Comparison of open-source configuration management software: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 04:03, 27 February 2007 edit Zethradon (talk \| contribs) 53 edits Kept short descriptions short. Moved exceeding stuff in a discussion section. ← Previous edit		Latest revision as of 21:08, 30 August 2025 edit undo Rofraja (talk \| contribs) Extended confirmed users, Pending changes reviewers 48,407 edits m Replaced 6 bare URLs by {{Cite web}}
(895 intermediate revisions by more than 100 users not shown)
Line 1: {{short description\|None}} ~~This is a comparison of free (libre) and open source [[configuration management]] software.~~ {{reference-style\|date=November 2013}} ~~== Basic properties ==~~ <!-- IF YOU DON'T PAY ATTENTION TO THIS MESSAGE, YOUR EDIT WILL BE ROLLED BACK WITHOUT WARNING. ~~{\| border="1" cellpadding="1" cellspacing="0" style="font-size: 85%; border: gray solid 1px; border-collapse: collapse; text-align: center; width: 100%;"~~ Only place entries here that are links to actual Wikipedia articles about notable open source configuration management software. External links, redlinks, non-notable sites will be removed. If you have questions, use the talk page. Please try to keep entries in alphabetical order. Adding unnecessary links or text to any other section (such as the "References" section) will also be removed. Thanks. ~~\|-style="background: #ececec;"~~ --> This is a comparison of notable [[Free software\|free]] and [[Open-source software\|open-source]] [[software configuration management\|configuration management software]], suitable for tasks like server configuration, [[Orchestration (computing)\|orchestration]] and [[infrastructure as code]] typically performed by a [[system administrator]]. ==Basic properties== "Verify mode" (also called [[dry run (testing)\|dry run]]) refers to having an ability to determine whether a node is conformant with a guarantee of not modifying it, and typically involves the exclusive use of an internal language supporting read-only mode for all potentially system-modifying operations. ''[[Mutual authentication]]'' (mutual auth) refers to the client verifying the server and vice versa. ''Agent'' describes whether additional [[Daemon (computing)\|software daemons]] are required. Depending on the management software these agents are usually deployed on the target system or on one or many central ''controller'' servers. Although <code>Agent-less = No</code> is colored red and might seem to be a negative, instead, having an agent can be considered quite advantageous to many. Consider the impact if an agent-less tool loses connectivity to a node while making critical changes—leaving the node in an indeterminate state that compromises its (production?) function. <div class="overflowbugx" style="overflow:auto; width:99%;"> <!-- In each table, link 1st instance of terms, remove later WP:REPEATLINK(s). --> {\| class="wikitable sortable" style="text-align: center; width: 95%" ! style="width:12em" \| ! Language ~~! Programming language~~ ! License ~~! Software license~~ ! [[mutual authentication\|Mutual auth.]] ~~! First public release date~~ ! [[Encryption]] ~~! Latest stable version~~ ! Verify mode ! Agent-less ! {{abbr\|Incl.\|Includes}} GUI ! First release ! Latest stable release \|- ! {{rh}} \| [~~http://ark.sourceforge.net~~[Ansible ~~Arusha~~(software)\|Ansible]] \| [[Python (programming language)\|Python]] \| [[GNU General Public License#Version 3\|GPLv3+]] ~~\| [http://ark.sourceforge.net/license.html BSD]~~ \| {{yes}}{{efn\|name="Key Pair"\|Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.}} ~~\| [[July 21]], [[2001]] [http://sourceforge.net/project/showfiles.php?group_id=2057&package_id=20771]~~ \| {{yes}}{{efn\|name="Secure Shell"\|Secure Shell: Uses the Secure Shell protocol for encryption.}} ~~\| 20050419 ([[April 19]], [[2005]])~~ \| {{yes}} \| {{yes}} \| {{yes}}<ref>{{cite web\|url=http://www.ansible.com/products/awx-project/faq\|title=AWX Project FAQ - Ansible.com\|author=Red Hat, Inc.\|work=ansible.com}}</ref> \| style="text-align:left;"\| 2012-03-08 \| style="text-align:left;"\| 2025-03-25 2.18.4<ref name="Ansible_releases">{{cite web \|url=https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst#v2-18-4 \|title=Ansible community changelogs \|website= docs.ansible.com \|publisher=Red Hat, Inc. \|pages=1\|access-date=2025-03-26}}</ref> \|- ! {{rh}} \| [[Bcfg2]] \| Python ~~\| [[Python (programming language)\|Python]]~~ \| [[BSD licenses#2-clause\|BSD 2-clause]]<ref>{{cite web \|author=solj \|url=https://github.com/Bcfg2/bcfg2/blob/master/LICENSE \|title=Bcfg2/LICENSE at master \|website=[[GitHub]] \|access-date=2014-02-10}}</ref> ~~\| [http://trac.mcs.anl.gov/projects/bcfg2/browser/trunk/bcfg2/COPYRIGHT 2-clause BSD-style]~~ \| {{yes}}{{efn\|name="Certificate and Passwords"\|Certificate and Passwords: Uses SSL X.509 certificate and fingerprint for clients to authenticate server, and passwords for server to authenticate clients; clients should only share the same password if they are allowed access to each other's configuration data.}} ~~\| [[August 11]], [[2004]] [http://trac.mcs.anl.gov/projects/bcfg2/wiki/Download]~~ \| {{yes}}{{efn\|name="SSL"\|SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.