Английская Википедия:Comparison of open-source configuration management software

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description

Шаблон:Reference-style


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Basic properties

"Verify mode" (also called dry run) refers to having an ability to determine whether a node is conformant with a guarantee of not modifying it, and typically involves the exclusive use of an internal language supporting read-only mode for all potentially system-modifying operations. "Mutual auth" refers to the client verifying the server and vice versa.

"Agent" describes whether additional software daemons are required. Depending on the management software these agents are usually deployed on the target system or on one or many central "controller" servers. Although "Agent-less" = "No" is colored red and might seem to be a negative, in fact having an agent can be considered quite advantageous to many. Consider the impact if an agent-less tool loses connectivity to a node while making critical changes—leaving the node in an indeterminate state that compromises its (production?) functionality.

Language License Mutual auth Encryption Verify mode Agent-less Has a GUI First release Latest stable release
Шаблон:Rh | Ansible Python GPLv3+ Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes Шаблон:Yes Шаблон:Yes[1] 2012-03-08 2023-11-11 2.15.4[2]
Шаблон:Rh | Bcfg2 Python BSD 2-clause[3] Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:No Шаблон:Yes[4] 2004-08-11[5] 2015-06-11 1.3.6[5]
Шаблон:Rh | Capistrano Ruby MIT License Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:No 2005 2022-08-07 3.17.1
Шаблон:Rh | cdist Python GPLv3+ Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes 2010 2021-08-24 6.9.8[6]
Шаблон:Rh | Chef Ruby, Erlang Apache 2.0 Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn[7] Шаблон:No Шаблон:Yes 2009-01-15 0.5.0 2023-01-05 18.1.0 (client),[8] 15.4.0 (server)[9]
Шаблон:Rh | CFEngine C[10] GPLv3[11] Шаблон:YesШаблон:Efn Шаблон:Yes[12] Шаблон:Yes[13][14][15][16] Шаблон:No Шаблон:Yes[17] 1993 2023-12-06 3.23.0,[18] 2024-01-11 3.21.4,[19] 2023-01-11 3.18.7,[20]
Шаблон:Rh | ISconf Python GPL[21] Шаблон:YesШаблон:Efn Шаблон:No[22] 1998 2006-08-13 4.2.8.233
Шаблон:Rh | Juju Python, Go[23] Affero General Public License Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:No Шаблон:No Шаблон:Yes[24] 2010-09-17[25] 2024-02-15 3.4.0[26]
Шаблон:Rh | Local ConFiGuration system (LCFG) Perl GPL Шаблон:Partial[27] Шаблон:Partial[28] Шаблон:No Шаблон:No Шаблон:No 1994 Weekly Releases
Шаблон:Rh | NOC Project Python BSD License 2.0 Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes Шаблон:Yes Шаблон:Yes 2012-03-08 2015-05-20 15.05.1[29]
Шаблон:Rh | OCS Inventory NG with GLPI Perl, PHP, C++ GPL Шаблон:No[30] Шаблон:YesШаблон:Efn Шаблон:No 2003 2014-07-13[31]
Шаблон:Rh | Open pc server integration (Opsi) Python, Java GPL Шаблон:No Шаблон:YesШаблон:Efn Шаблон:No 2004 2013-03-01 4.0.3
Шаблон:Rh | PIKT C GPLv2+[32] Шаблон:Yes[33] Шаблон:Yes[34] Шаблон:No 1998[35] 2007-09-10 1.19.0
Шаблон:Rh | Puppet Ruby, C++ & Clojure (server-side also Ruby before 4.0[36]) Apache since 2.7.0, GPL before then Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn[37] Шаблон:No Шаблон:Yes[38] 2005-08-30[39] 2020-06-03 6.16.0 (client),[40] 2020-06-03 6.12.0 (server)[41]
Шаблон:Rh | Quattor Perl, Python Apache 2.0[42][43] Шаблон:Yes[44] Шаблон:Yes[45] 2005-04-01[46] 2023-08-14 23.6.0[47]
Шаблон:Rh | Radmind C BSD[48] Шаблон:Yes[49] Шаблон:Yes[50] Шаблон:No 2002-03-26[51] 2008-10-08 1.13.0[52]
Шаблон:Rh | Rex Perl Apache Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes 2010-11-05 0.9.0[53] 2021-07-05 1.13.4[54]
Шаблон:Rh | Rudder C, Scala and Rust GPLv3 and Apache 2.0[55] Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn[56] Шаблон:No Шаблон:Yes 2011-10-31 2023-07-21 7.3.4 [57]
Шаблон:Rh | SmartFrog Java Apache 2.0[58] Шаблон:Yes[59] Шаблон:Yes[59] Шаблон:No 2004-02-11 2012-03-13 3.18.016[60]
Шаблон:Rh | Salt[61] Python[62] Apache 2.0[63] Шаблон:Yes[64] Шаблон:Yes[64] Шаблон:Yes Both[65][66] Шаблон:Yes[67][68] 2011-03-17 0.6.0[69] 2023-05-05 v3006.1[70]
Шаблон:Rh | Spacewalk Java (C, Perl, Python, PL/SQL) GPLv2 Шаблон:Yes Шаблон:Yes Шаблон:No 2008-06[71] 2019-01-14 2.9[72]
Шаблон:Rh | STAF C++ CPL[73] Шаблон:NoШаблон:EfnШаблон:Efn Шаблон:Partial[74] Шаблон:No 1998-02-16[75] 2012-12-16 3.4.16 [76]
Шаблон:Rh | Synctool[77] Python[78] GPLv2[79] Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes[80] 2003[81] 2019-08-11 6.3[82]
Шаблон:Rh | Uyuni Java, Python, PL/SQL (Perl) GPLv2/Apache 2.0 Шаблон:Yes Шаблон:Yes Шаблон:Yes Both Шаблон:Yes 2018-06[83] 31-01-2024 2024.01[84]
Language License Mutual auth Encrypts Verify mode Agent-less Have a GUI First release Latest stable release

