This article has an unclear citation style .(November 2013) |
This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.
"Verify mode" (also called dry run) refers to having an ability to determine whether a node is conformant with a guarantee of not modifying it, and typically involves the exclusive use of an internal language supporting read-only mode for all potentially system-modifying operations. "Mutual auth" refers to the client verifying the server and vice versa.
"Agent" describes whether additional software daemons are required. Depending on the management software these agents are usually deployed on the target system or on one or many central "controller" servers. Although "Agent-less" = "No" is colored red and might seem to be a negative, in fact having an agent can be considered quite advantageous to many. Consider the impact if an agent-less tool loses connectivity to a node while making critical changes—leaving the node in an indeterminate state that compromises its (production?) functionality.
Language | License | Mutual auth. | Encryption | Verify mode | Agent-less | Incl. GUI | First release | Latest stable release | |
---|---|---|---|---|---|---|---|---|---|
Ansible | Python | GPLv3+ | Yes [lower-alpha 1] | Yes [lower-alpha 2] | Yes | Yes | Yes [1] | 2012-03-08 | 2023-11-11 2.15.4 [2] |
Bcfg2 | Python | BSD 2-clause [3] | Yes [lower-alpha 3] | Yes [lower-alpha 4] | Yes [lower-alpha 5] | No | Yes [4] | 2004-08-11 [5] | 2015-06-11 1.3.6 [5] |
Capistrano | Ruby | MIT License | Yes [lower-alpha 2] | Yes [lower-alpha 2] | No | 2005 | 2022-08-07 3.17.1 | ||
cdist | Python | GPLv3+ | Yes [lower-alpha 1] | Yes [lower-alpha 2] | Yes | 2010 | 2021-08-24 6.9.8 [6] | ||
Chef | Ruby, Erlang | Apache 2.0 | Yes [lower-alpha 6] | Yes [lower-alpha 7] | Yes [lower-alpha 8] [7] | No | Yes | 2009-01-15 0.5.0 | 2023-01-05 18.1.0 (client), [8] 15.4.0 (server) [9] |
CFEngine | C [10] | GPLv3 [11] | Yes [lower-alpha 1] | Yes [12] | Yes [13] [14] [15] [16] | No | Yes [17] | 1993 | 2023-12-06 3.23.0, [18] 2024-01-11 3.21.4, [19] 2023-01-11 3.18.7, [20] |
ISconf | Python | GPL [21] | Yes [lower-alpha 9] | No [22] | 1998 | 2006-08-13 4.2.8.233 | |||
Juju | Python, Go [23] | AGPL | Yes [lower-alpha 1] | Yes [lower-alpha 4] | No | No | Yes [24] | 2010-09-17 [25] | 2024-02-15 3.4.0 [26] |
Local ConFiGuration system (LCFG) | Perl | GPL | Partial [27] | Partial [28] | No | No | No | 1994 | Weekly Releases |
NOC Project | Python | BSD License 2.0 | Yes [lower-alpha 1] | Yes [lower-alpha 2] | Yes | Yes | Yes | 2012-03-08 | 2015-05-20 15.05.1 [29] |
OCS Inventory NG with GLPI | Perl, PHP, C++ | GPL | No [30] | Yes [lower-alpha 4] | No | 2003 | 2014-07-13 [31] | ||
Open pc server integration (Opsi) | Python, Java | GPL | No | Yes [lower-alpha 4] | No | 2004 | 2013-03-01 4.0.3 | ||
PIKT | C | GPLv2+ [32] | Yes [33] | Yes [34] | No | 1998 [35] | 2007-09-10 1.19.0 | ||
Puppet | Ruby, C++ & Clojure (server-side also Ruby before 4.0 [36] ) | Apache since 2.7.0, GPL before then | Yes [lower-alpha 10] | Yes [lower-alpha 4] | Yes [lower-alpha 11] [37] | No | Yes [38] | 2005-08-30 [39] | 2020-06-03 6.16.0 (client), [40] 2020-06-03 6.12.0 (server) [41] |
Quattor | Perl, Python | Apache 2.0 [42] [43] | Yes [44] | Yes [45] | 2005-04-01 [46] | 2023-08-14 23.6.0 [47] | |||
Radmind | C | BSD [48] | Yes [49] | Yes [50] | No | 2002-03-26 [51] | 2008-10-08 1.13.0 [52] | ||
Rex | Perl | Apache | Yes [lower-alpha 1] | Yes [lower-alpha 2] | Yes | 2010-11-05 0.9.0 [53] | 2021-07-05 1.13.4 [54] | ||
