[joaomsa]

My main experience is with Puppet, though I have migrated legacy systems from CFEngine as well. My main gripes with Puppet are that, at times, the DSL is restrictive and you have to either rely on ugly Execs or dropdown into Ruby extensions. I can see how this can be off putting to beginners.

The advantages though once we've gotten comfortable have made our infrastructure smarter and more resilient.

- Idempotency (If you're careful)

- Abstracting configuration data vs methods. Passwords/Keys/Addresses are kept in a Hiera config file and the manifests merely access these variables instead of hardcoding when applying changes.

- PuppetDB as a canonical reference of the state of all our infrastructure. What are all my servers running MySQL? Which version? Where are all my Ceph MDSs?

- Exported resources (also relying on PuppetDB), enabling propagation of information about new nodes to all others. A godsend when paired with Nagios.

Does Salt have anything that matches these use cases?

[sergiosgc]

We switched away from puppet towards Salt. The broad stroked opinion is that salt covers all of puppet 's use cases, with advantages in terms of both performance and extensibility.

It is idempotent; there is a central configuration db (a couple of options, actually; we use pillar, a YAML set of files for its simplicity). Exported resources are handled a bit differently (you pull data from servers at config time instead of pushing at export time) but cover the same functionality. The same functionality covers software configuration inventory.

Where it excels is in performance. Our deployment runs on puppet took some 15min, salt handles them in 30s.

I also like its codebase. It is clear and well documented, easy to extend. I am biased towards python instead of Ruby, so take my opinion with a grain of salt (heh:-)

[viraptor]

- Idempotency

Yes, the run will report on each salt state which can result in either: failed (with a reason), succeeded (with a description what changed), succeeded (nothing changed). Each salt state provided by the project is also intelligent about its use of resources - for example, if you have multiple pkg.installed, the list of available packages will be pulled only once and all states will be able to determine quickly if they need to run.

- Abstracting configuration data vs methods

Methods -> salt states; Configuration data -> grains/pillar. Grains are kind of attributes that belong to a host (like hostname, system version, installed packages, available ips, etc.), while pillar is a plugin system that can provide external data (it can be used like puppetdb too; I've got a plugin that pulls json files from s3 and talks makes it available as a simple hash for example). If you know chef, think attributes/databags (but better).

- PuppetDB as a canonical reference of the state of all our infrastructure.

It doesn't actually provide this out of the box, but provides the needed elements so this is trivial. Basically you can query all your nodes from the salt server (or nodes can query each other). You just need to extract the bits you need and save them to whatever destination you want. For example on the server run `salt -G 'roles:database' grains.item mem_total` and save the data. You can also define a "returner" which is a plugin that handles the data you get back and for example implement something that writes the data back into your information store/cmdb.

- Exported resources (also relying on PuppetDB), enabling propagation of information about new nodes to all others.

Pillar again. Although depending on what you want to achieve, you may want to enable some querying between the nodes, so that one of them can just broadcast some message at runtime and work on results.