Platform support

Note: This means platforms on which a recent version of the tool has actually been used successfully, not platforms where it should theoretically work since it is written in good portable C/C++ or an interpreted language. It should also be listed as a supported platform on the project's web site.

AIX *BSD HP-UX Linux OS X Solaris Windows Others
Шаблон:Rh | Ansible Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes (Need linux control machine) Шаблон:Yes[85]
Шаблон:Rh | Bcfg2 Шаблон:PartialШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:No Шаблон:YesШаблон:Efn Шаблон:PartialШаблон:Efn Шаблон:Yes Шаблон:No Шаблон:No
Шаблон:Rh | CFEngine Шаблон:Yes Шаблон:YesШаблон:Efn Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes (Enterprise version only) Шаблон:YesШаблон:Efn
Шаблон:Rh | cdist Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No
Шаблон:Rh | Chef Шаблон:Yes[86] Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes[87] Шаблон:Yes
Шаблон:Rh | ISconf Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No Шаблон:No
Шаблон:Rh | Juju Шаблон:Yes Шаблон:Yes[88]
Шаблон:Rh | Local ConFiGuration system (LCFG) Шаблон:No Шаблон:No Шаблон:No Шаблон:PartialШаблон:Efn Шаблон:PartialШаблон:Efn Шаблон:PartialШаблон:Efn Шаблон:No Шаблон:No
Шаблон:Rh | OCS Inventory NG Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No
Шаблон:Rh | Open pc server integration (Opsi) Шаблон:No Шаблон:No Шаблон:No Шаблон:Yes Шаблон:No Шаблон:No Шаблон:Yes Шаблон:No
Шаблон:Rh | PIKT Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No Шаблон:YesШаблон:Efn
Шаблон:Rh | Puppet Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes[89] Шаблон:Yes
Шаблон:Rh | Quattor Шаблон:No Шаблон:No Шаблон:No Шаблон:Yes Шаблон:Partial[90] Шаблон:Yes Шаблон:No Шаблон:No
Шаблон:Rh | Radmind Шаблон:Yes Шаблон:YesШаблон:EfnШаблон:EfnШаблон:Efn Шаблон:No Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No
Шаблон:Rh | Rex Шаблон:Yes Шаблон:Yes Шаблон:Yes[91] Шаблон:Yes Шаблон:Yes[91] Шаблон:No
Шаблон:Rh | Rudder Шаблон:Yes Шаблон:PartialШаблон:Efn Шаблон:No Шаблон:Yes Шаблон:PartialШаблон:Efn Шаблон:Partial[92] Шаблон:Yes Шаблон:YesШаблон:Efn
Шаблон:Rh | SmartFrog Шаблон:NoШаблон:Efn Шаблон:NoШаблон:Efn Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:NoШаблон:Efn
Шаблон:Rh | Salt Шаблон:Yes Шаблон:Yes Шаблон:PartialШаблон:Efn Шаблон:Yes[93] Шаблон:Yes Шаблон:Yes[94] Шаблон:Yes Шаблон:PartialШаблон:Efn
Шаблон:Rh | Spacewalk Шаблон:No[95] Шаблон:No Шаблон:No Шаблон:Yes[96] Шаблон:No Шаблон:No[97] Шаблон:No Шаблон:No
Шаблон:Rh | STAF Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:Yes[98] Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn Шаблон:YesШаблон:Efn
Шаблон:Rh | Synctool Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:Yes Шаблон:No Шаблон:YesШаблон:Efn
Шаблон:Rh | Uyuni Шаблон:No Шаблон:No Шаблон:No Шаблон:PartialШаблон:Efn Шаблон:No Шаблон:No Шаблон:No Шаблон:No
AIX *BSD HP-UX Linux OS X Solaris Windows Others