Rudder | C, Scala and Rust | GPLv3 and Apache 2.0 [55] | Yes [lower-alpha 1] | Yes [lower-alpha 4] | Yes [lower-alpha 12] [56] | No | Yes | 2011-10-31 | 2023-07-21 7.3.4 [57] |
SmartFrog | Java | Apache 2.0 [58] | Yes [59] | Yes [59] | No | 2004-02-11 | 2012-03-13 3.18.016 [60] | ||
Salt [61] | Python [62] | Apache 2.0 [63] | Yes [64] | Yes [64] | Yes | Both [65] [66] | Yes [67] [68] | 2011-03-17 0.6.0 [69] | 2023-05-05 v3006.1 [70] |
Spacewalk | Java (C, Perl, Python, PL/SQL) | GPLv2 | Yes | Yes | No | 2008-06 [71] | 2019-01-14 2.9 [72] | ||
STAF | C++ | CPL [73] | No [lower-alpha 13] [lower-alpha 14] | Partial [74] | No | 1998-02-16 [75] | 2012-12-16 3.4.16 [76] | ||
Synctool [77] | Python [78] | GPLv2 [79] | Yes [lower-alpha 15] | Yes [lower-alpha 2] | Yes [lower-alpha 16] | Yes [80] | 2003 [81] | 2019-08-11 6.3 [82] | |
Uyuni | Java, Python, PL/SQL (Perl) | GPLv2/Apache 2.0 | Yes | Yes | Yes | Both | Yes | 2018-06 [83] | 31-01-2024 2024.01 [84] |
Language | License | Mutual auth | Encrypts | Verify mode | Agent-less | Have a GUI | First release | Latest stable release |
Note: This means platforms on which a recent version of the tool has actually been used successfully, not platforms where it should theoretically work since it is written in good portable C/C++ or an interpreted language. It should also be listed as a supported platform on the project's web site.
AIX | *BSD | HP-UX | Linux | OS X | Solaris | Windows | Others | |
---|---|---|---|---|---|---|---|---|
Ansible | Yes | Yes | Yes | Yes | Yes | Yes | Yes (excluding controller) | Yes [85] |
Bcfg2 | Partial [lower-alpha 17] | Yes [lower-alpha 18] | No | Yes [lower-alpha 19] | Partial [lower-alpha 20] | Yes | No | No |
CFEngine | Yes | Yes [lower-alpha 18] | Yes | Yes | Yes | Yes | Yes (enterprise version only) | Yes [lower-alpha 21] |
cdist | Yes | Yes | Yes | No | ||||
Chef | Yes [86] | Yes | Yes | Yes | Yes | Yes | Yes [87] | Yes |
ISconf | Yes | Yes | Yes | Yes | Yes | Yes | No | No |
Juju | Yes | Yes [88] | ||||||
Local ConFiGuration system (LCFG) | No | No | No | Partial [lower-alpha 22] | Partial [lower-alpha 23] | Partial [lower-alpha 24] | No | No |
OCS Inventory NG | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
Open pc server integration (Opsi) | No | No | No | Yes | No | No | Yes | No |
PIKT | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes [lower-alpha 25] |
Puppet | Yes | Yes | Yes | Yes | Yes | Yes | Yes [89] | Yes |
Quattor | No | No | No | Yes | Partial [90] | Yes | No | No |
Radmind | Yes | Yes [lower-alpha 18] [lower-alpha 26] [lower-alpha 27] | No | Yes | Yes | Yes | Yes | No |
Rex | Yes | Yes | Yes [91] | Yes | Yes [91] | No | ||
Rudder | Yes | Partial [lower-alpha 28] | No | Yes | Partial [lower-alpha 28] | Partial [92] | Yes | Yes [lower-alpha 29] |
SmartFrog | No [lower-alpha 30] | No [lower-alpha 30] | Yes | Yes | Yes | Yes | Yes | No [lower-alpha 30] |
Salt | Yes | Yes | Partial [lower-alpha 31] | Yes [93] | Yes | Yes [94] | Yes | Partial [lower-alpha 31] |
Spacewalk | No [95] | No | No | Yes [96] | No | No [97] | No | No |
STAF | Yes [lower-alpha 32] | Yes [lower-alpha 33] | Yes [lower-alpha 34] | Yes [lower-alpha 35] | Yes [98] | Yes [lower-alpha 36] | Yes [lower-alpha 37] | Yes [lower-alpha 38] |
Synctool | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes [lower-alpha 39] |
Uyuni | No | No | No | Partial [lower-alpha 40] | No | No | No | No |
AIX | *BSD | HP-UX | Linux | OS X | Solaris | Windows | Others |
Not all tools have the same goal and the same feature set. To help distinguish between all of these software packages, here is a short description of each one.