}} ~~\| 0.9.2 ([[February 19]], [[2007]])~~ \| {{yes}}{{efn\|name="Verify-Bcfg2"\|Full support for non-modifying determination of node compliance, including nodes not previously modified by a Bcfg2 configuration pass.}} \| {{no}} \| {{yes}}<ref>{{Cite web \| url=http://docs.bcfg2.org/reports/dynamic.html#screenshots \| title=Bcfg2 Web Reporting System — Bcfg2 1.3.6 documentation}}</ref> \| style="text-align:left;"\|2004-08-11<ref name="autogenerated1">{{cite web\|url=http://bcfg2.org/download/ \|title=Download – Bcfg2 \|publisher=bcfg2.org \|access-date=2017-06-04}}</ref> \| style="text-align:left;"\|2015-06-11 1.3.6<ref name="autogenerated1"/> \|- ! {{rh}} \| [[Capistrano (software)\|Capistrano]] \| [[Ruby (programming language)\|Ruby]] \| [[MIT License\|MIT]] \| \| {{yes}}{{efn\|name="Secure Shell"}} \| \| {{yes}}{{efn\|name="Secure Shell"}} \| {{no}} \| style="text-align:left;"\|2005 \| style="text-align:left;"\|2022-08-07 3.17.1 \|- ! {{rh}} \| [[cdist]] \| Python \| [[GNU General Public License#Version 3\|GPLv3+]] \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}{{efn\|name="Secure Shell"}} \| \| {{yes}} \| \| style="text-align:left;"\|2010 \| style="text-align:left;"\|2021-08-24 6.9.8<ref>{{Cite web \| url=https://groups.google.com/g/cdist-configuration-management/c/38qJsamcXJ8 \|title = cdist 6.9.8 has been released}}</ref> \|- ! {{rh}} \| [[Chef (software)\|Chef]] \| Ruby, [[Erlang (programming language)\|Erlang]] \| [[Apache License#Version 2.0\|Apache 2.0]] \| {{yes}}{{efn\|name="RSA Shared Keys"\|Per request signed headers and [[pre-shared key]]s.}} \| {{yes}}{{efn\|name="SSLpayload"\|Payload encryption via SSL if HTTPS proxy is configured.}} \| {{yes}}{{efn\|name="Verify-Chef"\|Chef 10.14.0+ (called why-run mode)}}<ref>{{cite web \|url=http://tickets.opscode.com/browse/CHEF-13 \|title=[#CHEF-13] Add -noop support - Opscode Open Source Ticket Tracking \|publisher=Tickets.opscode.com \|access-date=2014-02-10 \|archive-url=https://web.archive.org/web/20140226055656/https://tickets.opscode.com/browse/CHEF-13 \|archive-date=2014-02-26 \|url-status=dead}}</ref> \| {{no}} \| {{yes}} \| style="text-align:left;"\|2009-01-15 0.5.0 \| style="text-align:left;"\|2023-01-05 18.1.0 (client),<ref>{{cite web\|url=https://discourse.chef.io/t/chef-infra-client-18-1-0-released/21738\|title=Chef Infra Client 18.1.0 Released! - Chef Release Announcements - Chef Questions\|date=5 January 2023 \|access-date=2023-01-26}}</ref> 15.4.0 (server)<ref>{{cite web\|url=https://discourse.chef.io/t/chef-infra-server-15-4-0-released/21739\|title=Chef Infra Server 15.4.0 Released! - Chef Release Announcements - Chef Questions\|date=5 January 2023 \|access-date=2023-01-26}}</ref> \|- ! {{rh}} \| [[CFEngine]] \| [[C (programming language)\|C]]<ref name="CFEngine Source Code">{{cite web \|url=https://github.com/cfengine/core \|title=CFEngine Source Code \|author= \|date=26 May 2020 \|publisher=Northern.tech AS.}}</ref> \| [[GNU General Public License#Version 3\|GPLv3]]<ref>{{cite web\|url=https://github.com/cfengine/core/blob/master/LICENSE\|title=core/License at master · cfengine/core · GitHub\|work=GitHub\|date=26 May 2020}}</ref> \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}<ref name="TLS">TLS: Uses TLS. {{cite web\|url=https://docs.cfengine.com/latest/reference-components.html#tls_min_version \|title=tls_min_version in common control\|publisher=Northern.tech \|access-date=2018-11-30}}</ref> \| {{yes}}<ref>{{cite web\|url=https://docs.cfengine.com/latest/reference-components-cf-agent.html \|title=--dry-run option for cf-agent\|publisher=Northern.tech \|access-date=2022-01-14}}</ref><ref>{{cite web\|url=https://docs.cfengine.com/latest/reference-components-cf-agent.html#dryrun \|title=dryrun option in agent control\|publisher=Northern.tech \|access-date=2018-11-30}}</ref><ref>{{cite web\|url=https://docs.cfengine.com/latest/reference-components-cf-agent.html \|title=--simulate option for cf-agent\|publisher=Northern.tech \|access-date=2022-01-14}}</ref><ref>{{cite web\|url=https://docs.cfengine.com/docs/latest/reference-promise-types.html#action_policy \|title=Common promise attribute action_policy warn or nop\|publisher=Northern.tech \|access-date=2022-01-14}}</ref> \| {{no}} \| {{yes}}<ref name="CFEngine Enterprise">{{cite web \|url=https://cfengine.com/product/ \|title=CFEngine Enterprise Mission Portal\|publisher=Northern.tech AS.}}</ref> \| style="text-align:left;"\|1993 \| style="text-align:left;"\| 2025-01-07 3.26.0,<ref name="CFEngine 3.26.0 release blog post">{{cite web \|url=https://cfengine.com/blog/2025/cfengine-3-26-released-admin/ \|title=CFEngine 3.26.0 released \|publisher=Northern.tech AS.}}</ref> 2025-05-13 3.24.2,<ref name="CFEngine 3.24.2 release blog post">{{cite web \|url=https://cfengine.com/blog/2025/cfengine-3-21-7-and-3-24-2-released/ \|title=CFEngine 3.24.2 released \|publisher=Northern.tech AS.}}</ref> 2025-05-13 3.21.7<ref name="CFEngine 3.21.7 release blog post">{{cite web \|url=https://cfengine.com/blog/2025/cfengine-3-21-7-and-3-24-2-released/ \|title=CFEngine 3.21.7 released \|publisher=Northern.tech AS.