Short descriptions

Not all tools have the same goal and the same feature set. To help distinguish between all of these software packages, here is a short description of each one.

Ansible
Combines multi-node deployment, ad-hoc task execution, and configuration management in one package. Manages nodes over SSH and requires python (2.6+ or 3.5+) to be installed on them.[99] Modules work over JSON and standard output and can be written in any language. Uses YAML to express reusable descriptions of systems.
Bcfg2
Software to manage the configuration of a large number of computers using a central configuration model and the client–server paradigm. The system enables reconciliation between clients' state and the central configuration specification. Detailed reports provide a way to identify unmanaged configuration on hosts. Generators enable code or template-based generation of configuration files from a central data repository.
CFEngine
Lightweight agent system. Manages configuration of a large number of computers using the client–server paradigm or stand-alone. Any client state which is different from the policy description is reverted to the desired state. Configuration state is specified via a declarative language.[100] CFEngine's paradigm is convergent "computer immunology".[101]
cdist
cdist is a zero dependency configuration management system: It requires only ssh on the target host, which is usually enabled on all Unix-like machines. Only the administration host needs to have Python 3.2 installed.
Chef
Chef is a configuration management tool written in Erlang,[102] and uses a pure Ruby DSL for writing configuration "recipes". These recipes contain resources that should be put into the declared state. Chef can be used as a client–server tool, or used in "solo" mode.[103]
ISconf
Tool to execute commands and replicate files on all nodes. The nodes do not need to be up; the commands will be executed when they boot. The system has no central server so commands can be launched from any node and they will replicate to all nodes.
Juju
Juju concentrates on the notion of service, abstracting the notion of machine or server, and defines relations between those services that are automatically updated when two linked services observe a notable modification.
Local Configuration system (LCFG)
LCFG manages the configuration with a central description language in XML, specifying resources, aspects and profiles. Configuration is deployed using the client–server paradigm. Appropriate scripts on clients (called components) transcribe the resources into configuration files and restart services as needed.
Open PC server integration (Opsi)
Opsi is desktop management software for Windows clients based on Linux servers. It provides automatic software deployment (distribution), unattended installation of OS, patch management, hard- and software inventory, license management and software asset management, and administrative tasks for the configuration management.[104]
PIKT
PIKT is foremost a monitoring system that also does configuration management. "PIKT consists of a sophisticated, feature-rich file preprocessor; an innovative scripting language with unique labor-saving features; a flexible, centrally directed process scheduler; a customizing file installer; a collection of powerful command-line extensions; and other useful tools."
Puppet
Puppet consists of a custom declarative language to describe system configuration, distributed using the client–server paradigm (using XML-RPC protocol in older versions, with a recent switch to REST), and a library to realize the configuration. The resource abstraction layer enables administrators to describe the configuration in high-level terms, such as users, services and packages. Puppet will then ensure the server's state matches the description. There was brief support in Puppet for using a pure Ruby DSL as an alternative configuration language starting at version 2.6.0. However this feature was deprecated beginning with version 3.1.[100][103][105][106]
Quattor
The quattor information model is based on the distinction between the desired state and the actual state. The desired state is registered in a fabric-wide configuration database, using a specially designed configuration language called Pan for expressing and validating configurations, composed out of reusable hierarchical building blocks called templates. Configurations are propagated to and cached on the managed nodes.
Radmind
Radmind manages hosts configuration at the file system level. In a similar way to Tripwire (and other configuration management tools), it can detect external changes to managed configuration, and can optionally reverse the changes. Radmind does not have higher-level configuration element (services, packages) abstraction. A graphical interface is available (only) for OS X.
Rex
Rex is a remote execution system with integrated configuration management and software deployment capabilities. The admin provides configuration instructions via so-called Rexfiles. They are written in a small DSL but can also contain arbitrary Perl. It integrates well with an automated build system used in CI environments.
Salt
Salt started out as a tool for remote server management. As its usage has grown, it has gained a number of extended features, including a more comprehensive mechanism for host configuration. This is a relatively new feature facilitated through the Salt States component. With the traction that Salt has gotten in the last bit, the support for more features and platforms might continue to grow.
SmartFrog
Java-based tool to deploy and configure applications distributed across multiple machines. There is no central server; you can deploy a .SF configuration file to any node and have it distributed to peer nodes according to the distribution information contained inside the deployment descriptor itself.
Spacewalk
Spacewalk is an open source Linux and Solaris systems management solutionШаблон:Buzzword inline and is the upstream project for the source of Red Hat Network Satellite. Spacewalk works with RHEL, Fedora, and other RHEL derivative distributions like CentOS, Scientific Linux, etc. There are ongoing efforts on getting it packaged for inclusion in Fedora. Spacewalk provides systems inventory (hardware and software information, installation and updates of software, collection and distribution of custom software packages into manageable groups, provision systems, management and deployment of configuration files, system monitoring, virtual guest provisioning, starting/stopping/configuring virtual guests and delegating all of these actions to local or LDAP users and system entitlements). As of May 2020, Spacewalk is now EOL with users having moved to either Uyuni or Foreman/Katello.
STAF
The Software Testing Automation Framework (STAF) enables users to create cross-platform, distributed software test environments. STAF removes the tedium of building an automation infrastructure, thus enabling users to focus on building their automation solution.Шаблон:Buzzword inline The STAF framework provides the foundation upon which to build higher-level solutionsШаблон:Buzzword inline, and provides a pluggable approach supported across a large variety of platforms and languages.
Synctool
Synctool aims to be easy to understand, learn and use. It is written in Python and makes use of SSH (passwordless, with host-based or key-based authentication) and rsync. No specific language is needed to configure Synctool. Synctool has dry run capabilities that enable surgical precision. Synctool depends on Python2 which is now EOL and there are no current plans to migrate it to Python3.

