I ask for two reasons:<p>1.) My company mandates the use of Jenkins for "all the things" CI/CD related. A significant component of my team's domain is a heavily customized off-the-shelf commercial product. This product comes with a plethora of configuration. We are tasked with using Jenkins to deploy config changes to production, and this has proven to be an inflexible pain in the rear.<p>2.) My company has an enterprise Puppet license, which to me seems a much better fit for our use case. One major caveat is that my company is devoutly beholden to its shareholders, which means it favors FOSS (extreme emphasis on FREE) solutions as much as possible. This has me thinking Ansible.<p>I'm curious as to what you use and why you use it. I'm also open to any suggestions as to how I can convince both my manager and upper management that Jenkins just isn't cutting it.
Fabric.<p><a href="http://www.fabfile.org/" rel="nofollow">http://www.fabfile.org/</a><p>Works over SSH. Uses pure Python. No need to deploy and configure minions/agents/etc.<p>Fabric also benefits from being highly composable. Since it's python, you can parametrize and reuse functions and create class-based tasks [1]<p>Want to use Fabric with python 3? Here is a fork with Python 3 support: <a href="https://github.com/mathiasertl/fabric/" rel="nofollow">https://github.com/mathiasertl/fabric/</a><p>If you use fabtools, I maintain a fork of it for fabric3: <a href="https://github.com/develtech/fabtools/tree/fabric3" rel="nofollow">https://github.com/develtech/fabtools/tree/fabric3</a><p>[1] <a href="http://docs.fabfile.org/en/1.14/usage/tasks.html#task-subclasses" rel="nofollow">http://docs.fabfile.org/en/1.14/usage/tasks.html#task-subcla...</a>
This is an interesting read on Config Management which essentially concludes that makefiles with Jenkins (etc.) work best:<p><a href="https://fortyft.com/posts/ansible-puppet-chef-no-thanks/" rel="nofollow">https://fortyft.com/posts/ansible-puppet-chef-no-thanks/</a><p>For more bells and whistles (and a steeper learning curve) try Escape:<p><a href="https://escape.ankyra.io/docs/what-is-escape/" rel="nofollow">https://escape.ankyra.io/docs/what-is-escape/</a>
I've been trying as much as possible to stick to Packer[1] (create AMI's / Images) and Terraform[2] for executing arbitrary commands and shell scripts. Some may argue this is not truly configuration management because it does not constantly check and maintain desired state.<p>[1] - <a href="https://packer.io" rel="nofollow">https://packer.io</a><p>[2] - <a href="https://terraform.io" rel="nofollow">https://terraform.io</a>
> This has me thinking Ansible.<p>Yeah, no, bad choice. Ansible only pushes configs to remote servers, and
on-line ones at that. Don't expect a retry if any of the servers is down. Good
match for deploying things, but terrible for long term management. It's
somewhat similar with this regard to Jenkins.<p>Also Ansible's approach of using SSH (directly to root or through sudo) is
brittle; prepare for outages if you start changing sshd config or sudoers, as
it's easy to cut off your all channels: configuration distribution, running
predefined procedures, and debugging. And there's more, like managing hosts'
public keys being PITA (as always with SSH) or weird way of encoding
a programming language as YAML with mismatching preprocessor (Jinja2).<p>If you have Puppet deployed, stay with Puppet for managing configuration.
I use ansible to do remote execution, and upload more complex scripts to do tasks. Doing everything with Ansible is hard and most often you spend more time learning the quirks of Ansible and not solving problems.<p>Ansible for remote execution and your write your own scripts, tha has been a good combination for me.<p>Very resently I remake all my bash and makefile scripts to use just python scripts with <a href="https://github.com/mariocesar/boot.py" rel="nofollow">https://github.com/mariocesar/boot.py</a>, taking advantage that all my instances have Python 3.6 by default.<p>Have python3 for scripting makes doing sysadmin work joyful.
I use CFEngine -- because of its maturity, wide range of supported platforms, and the amazing support I experienced from the author and community.<p>I wrote this 3 years ago and it's still true today: <a href="http://verticalsysadmin.com/blog/cfengine-is-awesome/" rel="nofollow">http://verticalsysadmin.com/blog/cfengine-is-awesome/</a><p>Offering training and consulting on CFEngine has allowed me the privilege of training top-notch talent from all over the world (and to see more of the States).
The project I'm working on currently, it's 95% Chef. The remainder is Ansible. We use Ansible for what it's good at, and Chef for the rest.