}}</ref> \|- ! {{rh}} \| Consfigurator \| [[Scheme (programming language)\|Scheme]] ([[Steel Bank Common Lisp\|SBCL]]) \| [[GNU General Public License#Version 3\|GPLv3+]]<ref>{{cite web \| title=Consfigurator \| url=https://spwhitton.name/tech/code/consfigurator/ }}</ref> \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}{{efn\|name="Secure Shell"}} \| \| \| {{no}} \| \| 2024-07-26 1.4.2<ref>{{cite web \| title=Tags · spwhitton/Consfigurator \| website=[[GitHub]] \| url=https://github.com/spwhitton/consfigurator/tags }}</ref> \|- ! {{rh}} \| [[Guix]] \| [[Scheme (programming language)\|Scheme]] ([[GNU Guile\|Guile]])<ref>{{Cite web \| title=GNU Guix Reference Manual \| url=https://guix.gnu.org/en/manual/en/guix.html#System-Configuration \| archive-url=https://web.archive.org/web/20210612235408/https://guix.gnu.org/en/manual/en/guix.html \| access-date=2025-08-30 \| archive-date=2021-06-12}}</ref><ref>{{Cite web \| title=GNU Guix Reference Manual \| url=https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-deploy \| archive-url=https://web.archive.org/web/20210612235408/https://guix.gnu.org/en/manual/en/guix.html \| access-date=2025-08-30 \| archive-date=2021-06-12}}</ref> \| [[GNU General Public License#Version 3\|GPLv3+]]<ref>{{Cite web \| title=gnu.scm - guix.git - Mirror of https://codeberg.org/guix/guix {{!}} GNU Guix and GNU Guix System \| url=https://git.savannah.gnu.org/cgit/guix.git/tree/gnu.scm?h=v1.4.0#n8 \| access-date=2025-08-30 \| website=git.savannah.gnu.org}}</ref> \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}{{efn\|name="Secure Shell"}} \| \| {{no}} \| {{no}}<ref>It requires the guix daemon on the target Guix system.</ref> \| \| 2022-12-19 1.4.0 \|- ! {{rh}} \| [[ISconf]] \| Python \| GPL<ref>{{cite web \|url=http://trac.t7a.org/isconf/browser/trunk/LICENSE \|title=/trunk/LICENSE - ISconf \|publisher=Trac.t7a.org \|date=1989-04-01 \|access-date=2014-02-10 \|archive-url=https://archive.today/20130415235717/http://trac.t7a.org/isconf/browser/trunk/LICENSE \|archive-date=2013-04-15 \|url-status=dead}}</ref> \|{{yes}}{{efn\|name="HMAC"\|HMAC: Uses [[HMAC]] signatures on all network traffic.}} \| {{no}}<ref>Improved security which would include an encrypted, mutually authenticated, peer-to-peer message bus is tracked here {{cite web \|url=http://trac.t7a.org/isconf/ticket/39 \|title=#39 (Implement TCP mesh) - ISconf - Trac \|access-date=2007-04-17 \|url-status=dead \|archive-url=https://archive.today/20120716131832/http://trac.t7a.org/isconf/ticket/39 \|archive-date=2012-07-16}}</ref> \| \| \| \| style="text-align:left;"\|1998 \| style="text-align:left;"\|2006-08-13 4.2.8.233 \|- ! {{rh}} \| [[~~Cfengine~~Juju (software)\|Juju]] \| Python, [[Go (programming language)\|Go]]<ref>{{cite web\|url=https://github.com/juju/juju \|title=Juju Source Code \|publisher=github.com \|date=2015-06-19 \|access-date=2015-06-21}}</ref> ~~\| [[C (programming language)\|C]]~~ \| [[GNU Affero General Public License\|AGPL]] ~~\| [[GPL]]~~ \| {{yes}}{{efn\|name="Key Pair"}} ~~\| [[1993]]~~ \| {{yes}}{{efn\|name="SSL"}} ~~\| 2.1.22 ([[January 27]], [[2007]])~~ \| {{no}} \| {{no}} \| {{yes}}<ref>{{cite web \|url=https://demo.jujucharms.com/trusty/juju-gui/ \|title=Juju Gui \|publisher=jujucharms.com \|date=2015-06-15 \|access-date=2015-06-21 \|archive-url=https://web.archive.org/web/20150621233749/https://demo.jujucharms.com/trusty/juju-gui/ \|archive-date=2015-06-21 \|url-status=dead}}</ref> \| style="text-align:left;"\|2010-09-17<ref>{{cite web\|url=https://launchpad.net/juju/+series \|title=timeline: pyjuju \|publisher=Launchpad.net \|access-date=2014-02-10}}</ref> \| style="text-align:left;"\|2025-06-09 3.6.7<ref>{{cite web\|url=https://github.com/juju/juju/releases \|title=GitHub \|publisher=github.com \|access-date=2025-06-09}}</ref> \|- ! {{rh}} \| Local ConFiGuration system ([[LCFG]]) ~~! {{rh}} \| [http://trac.t7a.org/isconf ISconf]~~ \| [[Perl]] \| GPL \| {{partial}}<ref>LCFG does not provide its own transport mechanism; it relies on an external program, most often Apache. Using Apache it should be possible to do mutual authentication in several ways; however the documentation at [http://www.lcfg.org/doc/guide.pdf The Complete Guide to LCFG], Section 9.4: Authorization and Security, shows access control based on IP address ranges, implying that the client does not authenticate itself to the server via an SSL certificate; it also does not mention if the LCFG client checks the validity of the server's SSL certificate (such as via a per-site fingerprint distributed with the client, or a chain of trust to an accredited CA). It mentions that there can be a per-client password in the profile, but also states that ''"The contents of the LCFG profile should be considered public"''.</ref> \| {{partial}}<ref>LCFG supports encrypted communications channels (SSL via Apache); however the documentation at [http://www.lcfg.org/doc/guide.pdf The Complete Guide to LCFG], Section 9.4: Authorization and Security, states that ''"The contents of the LCFG profile should be considered public"''.