesce said in Opinions: Ansible vs. SaltStack:

                                        @DustinB3403 said in Opinions: Ansible vs. SaltStack:

                                        @David_CSG said in Opinions: Ansible vs. SaltStack:

                                        My need is for one mgmt tool that is: Viable for Windows and Mac OS endpoint management, and for simple basic (check for and) application of system updates, both fit the bill.

                                        This is exactly why I am heavily testing out Ansible with @stacksofplates and @IRJ slapping me in the back of my head continuously.

                                        If it's mostly Windows, I find SaltStack much easier to use with Windows. Lots more functionality, at least the last time I was deep into it. If it was mac/Linux clients only, then I'd choose Ansible likely, of course depending on things.

                                        We're mostly mac.

                                        Sorry to hear that.

                                        It's not so bad when you start forcing them to do what you want with the cli.

                                        1 Reply Last reply Reply Quote 1
                                        • DustinB3403D
                                          DustinB3403
                                          last edited by DustinB3403

                                          It still a Unix-esk OS, so things I can do with Fedora I can more or less force to be done in OSX.

                                          Just takes some finagling.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 2
                                          • D
                                            David_CSG @flaxking
                                            last edited by

                                            @flaxking

                                            Most client laptops are reliably in-house on set days.
                                            For real road-warriors, I’ll leverage our RMM (Solarwinds), which is ok (I have to overcome shortcomings for the Mac with custom shell scripts, and shortcomings for Windows with custom powershell).

                                            But I’d much rather leverage Ansible where possible.

                                            Other tools are DEP & MDM (Mosyle.com for macOS & does iOS), and Munki.

                                            F wrx7mW 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 2 / 5
                                            • First post
                                              Last post