See also

Notes

Шаблон:Notelist

References

Шаблон:Reflist

Партнерские ресурсы
Криптовалюты
Магазины
Хостинг
Разное

  1. Шаблон:Cite web
  2. Шаблон:Cite web
  3. Шаблон:Cite web
  4. Шаблон:Cite web
  5. 5,0 5,1 Шаблон:Cite web
  6. Шаблон:Cite web
  7. Шаблон:Cite web
  8. Шаблон:Cite web
  9. Шаблон:Cite web
  10. Шаблон:Cite web
  11. Шаблон:Cite web
  12. TLS: Uses TLS. Шаблон:Cite web
  13. Шаблон:Cite web
  14. Шаблон:Cite web
  15. Шаблон:Cite web
  16. Шаблон:Cite web
  17. Шаблон:Cite web
  18. Шаблон:Cite web
  19. Шаблон:Cite web
  20. Шаблон:Cite web
  21. Шаблон:Cite web
  22. Improved security which would include an encrypted, mutually authenticated, peer-to-peer message bus is tracked here Шаблон:Cite web.
  23. Шаблон:Cite web
  24. Шаблон:Cite web
  25. Шаблон:Cite web
  26. Шаблон:Cite web
  27. LCFG does not provide its own transport mechanism; it relies on an external program, most often Apache. Using Apache it should be possible to do mutual authentication in several ways; however the documentation at The Complete Guide to LCFG, Section 9.4: Authorization and Security, shows access control based on IP address ranges, implying that the client does not authenticate itself to the server via an SSL certificate; it also does not mention if the LCFG client checks the validity of the server's SSL certificate (such as via a per-site fingerprint distributed with the client, or a chain of trust to an accredited CA). It mentions that there can be a per-client password in the profile, but also states that "The contents of the LCFG profile should be considered public".
  28. LCFG supports encrypted communications channels (SSL via Apache); however the documentation at The Complete Guide to LCFG, Section 9.4: Authorization and Security, states that "The contents of the LCFG profile should be considered public".
  29. Шаблон:Cite web
  30. Server authenticates to client, but client does not authenticate to server. See OCS Inventory NG Installation and Administration guide, page 114.
  31. Шаблон:Cite web
  32. Шаблон:Cite web
  33. PIKT uses shared secret keys for mutual authentication. "As an option, you can use secret key authentication to prove the master's identity to the slave. [...] If one managed to crack any system in the PIKT domain, one would have access to all common secrets. To solve this problem, you may use per-slave uid, gid, and private_key settings." - from Security Considerations.
  34. "For file installs, file fetches (to diff against the central configuration), and command executions, you can optionally encrypt all such data traffic between master and slave." - from Security Considerations.
  35. Шаблон:Cite web
  36. Шаблон:Cite web
  37. Шаблон:Cite web
  38. Шаблон:Cite web
  39. Шаблон:Cite web
  40. Шаблон:Cite web
  41. Шаблон:Cite web
  42. Шаблон:Cite web
  43. Шаблон:Cite web
  44. "Client to server authentication and vice versa: on one hand, this allows to enforce access policies to sensitive data according to the client "name", on the other hand, clients are guaranteed to talk to the original server." - from Quattor Installation and User Guide: Version 1.1.x Шаблон:Webarchive, page 70