</ref> \| {{no}} \| {{no}} \| {{no}} \| style="text-align:left;"\|1994 \| style="text-align:left;"\|Weekly Releases \|- ! {{rh}} \| [[NOC (software)\|NOC Project]] \| [[Python (programming language)\|Python]] \| [[BSD licenses\|BSD 2.0]] ~~\| [[GPL]] [http://trac.t7a.org/isconf/browser/trunk/LICENSE]~~ \| {{yes}}{{efn\|name="Key Pair"}} ~~\| [[1998]]~~ \| {{yes}}{{efn\|name="Secure Shell"}} ~~\| 4.2.8.222 ([[August 13]], [[2006]])~~ \| {{yes}} \| {{yes}} \| {{yes}} \| style="text-align:left;"\| 2012-03-08 \| style="text-align:left;"\| 2015-05-20 15.05.1<ref>{{cite web\|url=https://kb.nocproject.org/display/SITE/NOC\|title=NOC\|work=nocproject.org}}</ref> \|- ! {{rh}} \| [[~~LCFG~~OCS Inventory]] NG with GLPI \| Perl, [[PHP]], [[C++]] ~~\| [[Perl (programming language)\|Perl]]~~ \| [[GPL]] \| {{no}}<ref>Server authenticates to client, but client does not authenticate to server. See [https://prdownloads.sourceforge.net/ocsinventory/OCS_Inventory_NG-Installation_and_Administration_Guide_1.9_EN.pdf.zip?download OCS Inventory NG Installation and Administration guide], page 114.</ref> ~~\| ?~~ \| {{yes}}{{efn\|name="SSL"}} ~~\| 2007021901c ([[February 19]], [[2007]])~~ \| \| {{no}} \| \| style="text-align:left;"\|2003 \| style="text-align:left;"\|2014-07-13<ref>{{cite web\|url=http://www.ocsinventory-ng.org/en/home/news/ocs-inventory-ng-2.1.2-stable-publised.html \|title=2.1.2 stable published \|publisher=OCS Inventory NG \|access-date=2014-12-16}}</ref> \|- ! {{rh}} \| Open pc server integration ([[Opsi]]) ~~! {{rh}} \| [http://info.enstb.org/projets/pcfengine/en/index.html PCfengine]~~ \| Python, Java \| GPL \| {{no}} \| {{yes}}{{efn\|name="SSL"}} \| \| {{no}} \| \| style="text-align:left;"\|2004 \| style="text-align:left;"\|2013-03-01 4.0.3 \|- ! {{rh}} \| PIKT \| C \| [[GNU General Public License#Version 2\|GPLv2+]]<ref>{{cite web\|author=Robert Osterlund \|url=http://pikt.org/pikt/licensing.html \|title=PIKT Licensing \|publisher=Pikt.org \|date=2014-01-04 \|access-date=2014-02-10}}</ref> \| {{yes}}<ref>PIKT uses shared secret keys for mutual authentication. ''"As an option, you can use secret key authentication to prove the master's identity to the slave. [...] If one managed to crack any system in the PIKT ___domain, one would have access to all common secrets. To solve this problem, you may use per-slave uid, gid, and private_key settings."'' - from [http://pikt.org/pikt/ref/ref.6.security_considerations.html Security Considerations].</ref> \| {{yes}}<ref>''"For file installs, file fetches (to diff against the central configuration), and command executions, you can optionally encrypt all such data traffic between master and slave."'' - from [http://pikt.org/pikt/ref/ref.6.security_considerations.html Security Considerations].</ref> \| \| {{no}} \| \| style="text-align:left;"\|1998<ref>{{cite web\|url=http://pikt.org/pikt/dist/?C=M;O=A \|title=Index of /pikt/dist \|publisher=Pikt.org \|access-date=2014-02-10}}</ref> \| style="text-align:left;"\|2007-09-10 1.19.0 \|- ! {{rh}} \| [[Puppet (software)\|Puppet]] \| Ruby, [[C++]] & [[Clojure]] (server-side also Ruby before 4.0<ref>{{cite web \|url=https://puppet.com/blog/evolving-puppet-for-next-10-years \|title=Evolving Puppet for the Next 10 Years \|publisher=Luke Kanies \|date=2014-09-23 \|access-date=2017-05-26}}</ref>) \| Apache since 2.7.0, GPL before then \| {{yes}}{{efn\|name="Certificates"\|Certificates: Uses SSL X.509 Certificates for mutual authentication. Can use any SSL Certificate Authority to manage the Public Key Infrastructure.}} \| {{yes}}{{efn\|name="SSL"}} \| {{yes}}{{efn\|name="Verify-Puppet"\|Using the --noop option}}<ref>{{cite web \|url=http://docs.puppetlabs.com/man/agent.html \|title=puppet agent Man Page — Documentation — Puppet Labs \|publisher=Docs.puppetlabs.com \|access-date=2014-02-10 \|archive-url=https://web.archive.org/web/20130707135331/http://docs.puppetlabs.com/man/agent.html \|archive-date=2013-07-07 \|url-status=dead}}</ref> \| {{no}} \| {{yes}}<ref>{{cite web\|url=http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison\|title=Puppet Management GUI Comparison\|work=olindata.com\|access-date=2015-01-12\|archive-url=https://web.archive.org/web/20150117063953/http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison\|archive-date=2015-01-17\|url-status=usurped}}</ref> \| style="text-align:left;"\|2005-08-30<ref>{{cite web\|url=http://puppetlabs.com/downloads/puppet/?C=M;O=A \|title=Index of /puppet \|publisher=Puppetlabs.com \|access-date=2014-02-10}}</ref> \| style="text-align:left;"\|2024-04 8.6.0, 7.30.0 (client),<ref>{{cite web \|title=Puppet release notes \|url=https://puppet.com/docs/puppet/latest/release_notes_puppet.html \|access-date=2024-05-06}}</ref> 2024-04 8.6.0, 7.17.0 (server)<ref>{{cite web \|title=Puppet Server: Release Notes \|url=https://puppet.com/docs/puppetserver/latest/release_notes.html \|access-date=2024-05-06}}</ref> \|- ! {{rh}} \| Pyinfra \| [[Python (programming language)\|Python]] \| [[MIT License]] ~~\| [[GPL]] [http://svn.enstb.org/pcfengine/trunk/COPYING]~~ \| {{yes}} ~~\| No public release yet~~ \| {{yes}} ~~\| No public release yet~~ \| {{yes}} \| {{yes}} \| \| style="text-align:left;"\| 2016-08-10 0.1<ref>{{cite web\|url=https://github.com/pyinfra-dev/pyinfra/releases/tag/v0.1 \|title=pyinfra v0.1 \|website=[[GitHub]] \| access-date=2025-02-23}}</ref> \| style="text-align:left;"\| 2025-01-30 3.2<ref>{{cite web \|url=https://github.com/pyinfra-dev/pyinfra/releases/tag/v3.2 \|title=Pyinfra v3.2 \|website=[[GitHub]] \| access-date=2025-02-23}}</ref> \|- ! {{rh}} \| [~~http://pikt.org/ PIKT~~[Quattor]] \| Perl, Python ~~\| [[C (programming language)\|C]]~~ \| Apache 2.0<ref name="Opensource.org">{{cite web\|url=http://www.opensource.org/licenses/eudatagrid.php \|title=EU DataGrid Software License (EUDatagrid) \| Open Source Initiative \|publisher=Opensource.org \|date=1999-02-22 \|access-date=2014-02-10}}</ref><ref name="Eu-datagrid.web.cern.ch">{{cite web\|url=http://eu-datagrid.web.cern.ch/eu-datagrid/license.html \|title=DataGrid Software License (do not change the page URL) \|publisher=Eu-datagrid.web.cern.ch \|date=2004-05-26 \|access-date=2014-02-10}}</ref> ~~\| [[GPL]] [http://pikt.org/pikt/licensing.html]~~ \| {{yes}}<ref>"Client to server authentication and vice versa: on one hand, this allows to enforce access policies ~~\| Before 2000? [http://pikt.org/pikt/dist/?C=M;O=A]~~ to sensitive data according to the client "name", on the other hand, clients are guaranteed to talk to ~~\| 1.18.2 ([[November 5]], [[2006]])~~ the original server." - from [http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms Quattor Installation and User Guide: Version 1.1.x] {{Webarchive\|url=https://web.archive.org/web/20130406095526/http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application%2Fpdf&cvsroot=elfms \|date=2013-04-06}}, page 70</ref> \| {{yes}}<ref>"[...] secure information transfer, since data are encrypted: this prevents eavesdroppers from obtaining information in transit over the network." - from [http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms Quattor Installation and User Guide: Version 1.1.x] {{Webarchive\|url=https://web.archive.org/web/20130406095526/http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application%2Fpdf&cvsroot=elfms \|date=2013-04-06}}, page 70</ref> \| {{partial}}<ref>{{Cite web \|title=ncm-ncd — Quattor \|url=https://quattor-documentation.readthedocs.io/latest/ncm-ncd/ncm-ncd.html#other-options \|access-date=2025-02-25 \|website=quattor-documentation.readthedocs.io}}</ref> \| {{no}} \| \| style="text-align:left;"\|2005-04-01<ref>{{cite web \|url=http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/ \|title=Index of /quattorsw/software/quattor/release \|publisher=Quattorsw.web.cern.ch \|access-date=2014-02-10 \|archive-url=https://web.archive.org/web/20140318090836/http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/ \|archive-date=2014-03-18 \|url-status=dead}}</ref> \| style="text-align:left;"\|2024-11-22 24.10.0<ref>{{cite web\|url=https://www.quattor.org/news/2024/11/22/announcing-quattor-24.10.0.html\|title=Quattor 24.10.0 released\|work=quattor.org}}</ref> \|- ! {{rh}} \| [~~http://reductivelabs.com/trac/puppet/ Puppet~~[Radmind]] \| C ~~\| [[Ruby (programming language)\|Ruby]]~~ \| BSD<ref>{{cite web \|url=http://rsug.itd.umich.edu/software/copyright.html \|title=Research Systems Unix Group: beepage \|publisher=Rsug.itd.umich.edu \|access-date=2014-02-10 \|archive-url=https://web.archive.org/web/20150210155103/http://rsug.itd.umich.edu/software/copyright.html \|archive-date=2015-02-10 \|url-status=dead}}</ref> ~~\| [[GPL]]~~ \| {{yes}}<ref>''"SSL certificates can also be used to authenticate both the Radmind server and the managed clients, regardless of DNS or IP-address variation."'' - from [http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management]</ref> ~~\| [[August 30]], [[2005]] [http://reductivelabs.com/downloads/puppet/?C=M;O=A]~~ \| {{yes}}<ref>''"For network security, Radmind supports SSL-encrypted links. This allows nodes on insecure networks to be updated securely.''" - from [http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management]</ref> ~~\| 0.22.1 ([[February 1]], [[2007]])~~ \| \| {{no}} \| \| style="text-align:left;"\|2002-03-26<ref>{{cite web\|url=https://sourceforge.net/project/showfiles.php?group_id=141444&package_id=155276&release_id=392624 \|title=Radmind - Browse /radmind/radmind-0-6-0 at \|publisher=Sourceforge.net \|date=2006-02-10 \|access-date=2014-02-10}}</ref> \| style="text-align:left;"\|2008-10-08 1.13.0<ref>{{cite web\|url=https://sourceforge.net/project/showfiles.php?group_id=141444\|title=Radmind\|author=fitterhappier\|work=sourceforge.net}}</ref> \|- ! {{rh}} \| [[Rex (software)\|Rex]] \| [[Perl]] \| [[Apache License\|Apache]] \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}{{efn\|name="Secure Shell"}} \| \| {{yes}} \| \| style="text-align:left;"\| 2010-11-05 0.9.0<ref>{{cite web\|url=https://github.com/krimdomu/Rex/releases/tag/0.9.0\|title=Release 0.9.0 · krimdomu/Rex · GitHub\|work=GitHub}}</ref> \| style="text-align:left;"\| 2021-07-05 1.13.4<ref>{{cite web\|url=https://github.com/RexOps/Rex/blob/master/ChangeLog\|title=Rex/ChangeLog at master · RexOps/Rex · GitHub\|work=GitHub}}</ref> \|- ! {{rh}} \| [[Rudder (software)\|Rudder]] \| [[C (programming language)\|C]], [[Scala (programming language)\|Scala]], [[Rust (programming language)\|Rust]] \| GPLv3, Apache 2.0<ref>{{cite web\|url=https://faq.rudder.io/knowledge-bases/2/articles/6-what-licences-apply-to-rudder\|title=Rudder FAQ\|work=rudder.io}}</ref> \| {{yes}}{{efn\|name="Key Pair"}} \| {{yes}}{{efn\|name="SSL"}} \| {{yes}}{{efn\|name="Audit-Rudder"\|Using the Audit mode.