Opinions: Ansible vs. SaltStack
-
@DustinB3403 said in Opinions: Ansible vs. SaltStack:
It still a Unix-esk OS, so things I can do with Fedora I can more or less force to be done in OSX.
Just takes some finagling.
Not just UNIX-esk, fully UNIX certified. One of the last, and by far the most mainstream certified UNIX of the last decade.
-
@David_CSG said in Opinions: Ansible vs. SaltStack:
For real road-warriors, I’ll leverage our RMM (Solarwinds), which is ok (I have to overcome shortcomings for the Mac with custom shell scripts, and shortcomings for Windows with custom powershell).
But I’d much rather leverage Ansible where possible.
Or you could use Salt to manage your in house and your road-warriors.
Though learning Ansible is probably a better career move (searching saltstack on stackoverflow jobs returns 7 results, ansible 106)However, I believe that salt generally makes more sense for user computers than ansible
-
@David_CSG Do you work in the education sector?
-
-
So this is now a super old post, but still relevant. I have been using Saltstack to manage my servers. I don't have any downsides to this so far, but I like to re-evaluate every so often. I see that Ansible open sourced (a couple years ago) their Tower GUI (AWX) That's attractive to me.
What are the current opinions on server management in regards to Ansible vs Saltstack.
-
@AdamF said in Opinions: Ansible vs. SaltStack:
So this is now a super old post, but still relevant. I have been using Saltstack to manage my servers. I don't have any downsides to this so far, but I like to re-evaluate every so often. I see that Ansible open sourced (a couple years ago) their Tower GUI (AWX) That's attractive to me.
What are the current opinions on server management in regards to Ansible vs Saltstack.
I looked at the open source AWX about a year ago. It's terrible. They treat it like it is alpha state software and you have to compile it yourself. So it rarely works. I even did a write up here on how to do it the 2nd time it actually worked (it broke the next day, so don't expect this to work still.) https://mangolassi.it/topic/19300/install-awx-on-centos-7-with-docker/25
-
@AdamF said in Opinions: Ansible vs. SaltStack:
So this is now a super old post, but still relevant. I have been using Saltstack to manage my servers. I don't have any downsides to this so far, but I like to re-evaluate every so often. I see that Ansible open sourced (a couple years ago) their Tower GUI (AWX) That's attractive to me.
What are the current opinions on server management in regards to Ansible vs Saltstack.
SaltStack has a new GUI now, too. It's very limited, but looks really promising.
-
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
So this is now a super old post, but still relevant. I have been using Saltstack to manage my servers. I don't have any downsides to this so far, but I like to re-evaluate every so often. I see that Ansible open sourced (a couple years ago) their Tower GUI (AWX) That's attractive to me.
What are the current opinions on server management in regards to Ansible vs Saltstack.
SaltStack has a new GUI now, too. It's very limited, but looks really promising.
OpenSource?
-
What's the current opinion on agent vs agentless?
-
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
6 of 1, half dozen of another. If an agent is required, just build it into your base image or installation script.
-
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
Depends. Are you LAN-based, then agentless is nice. Pretty much anything else, agents are essentially the only option.
-
@travisdh1 said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
6 of 1, half dozen of another. If an agent is required, just build it into your base image or installation script.
Not quite. It's still "more work to deploy" for one, and "more secure" for the other.
-
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
Depends. Are you LAN-based, then agentless is nice. Pretty much anything else, agents are essentially the only option.
Can you further clarify this statement? Why are agents the only option in a lanless (distributed) environment?
-
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
Depends. Are you LAN-based, then agentless is nice. Pretty much anything else, agents are essentially the only option.
Can you further clarify this statement? Why are agents the only option in a lanless (distributed) environment?
Agentless is push model. How do you plan on pushing desired state to clients that have unpredictable connections? Agents can pull, regardless of where the endpoints are.
-
@marcinozga said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
Depends. Are you LAN-based, then agentless is nice. Pretty much anything else, agents are essentially the only option.
Can you further clarify this statement? Why are agents the only option in a lanless (distributed) environment?
Agentless is push model. How do you plan on pushing desired state to clients that have unpredictable connections? Agents can pull, regardless of where the endpoints are.
Exactly.
-
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
What's the current opinion on agent vs agentless?
Depends. Are you LAN-based, then agentless is nice. Pretty much anything else, agents are essentially the only option.
Can you further clarify this statement? Why are agents the only option in a lanless (distributed) environment?
The laptop in the hotel is always the ultimate example. You have an unknown device IP, behind a NAT firewall that you do not control. There is no way for any agentless model to work, it's impossible. This is why universal system management is and always will be agent based. Agents don't require to you know where, or expose systems in order to manage them. This doesn't mean agents are better, it's just the one aspect where it's black and white that agents work the same as on a LAN, and agentless doesn't work at all.
The problem for most companies, is that essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all workloads.
That's why all RMM, for example, uses agents. There's no such thing as an RMM without them.
-
@AdamF said in Opinions: Ansible vs. SaltStack:
So this is now a super old post, but still relevant. I have been using Saltstack to manage my servers. I don't have any downsides to this so far, but I like to re-evaluate every so often. I see that Ansible open sourced (a couple years ago) their Tower GUI (AWX) That's attractive to me.
What are the current opinions on server management in regards to Ansible vs Saltstack.
I believe AWX is much better these days. I still don't like it as much as just using Jenkins. Jenkins gives you a ton of flexibility while still giving you an interface to take inputs or run jobs.
-
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?
-
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?
Depends, is every server open to the Internet and/or on a LAN that you have access to? Mine are not, I have a lot of servers that are like databases and are not accessible from the outside whatsoever. Salt works great and they are super secure. I can do loads of port forwarding and whatnot for Ansible and make it work as their IPs don't change, but it's a huge pain.
And what if you use any kind of scaling, combined with that kind of security, now you have to automate port forwarding and firewall rules, combined with the VMs, in real time, or you get management errors with the wrong stuff going to the wrong server.
Agents are just so much better IMHO in the real world. Not that that one factor means everything, but all other things being equal, I always want the agent.
-
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?
Depends, is every server open to the Internet and/or on a LAN that you have access to? Mine are not, I have a lot of servers that are like databases and are not accessible from the outside whatsoever. Salt works great and they are super secure. I can do loads of port forwarding and whatnot for Ansible and make it work as their IPs don't change, but it's a huge pain.
And what if you use any kind of scaling, combined with that kind of security, now you have to automate port forwarding and firewall rules, combined with the VMs, in real time, or you get management errors with the wrong stuff going to the wrong server.
Agents are just so much better IMHO in the real world. Not that that one factor means everything, but all other things being equal, I always want the agent.
That's fair. With Salt, on your salt master, do you rely on the keys for authentication, or do you also lock down your firewall to only allow ports 4505:4506 FROM your minion IPs?