@jacek do you use anything like Atomic Host, or do you just deploy a bare CentOS/Debian-base host and "${xyz} install docker" as necessary? Just curious, is all 🙃

@craig0990 I use ansible to deploy everything so host base + ``ansible deploy.yml`` (ansible does apt-get install docker ...) ;)

@Blackknight I guess it's more a case of existing familiarity, and a building up of inertia as more and more scripts get implemented in a common language? Which isn't necessarily a bad thing - whatever does the job...

Does #puppet have its own DSL, or is it Clojure I'm reading in the syntax examples?

@craig0990 Puppet has its own DSL which has its own quirks. Variables cannot be reassigned, etc. Ruby is also used quite extensively.

@ellotheth I find that interesting - I've always read Ansible as being interested in describing "state" through it's YAML syntax (regardless of how it actually gets run). I do agree scaling it gets a bit harder when you're managing a bunch of servers that run multiple production systems, though - playbooks don't quite feel like the best fit at that point... /shrug

@craig0990 As an example, say I'm setting up a dev environment for a a set of websites, and I need a specific Apache config. In Puppet, I'd define the config, and *as part of the definition*, I'd require that Apache be installed. In Ansible, I'd create an 'install Apache' task and follow it with a 'set config' task. Both systems are describing the same end result, but Puppet's DSL has a more flexible system for linking interdependent states together.

@craig0990 Alternatively: Puppet wants you to describe your system state as a series of dependencies, and Ansible wants you to describe it as an ordered todo list of the things that have to happen.

@ellotheth That's making a bit more sense now. In Ansible, I'd do it with role dependencies. But then I get all the assumptions along with it - like assuming I use `apt` instead of `yum`/`dnf` (Or I write my own role...😒)

Sounds like Puppet has a better way of linking its primitives together, whereas Ansible stops at the "role" level... 🤔

@craig0990 Yeah, exactly! Puppet lets you get way more granular.

(Standard disclaimers about how this is all based on my own personal experience and maybe I'm just bad at Ansible apply.)

@craig0990 @ellotheth My 30,000 foot take on it is this. If you have hundreds of cookie cutter systems, Puppet is probably better. If you have a lot of special snowflake systems or a need for coordinating node activity (I.e. orchestration) or need to config network gear, go with Ansible. Also, Ansible has a lower barrier to entry, and IMHO a better security model.

@craig0990 @ellotheth and while every need is different, we went full Puppet with PE and a consultant and 4 years of work and all sorts of SSH tunnels and R10k... the works. And our productivity tanked!

A year ago we started ripping it all out for Ansible. We probably have 6 more months to go, but our Ansible work is far more complete.

Helpful tip: If you do Ansible, invest in Molecule and TestInfra.

@ellotheth @craig0990 Puppet is configuration through state management, whereas Ansible is configuration through orchestration. If you were to draw comparisons to build tools in Java, Puppet would be Maven, and Ansible would be Ant.