}}<ref>{{cite web\|url=https://www.rudder-project.org/doc-4.0/_policy_mode_audit_enforce.html \|title=Policy Mode (Audit/Enforce) - Rudder 4.0 - User Manual \|publisher=rudder-project.org \|access-date=2017-01-17}}</ref> \| {{no}} \| {{yes}} \| style="text-align:left;"\| 2011-10-31 \| style="text-align:left;"\| 2023-07-21 7.3.4 <ref>{{cite web\|url=https://docs.rudder.io/changelogs/7.3/main.html\|title=Change logs for Rudder 7.3 :: Rudder Documentation\|work=rudder.io}}</ref> \|- ! {{rh}} \| [[SmartFrog]] \| Java \| [[Apache License 2.0\|Apache 2.0]]<ref>{{Cite web\|url=https://sourceforge.net/p/smartfrog/svn/8898/\|title=SmartFrog / SVN / Commit [r8898]\|last=\|first=\|date=2017-05-16\|website=Sourceforge\|publisher=\|access-date=}}</ref> \| {{yes}}<ref name="Smartfrog Security">See [http://www.hpl.hp.com/research/smartfrog/papers/sfSecurityTutorial.pdf Using the new SmartFrog Security]</ref> \| {{yes}}<ref name="Smartfrog Security" /> \| \| {{no}} \| \| style="text-align:left;"\|2004-02-11 \| style="text-align:left;"\|2012-03-13 3.18.016<ref>{{Cite web \|url=https://sourceforge.net/projects/smartfrog/files/development/smartfrog-3.18.016/ \|title=SmartFrog - Browse /development/smartfrog-3.18.016 at SourceForge.net \|access-date=2022-04-27}}</ref> \|- ! {{rh}} \| [[Salt (software)\|Salt]]<ref>[http://saltstack.org/ Salt] is an open source tool to manage your infrastructure. Easy enough to get running in minutes and fast enough to manage tens of thousands of servers</ref> \| Python<ref>{{cite web\|url=http://docs.saltstack.com/en/latest/topics/installation/index.html#dependencies\|title=Installation\|work=saltstack.com}}</ref> \| Apache 2.0<ref>{{cite web\|url=http://saltstack.org/topics/index.html#open\|title=SaltStack community\|work=SaltStack}}</ref> \| {{yes}}<ref name="Salt Security">{{cite web\|url=http://saltstack.org/topics/index.html#building-on-proven-technology\|title=SaltStack community\|work=SaltStack}}</ref> \| {{yes}}<ref name="Salt Security" /> \| {{yes}} \| Both<ref>{{cite web\|url=http://docs.saltstack.com/en/latest/topics/ssh/\|title=Salt SSH\|work=saltstack.com}}</ref><ref>{{cite web\|url=http://www.saltstack.com/enterprise/\|title=SaltStack Enterprise\|work=SaltStack}}</ref> \| {{yes}}<ref>{{cite web\|url=https://github.com/erwindon/SaltGUI\|title=erwindon/SaltGU\|website=GitHub\|date=20 May 2021}}</ref><ref>{{cite web\|url=https://www.vmware.com/products/vrealize-automation/saltstack-config.html\|title=vRealize Automation SaltStack Config\|website=vmware.com}}</ref> \| style="text-align:left;"\|2011-03-17 0.6.0<ref>{{cite web\|url=http://saltstack.org/topics/releases/0.6.0/\|title=SaltStack community\|work=SaltStack}}</ref> \| style="text-align:left;"\|2023-05-05 v3006.1<ref>{{cite web\|url=https://github.com/saltstack/salt/releases\|title=Salt Releases\|work=saltstack.com}}</ref> \|- ! {{rh}} \| [[Spacewalk (software)\|Spacewalk]] \| Java (C, Perl, Python, [[PL/SQL]]) \| GPLv2 \| {{yes}} \| {{yes}} \| \| {{no}} \| \| style="text-align:left;"\| 2008-06<ref name="Spacewalk inception date">{{cite web\|url=https://fedorahosted.org/spacewalk/wiki/SpacewalkFaq#HowlonghasSpacewalkbeenaround\|title=SpacewalkFaq – spacewalk\|work=fedorahosted.org}}</ref> \| style="text-align:left;"\| 2019-01-14 2.9<ref>{{Cite web\|url=https://github.com/spacewalkproject/spacewalk/wiki\|title=spacewalkproject/spacewalk <!-- \|work=fedorahosted.org -->\|website=GitHub\|language=en\|access-date=2018-10-18}}</ref> \|- ! {{rh}} \| [[STAF]] \| [[C++]] \| [[Common Public License\|CPL]]<ref>{{cite web\|url=https://staf.sourceforge.net/license.php\|title=Software Testing Automation Framework (STAF)\|work=sourceforge.net}}</ref> \| {{no}}{{efn\|name="Network Trust"\|Network Trust: Trusts the network, like rsh.}}{{efn\|name="User-only Auth"\|User-only Auth: User authenticates to server via password, but uses Network Trust to authenticate user to server, like telnet.}} \| {{partial}}<ref>There is a [https://sourceforge.net/tracker/index.php?func=detail&aid=940264&group_id=33142&atid=407384 feature request for a Secure TCP/IP Connection Provider], and one of the [https://sourceforge.net/mailarchive/message.php?msg_name=OF7C30AE4D.50AE13E2-ON862572B4.004D3583-862572B4.004E54FC%40us.ibm.com developers stated] on 2007-04-05 that ''"You will need to download the source code for OpenSSL and point the build files at it. Other than that, it should just work."'', so it looks like there may be working encryption if you build from scratch instead of using the prebuilt binaries. It is unclear what if any authentication building against OpenSSL would give STAF.</ref> \| \| {{no}} \| \| style="text-align:left;"\|1998-02-16<ref>{{cite web\|url=https://staf.sourceforge.net/history.php\|title=Software Testing Automation Framework (STAF)\|work=sourceforge.net}}</ref> \| style="text-align:left;"\|2012-12-16 3.4.16 <ref>{{cite web\|url=https://staf.sourceforge.net/\|title=Software Testing Automation Framework (STAF)\|work=sourceforge.net}}</ref> \|- ! {{rh}} \| Synctool<ref>[http://www.heiho.net/synctool/ Synctool] aims to be easy to understand and use. It is built in Python and uses SSH and Rsync.</ref> \| Python<ref>{{cite web\|url=http://www.heiho.net/synctool/doc/chapter2.html\|title=synctool documentation\|work=heiho.net}}</ref> \| GPLv2<ref>{{cite web\|url=https://github.com/walterdejong/synctool/blob/master/LICENSE\|title=synctool/LICENSE at master · walterdejong/synctool · GitHub\|work=GitHub}}</ref> \| {{yes}}{{efn\|name="Synctool Security"\|Secure Shell: Uses the Secure Shell protocol for authentication.}} \| {{yes}}{{efn\|name="Secure Shell"}} \| {{yes}}{{efn\|name="Verify-Synctool"\|Synctool performs a dry-run by default, and only modifies things when invoked with '--fix'.