Configuration management tools like Foreman, Ansible, Puppet or Chef are crucial if you want your Operations team to work efficiently. But with so many of them on the market, offering free functionalities and paid plans, it’s difficult to make the right choice for your business. In this article, we analyze the differences between Foreman, a fully open source tool, and its main competitors. Find out which SysAdmin solution is best for your team.

Configuration management tools are mainly responsible for provisioning and deployment of servers and apps. We’ll be talking about the (physical or virtual) infrastructure for your app, and how it can be managed. The considerations in this article will be the most useful to companies with apps and services of some complexity, such as SaaS or e-commerce platforms, larger apps, or a number of small apps.

The scope of SysAdmins’ work is too broad to cover, so let’s focus on the basics. Provisioning is the practice of assigning roles, permissions and rights to individual elements of the architecture so that everything works well together. It’s an initial stage for managing dependencies and guaranteeing security. All groups, authorization rules, user groups, and so on, are usually established during this process. Management tools offer routines and rules that help us avoid manually adding these dependencies, making SysAdmin work more efficient.

An example of what needs to be taken care of during provisioning is the setting up of such rules and authorisations as access to machines within the infrastructure. A certain group of processes may be given this access, and thus become able to complete certain tasks, but not others. This can help in ensuring the high-availability of the whole infrastructure, creating redundancies, and improving security.

A look at some of the best infrastructure management tools out there

Out of the solutions we’re looking at (Ansible, Chef, Puppet and Foreman), Puppet is widely considered to be the most powerful. Its solutions are similar to those offered by Chef, while Ansible is more deployment-oriented. All three of these tools differ from Foreman, which focuses on breadth rather than depth of features.

Chef and Puppet allow for the master-agent approach. This means that there is a main node within the infrastructure, responsible for managing all the others. If the master node fails, it needs to be recovered. Configuration involves defining the master and agent nodes, as well as which node will take on the master role, and when.

Puppet uses rules and certificates to build connections between masters and agents. Chef uses a component for this, called the workstation, speeding up setup. Additionally, Chef uses a simplified version of the Ruby programming language to define rules, which makes it very developer-friendly. Puppet, on the other hand, has its own unique language that needs to be learned. However, Puppet’s GUI is considered to be better than most.

In Ansible, configuration involves setting up an active node. If this node fails, another instance will take its place. The client virtual machine uses the SSH protocol to connect, which means less work and a simpler initial configuration. Ansible uses YAML, a rather popular language, for defining rules. It’s usually an easier tool to learn than Puppet or Chef.

Foreman - capabilities and differentiating factors

Foreman gives its users a lot of the capabilities of Puppet and Chef. It’s also a large framework with much added value, introducing another level of abstraction. An important factor is that Foreman is entirely open source, while, for example, Puppet’s GUI needs to be purchased (it’s the enterprise console version). If you add Foreman to Puppet, however, you can use the Foreman UI instead.

Both Chef and Puppet can be used together with Foreman to achieve a higher power of expression, but the “catch” is that Foreman on its own has its limitations. It enjoys hypervisor level automation, which means that, while Foreman can help your SysOps team in many tasks, it doesn’t have access to everything and certain actions cannot be performed with it. This improves security, but can be limiting in some cases. In other words, Foreman can’t be treated as a universal tool, even though it offers an impressive number of features.

When creating a bare metal architecture, you can divide its resources through virtualization. A hypervisor oversees the program controlling each virtual machine. However, the hypervisor (in this case, Foreman) doesn’t have access to the bare metal machines, while a tool like Puppet does. Foreman can, therefore, make changes to what has already been created with Puppet or Chef.

The advantages of Foreman

From a developer’s perspective, Foreman is easy to learn, as it’s written in Ruby and designed to be very modular and customizable. There are plenty of plugins for Foreman, which you can easily adapt to fit your needs. Foreman is also easy to install and add to an existing SysOps setup.

With Foreman, your team can build a multi-purpose machine that does what you want, no more and no less. A similar setup with Puppet or Chef wouldn’t be as easy to tailor to your needs. To achieve a similar level of customizability with those solutions, you’d need additional tools, some of which might force you to use modules you don’t want. Foreman offers easy management, a new level of automation, and a single hub from which all of the important everyday operations can be carried out, making work more efficient.

The design of Foreman plugins is based on Rails packages (called engines). This is fantastic news for experienced RoR developers. Foreman can be quickly introduced to your development team’s toolset and make them more efficient at carrying out SysOps tasks, if they have Rails experience.

On top of that, there’s the built-in functionality. Foreman offers smart proxy architectures out-of-the-box (while in Puppet or Chef they require configuration, DNS setup, etc.) By joining various environments together and predicting what most SysOps teams need most often, Foreman has become a formidable competitor on the infrastructure management market.

It’s true that Chef and Puppet can do more than Foreman. However, many of the features they offer only through their most expensive versions, Foreman offers for free. Additional resources for Foreman are being built by its large, robust and very helpful community. Thanks to its plugins, Foreman also comes with a better UI and useful automatic rules. Overall, we recommend Foreman as a valuable addition to an existing infrastructure, as well as a great tool for development teams that need to take care of server management.

Foreman’s value lies in its customizability. Take advantage of it by creating custom plugins for your infrastructure. iRonin.IT has already build several Foreman plugins. We have the experience you need to improve your team’s efficiency.