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
Quattor is a generic open-source tool-kit used to install, configure, and manage computers. Quattor was originally developed in the framework of European Data Grid project (2001-2004). Since its first release in 2003, Quattor has been maintained and extended by a volunteer community of users and developers, primarily from the community of grid system administrators. The Quattor tool-kit, like other configuration management systems, reduces the staff required to maintain a cluster and facilitates reliable change management. However, three unique features make it particularly attractive for managing grid resources:
Capistrano is an open-source tool for running scripts on multiple servers; its main use is deploying web applications. It automates the process of making a new version of an application available on one or more web servers, including supporting tasks such as changing databases.
Conserver is a serial console management system that provides remote access to system consoles and logs to a central (master) host. It supports both local and network serial connections and allows replay of the server console history even if the server is down. Multiple users can connect to a single serial connection, with one having write-access.
Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is produced by Puppet Inc., founded by Luke Kanies in 2005. Its primary product, Puppet Enterprise, is a proprietary and closed-source version of its open-source Puppet software. They use Puppet's declarative language to manage stages of the IT infrastructure lifecycle, including the provisioning, patching, configuration, and management of operating system and application components in data centers and cloud infrastructures.
Spacewalk is open-source systems management software for system provisioning, patching and configuration licensed under the GNU GPLv2.
Progress Chef is a configuration management tool written in Ruby and Erlang. It uses a pure-Ruby, domain-specific language (DSL) for writing system configuration "recipes". Chef is used to streamline the task of configuring and maintaining a company's servers, and can integrate with cloud-based platforms such as Amazon EC2, Google Cloud Platform, Oracle Cloud, OpenStack, IBM Cloud, Microsoft Azure, and Rackspace to automatically provision and configure new machines. Chef contains solutions for both small and large scale systems.
ssh-keygen is a standard component of the Secure Shell (SSH) protocol suite found on Unix, Unix-like and Microsoft Windows computer systems used to establish secure shell sessions between remote computers over insecure networks, through the use of various cryptographic techniques. The ssh-keygen utility is used to generate, manage, and convert authentication keys.
University of Tsukuba Virtual Private Network, UT-VPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was written by Daiyuu Nobori and SoftEther Corporation, and is published under the GNU General Public License (GPL) by University of Tsukuba.
Salt is a Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management. Supporting the "infrastructure as code" approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control.
Vagrant is a source-available software product for building and maintaining portable virtual software development environments; e.g., for VirtualBox, KVM, Hyper-V, Docker containers, VMware, Parallels, and AWS. It tries to simplify the software configuration management of virtualization in order to increase development productivity. Vagrant is written in the Ruby language, but its ecosystem supports development in a few other languages. Vagrant has a Business Source License 1.1, while there is a fork called Viagrunts with the original MIT license.
cdist is a free software configuration management tool for Unix-like systems. It manages nodes over SSH using the Bourne Shell, and does not require any additional software to be installed on target nodes.
Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.
CopSSH is an implementation of OpenSSH for Windows. CopSSH offers both SSH client and server functionality and can be used for remote administration of Windows systems. CopSSH contains Cygwin DLLs and a compiled version of OpenSSH on Cygwin. An administration GUI is also provided as of version 4.0.0.
Foreman is an open source complete life cycle systems management tool for provisioning, configuring and monitoring of physical and virtual servers. Foreman has deep integration to configuration management software, with Ansible, Puppet, Chef, Salt and other solutions through plugins, which allows users to automate repetitive tasks, deploy applications, and manage change to deployed servers.
Rudder is an open source audit and configuration management utility to help automate system configuration across large IT infrastructures. Rudder relies on a lightweight local agent installed on each managed machine.
Continuous configuration automation (CCA) is the methodology or process of automating the deployment and configuration of settings and software for both physical and virtual data center equipment.
Teleport is an open-source tool for providing zero trust access to servers and cloud applications using SSH, Kubernetes and HTTPS. It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.