}} \| {{yes}}<ref name="What-is-synctool">{{cite web\|url=https://walterdejong.github.io/synctool/doc/chapter1.html\|title=synctool documentation\|work=walterdejong.github.io}}</ref> \| \| style="text-align:left;"\|2003<ref>{{cite web\|url=http://www.heiho.net/synctool/doc/chapter1.html\|title=synctool documentation\|work=heiho.net}}</ref> \| style="text-align:left;"\|2019-08-11 6.3<ref>{{cite web\|url=https://github.com/walterdejong/synctool/releases\|title=Synctool releases\|work=GitHub}}</ref> \|- ! {{rh}} \| Uyuni \| Java, Python, [[PL/SQL]] (Perl) \| GPLv2, Apache 2.0 \| {{yes}} \| {{yes}} \| {{yes}} \| Both \| {{yes}} \| style="text-align:left;"\| 2018-06<ref name="Uyuni: Forking Spacewalk with Salt and Containers">{{cite web\|url=https://news.opensuse.org/2018/05/26/uyuni-forking-spacewalk-with-salt-and-containers/\|title=Uyuni: Forking Spacewalk with Salt and Containers\|date=26 May 2018}}</ref> \| style="text-align:left;"\| 2024-01-31-01 2024.01<ref>{{Cite web \|title="Uyuni 2024.01 is released" \|url=https://lists.opensuse.org/archives/list/announce@lists.uyuni-project.org/thread/QJBVKBUS25XJHEUAFHXGYDYT44QCZ334/ \|access-date=2024-02-01 \|website=Uyuni \|language=en}}</ref> \|- ! style="width:12em" \| ! Language ! License ! [[mutual authentication\|Mutual auth]] ! [[encryption\|Encrypts]] ! Verify mode ! Agent-less ! Have a GUI ! First release ! Latest stable release \|} </div> ==Platform support== Note: This means platforms on which a recent version of the tool has actually been used successfully, not platforms where it should theoretically work since it is written in good portable C/C++ or an interpreted language. It should also be listed as a supported platform on the project's web site. <div class="overflowbugx" style="overflow:auto; width:99%;"> {\| class="wikitable sortable" style="text-align: center; width: 95%" \|- ! style="width:12em" \| ! [[IBM AIX\|AIX]] ! [[Berkeley Software Distribution\|BSD]] ! [[HP-UX]] ! [[Linux]] ! [[OS X]] ! [[Solaris (operating system)\|Solaris]] ! [[Microsoft Windows\|Windows]] ! Others \|- ! {{rh}} \| [[Ansible (software)\|Ansible]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{partial}} {{efn\|yes for managed machine; no for managing machine}} \| {{yes}}<ref>{{Citation \| url = http://docs.ansible.com/intro_installation.html#control-machine-requirements \| title = Installation: Control Machine Requirements\|access-date=May 12, 2015}} Can manage any machine with Python 2.4 or later and sshd. Control machine can be any non-Windows machine with Python 2.6 or 2.7 installed. This includes Red Hat, Debian, CentOS, OS X, any of the BSDs, and so on.</ref> \|- ! {{rh}} \| [[Bcfg2]] \| {{partial}}{{efn\|Encap, RPM, and POSIX file support only.}} \| {{yes}}{{efn\|name="FreeBSD"\|FreeBSD.}} \| {{no}} \| {{yes}}{{efn\|Debian, Ubuntu; Gentoo; RPM-based distributions (CentOS, Mandrake, Red Hat, RHEL, SLES, SuSE)}} \| {{partial}}{{efn\|POSIX File, [[Launchd]], and MacPorts Support only.}} \| {{yes}} \| {{no}} \| {{no}} \|- ! {{rh}} \| [[CFEngine]] \| {{yes}} \| {{yes}}{{efn\|name="FreeBSD"}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} (enterprise version only) \| {{yes}}{{efn\|name="Unix"\|Unix.}} \|- ! {{rh}} \| [[cdist]] \| \| {{yes}} \| \| {{yes}} \| {{yes}} \| \| {{no}} \| \|- ! {{rh}} \| [[Chef (software)\|Chef]] \| {{yes}}<ref>{{Citation \| url = http://www.opscode.com/blog/2013/04/25/opscode-and-ibm-join-forces-to-bring-open-source-cloud-automation-to-the-enterprise/ \| title = Opscode and IBM Join Forces to Bring Open Source Cloud Automation to the Enterprise\|date=2013-04-25}}</ref> \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}}<ref>{{Citation \| url = https://docs.chef.io/windows.html#install-the-chef-client-on-windows \| title = Install the chef-client on Microsoft Windows\|access-date=2017-03-15}}</ref> \| {{yes}} \|- ! {{rh}} \| Consfigurator \| \| {{partial}}<ref name="consfigurator-portability"></ref> \| \| {{yes}}<ref name="consfigurator-portability">{{Cite web \| title=Introduction — Consfigurator 1.5.3 documentation \| url=https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability \| access-date=2025-08-30 \| website=spwhitton.name}}</ref> \| \| \| {{no}}<ref name="consfigurator-portability"></ref> \| \|- ! {{rh}} \| [[Guix]] \| {{no}} \| {{no}} \| {{no}} \| {{partial}}{{efn\|''"Only support Guix system."''}} \| {{no}} \| {{no}} \| {{no}} \| {{partial}}{{efn\|''"It also works on Guix system with HURD."''}} \|- ! {{rh}} \| [[ISconf]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \|- ! {{rh}} \| [[Juju (software)\|Juju]] \| \| \| \| {{yes}} \| \| \| {{yes}}<ref>{{Citation \| url = https://jujucharms.com/docs/1.25/about-juju#what-about-windows-or-other-linux-operating-systems?\| title = Windows workloads using juju\|access-date=November 25, 2015}}</ref> \| \|- ! {{rh}} \| Local ConFiGuration system ([[LCFG]]) \| {{no}} \| {{no}} \| {{no}} \| {{partial}}{{efn\|''"Recent versions run on Fedora Core (3, 5, 6). Various people have ported some of the LCFG core to other Linux distributions, such as Debian, but these ports have not been incorporated"''}} \| {{partial}}{{efn\|''"There has been an experimental port to OS X, which does work and includes some Mac-specific components. However, this is not production quality and the lack of uniform packaging system under OS X means that automatic management of installed software is likely to be difficult."''