Image for post
Image for post

Survey of DevOps Tools

Continued Learning Adventured with SRE & Devops Tools

I embarked on a small quest to explore the current state of tools that occupy slots for desired state change configuration tools and IaC (infrastructure as code). My use case fairly simple:

Infrastructure As Code Projects

Image for post
Image for post
IaC Projects (grey bubbles = not yet explored)

Bubble-Gum and Scripts

Both Google Cloud and AWS provide command line tools that abstract the complexity of provisioning cloud resources, like instances, gateways, networks, load balancers, databases, and so on. These tools can get you started, and are great for doing ad-hoc miscellaneous chores.


Chef has a knife-google plug-in that allows you to easily spin up systems on GCE, and there’s an equivalent for AWS called knife-ec2. These are great for ad-hoc development, but couldn’t recommend using these for production.


Ansible has been the most delightful tool to use, at least with AWS. Ansible can read the state directly from the source of truth, AWS, and use the information to dynamically create cloud resources. I could for example read the number of zones in the current region, and then evenly distribute nodes across each availability zone to increase availability. Ansible allows you to easily do this programmatically, where other tools only allow you to do this statically (no DRY).


Terraform has unbelievably intuitive DSL for creating both AWS and Google Cloud resources. Google Cloud was easy to get started, as you can create instances in the default VPC and subnet without explicitly specifying this.

Desired State Change Configuration Projects

Image for post
Image for post
Desired State Change Configuration and Deploy Tools (grey = not explored)

Agent Based DS Tools

The three tools in this category are CFEngine, Puppet, and Chef. These platforms are a centralized change management solution. You install an agent on your instances, which then apply configurations specified in a script (CFEngine policy, Puppet manifest, Chef recipe) that converges to a desired state on a regular interval. Should your system fall out of the desired state, the agent will converge it back to the desired state. This is especially useful for applying security policies across the whole infrastructure.

Push Based DS Tools

These tools have a wide variety of capabilities and solve a range of solutions that are not possible the above agent based tools. Ansible and Salt Stack are robust change configuration tools that use remote execution to apply changes remotely to a system through SSH.

Written by

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store