  45. "[...] secure information transfer, since data are encrypted: this prevents eavesdroppers from obtaining information in transit over the network." - from Quattor Installation and User Guide: Version 1.1.x Шаблон:Webarchive, page 70
  46. Шаблон:Cite web
  47. Шаблон:Cite web
  48. Шаблон:Cite web
  49. "SSL certificates can also be used to authenticate both the Radmind server and the managed clients, regardless of DNS or IP-address variation." - from Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management
  50. "For network security, Radmind supports SSL-encrypted links. This allows nodes on insecure networks to be updated securely." - from Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management
  51. Шаблон:Cite web
  52. Шаблон:Cite web
  53. Шаблон:Cite web
  54. Шаблон:Cite web
  55. Шаблон:Cite web
  56. Шаблон:Cite web
  57. Шаблон:Cite web
  58. Шаблон:Cite web
  59. 59,0 59,1 See Using the new SmartFrog Security
  60. Шаблон:Cite web
  61. Salt is an open source tool to manage your infrastructure. Easy enough to get running in minutes and fast enough to manage tens of thousands of servers
  62. Шаблон:Cite web
  63. Шаблон:Cite web
  64. 64,0 64,1 Шаблон:Cite web
  65. Шаблон:Cite web
  66. Шаблон:Cite web
  67. Шаблон:Cite web
  68. Шаблон:Cite web
  69. Шаблон:Cite web
  70. Шаблон:Cite web
  71. Шаблон:Cite web
  72. Шаблон:Cite web
  73. Шаблон:Cite web
  74. There is a feature request for a Secure TCP/IP Connection Provider, and one of the developers stated on 2007-04-05 that "You will need to download the source code for OpenSSL and point the build files at it. Other than that, it should just work.", so it looks like there may be working encryption if you build from scratch instead of using the prebuilt binaries. It is unclear what if any authentication building against OpenSSL would give STAF.
  75. Шаблон:Cite web
  76. Шаблон:Cite web
  77. Synctool aims to be easy to understand and use. It is built in Python and uses SSH and Rsync.
  78. Шаблон:Cite web
  79. Шаблон:Cite web
  80. Шаблон:Cite web
  81. Шаблон:Cite web
  82. Шаблон:Cite web
  83. Шаблон:Cite web
  84. Шаблон:Cite web
  85. Шаблон:Citation Can manage any machine with Python 2.4 or later and sshd. Control machine can be any non-Windows machine with Python 2.6 or 2.7 installed. This includes Red Hat, Debian, CentOS, OS X, any of the BSDs, and so on.
  86. Шаблон:Citation
  87. Шаблон:Citation
  88. Шаблон:Citation
  89. Шаблон:Citation
  90. Шаблон:Cite web
  91. 91,0 91,1 Шаблон:Cite web
  92. Шаблон:Cite web
  93. Шаблон:Cite web
  94. Salt was added to the OpenCSW package repository in September of 2012 in version 0.10.2 of Salt
  95. Шаблон:Cite web
  96. Шаблон:Cite web
  97. Шаблон:Cite web
  98. [1]10.2+ (?)
  99. Шаблон:Cite web
  100. 100,0 100,1 Шаблон:Cite web
  101. Шаблон:Cite conference
  102. Шаблон:Cite web
  103. 103,0 103,1 Шаблон:Cite web
  104. Шаблон:Cite web
  105. Шаблон:Cite web
  106. Шаблон:Cite web
Источник — http://wikihandbk.com/ruwiki/index.php?title=Английская_Википедия:Comparison_of_open-source_configuration_management_software&oldid=14038147