Why Ansible? Ansible vs Puppet.


  1. For each “piece of code” you have nodes where code will be executed.
    In puppet thou, it is vice versa.
  2. Orchestration. Macro events can be scheduled easily i.e. inter-nodes dependencies. Inter-action dependencies.
    E.g. live migration of the whole distributed cloud web app ( all the load balancers, web-/db-/cache servers) from one cloud vendor to another, can be achieved with an Ansible playbook. Because Ansible is declarative language that in some cases can be used as a Bash script.
  3. consequences are important & can be leveraged. E.g. action1 on nodes1 before action2 on nodes2. In Puppet nodes don’t know about each other.
  4. Ansible works via SSH connection, so you even can reboot the server & wait till it is booted up again, then execute something on it right after reboot. Everything via Ansible.
  5. signing/revoking SSL certificates in Puppet is s hell comparing to SSH access which is enough for Ansible. With Ansible you only need SSH access, no agents/masters.
  6. Initiator/Ansible model is better than polling a server/Puppet. No need to invent (GEO) caches on 100+ nodes Puppet-setup.
  7. Some Ansible code can be executed hourly, some monthly, some ad-hoc manually. Hardly possible in puppet.
  8. No need to install agent software on node. Python is enough.


  1. It is difficult to find a module per your needs. Really, how can I trust the author of a module? Some modules provide what I need but abandoned, some are new but too simple.


  1. Yaml sucks. Those nasty spaces VS tabs, formatting is something I havent been familiar with: some notions of YAML structure ( multiline VS single line). And YAML looks like Windows Registry!
  2. Bad reports. Really, I need to know what happened after Ansible run & track history of runs.
  3. Bad logging. What I am seeing on the screen, doesnt reflect major things I expect: what changed & how. How means the diff betwen it had been & had became.
  4. Speed. O Lord, Ansible is slow. It takes 40 sec to apply a playbook with SSHD + Fail2ban + NRPE + APT roles. Technically it means to place a bunch of files based on templates & restart some services upon changes. I bet on Puppet it would take 10 sec.