}} \| {{partial}}{{efn\|''"LCFG core has been ported back to Solaris and we are using this in production, although the software has not been packaged for distribution, and is not so well supported"''}} \| {{no}} \| {{no}} \|- ! {{rh}} \| [[OCS Inventory NG]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \|- ! {{rh}} \| Open pc server integration ([[Opsi]]) \| {{no}} \| {{no}} \| {{no}} \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| {{no}} \|- ! {{rh}} \| PIKT \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{yes}}{{efn\|Digital Unix; IRIX}} \|- ! {{rh}} \| [[Puppet (software)\|Puppet]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}}<ref>{{Citation \| url = https://puppet.com/blog/puppet-windows-top-questions-2019/ \| title = Puppet on Windows: top questions for 2019\|access-date=2019-01-15}}</ref> \| {{yes}} \|- ! {{rh}} \| Pyinfra \| \| {{yes}} \| \| {{yes}} \| {{yes}} \| \| {{partial}}<ref>{{Citation \| url = https://github.com/pyinfra-dev/pyinfra-windows \| title = Pyinfra WinRM connector\|access-date=2025-02-23}}</ref> \| \|- ! {{rh}} \| [[Quattor]] \| {{no}} ~~\| [[Perl (programming language)\|Perl]]~~ \| {{no}} ~~\| [http://eu-datagrid.web.cern.ch/eu-datagrid/license.html Open Source EU Data Grid software license]~~ \| {{no}} ~~\| 1.0 on [[April 1st]], [[2005]] [http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/]~~ \| {{yes}} ~~\| 1.2 ([[February 7]], [[2007]])~~ \| {{partial}}<ref>{{cite web\|url=https://sourceforge.net/p/quattor/mac-quattor/\|title=quattor\|work=sourceforge.net}}</ref> \| {{yes}} \| {{no}} \| {{no}} \|- ! {{rh}} \| [~~http://radmind.org~~ [Radmind]] \| {{yes}} ~~\| [[C (programming language)\|C]]~~ \| {{yes}}{{efn\|name="FreeBSD"}}{{efn\|name="NetBSD"\|NetBSD.}}{{efn\|name="OpenBSD"\|OpenBSD.}} ~~\| [http://rsug.itd.umich.edu/software/copyright.html BSD-Style license]~~ \| {{no}} ~~\| [[March 26]], [[2002]]~~ \| {{yes}} ~~\| 1.7.1 ([[November 29]], [[2006]])~~ \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \|- ! {{rh}} \| [[Rex (software)\|Rex]] \| \| {{yes}} \| \| {{yes}} \| {{yes}}<ref name=rexget>{{cite web\|url=http://www.rexify.org/get\|title=Rex installation instructions\|access-date=2014-07-19}}</ref> \| {{yes}} \| {{yes}}<ref name=rexget/> \| {{no}} \|- ! {{rh}} \| [[Rudder (software)\|Rudder]] \| {{yes}} \| {{partial}}{{efn\|name="Note1"\|Multiple users have successfully built and run the agent on FreeBSD, but no official package is available currently.}} \| {{no}} \| {{yes}} \| {{partial}}{{efn\|name="Note1"}} \| {{partial}}<ref>{{cite web\|url=https://github.com/cfengineers-net/rudder-packages/tree/master/rudder-agent/other\|title=rudder-packages/rudder-agent/other at master · cfengineers-net/rudder-packages · GitHub\|work=GitHub}}</ref> \| {{yes}} \| {{yes}}{{efn\|Android.}} \|- ! {{rh}} \| [[SmartFrog]] \| {{no}}{{efn\|name="JavaUntested"\|Written in Java, so should in theory work on this platform if there is the appropriate JVM version available for it; however it has not been tested on the platform, which should be considered unsupported.}} ~~\| [[Java (programming language)\|Java]]~~ \| {{no}}{{efn\|name="JavaUntested"}} ~~\| [[LGPL]]~~ \| ?{{yes}} \| ?{{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}}{{efn\|name="JavaUntested"}} \|- ! {{rh}} \| [[Salt (Software)\|Salt]] \| {{yes}} \| {{yes}} \| {{partial}}{{efn\|name="Python Untested"\|Will run anywhere Python runs, but handlers for different platforms are untested.}} \| {{yes}}<ref>{{cite web\|url=http://saltstack.org/topics/tutorial.html#installing-salt\|title=SaltStack community\|work=SaltStack}}</ref> \| {{yes}} \| {{yes}}<ref>[http://docs.saltstack.org/en/latest/topics/installation/solaris.html Salt was added to the OpenCSW package repository in September of 2012 in version 0.10.2 of Salt]</ref> \| {{yes}} \| {{partial}}{{efn\|name="Python Untested"}} \|- ! {{rh}} \| [[Spacewalk (software)\|Spacewalk]] \| {{no}}<ref>{{cite web\|url=https://fedorahosted.org/spacewalk/wiki/BrainBox\|title=BrainBox – spacewalk\|work=fedorahosted.org}}</ref> \| {{no}} \| {{no}} \| {{yes}}<ref>{{cite web\|url=https://fedorahosted.org/spacewalk/wiki/WikiStart#Introduction\|title=spacewalk\|work=fedorahosted.org}}</ref> \| {{no}} \| {{no}}<ref>{{cite web\|url=https://fedorahosted.org/spacewalk/wiki/ManagingSolarisSystems\|title=ManagingSolarisSystems – spacewalk\|work=fedorahosted.org}}</ref> \| {{no}} \| {{no}} \|- ! {{rh}} \| [[STAF]] \| {{yes}}{{efn\|4.3.3+ (Power 32); 5.1+ (Power 32/64)}} \| {{yes}}{{efn\|FreeBSD 4.10 (x86-32); FreeBSD 6.1+ (x86-32)}} \| {{yes}}{{efn\|11.00+ (PA-RISC 32, IA-64)}} \| {{yes}}{{efn\|(x86-32, x86-64, IA-64, PPC 64, zSeries 32/64)}} \| {{yes}}<ref>[https://sourceforge.net/tracker/index.php?func=detail&aid=1458480&group_id=33142&atid=407383][https://sourceforge.net/tracker/index.php?func=detail&aid=1338199&group_id=33142&atid=407383 10.2+ (?)]</ref> \| {{yes}}{{efn\|2.6+ (Sparc 32); 10+ (x86-32, x86-64)}} \| {{yes}}{{efn\|95, 98, Me, NT4, 2000, XP, 2003, Vista (x86-32), 7 (x86-32), 7 (x86-64); 2003, Vista (x86-64); 2004 (IA-64)}} \| {{yes}}{{efn\|OS/400 5.2+ (iSeries 32); z/OS Unix 1.4+}} \|- ! {{rh}} \| Synctool \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{yes}}{{efn\|Synctool runs on any platform that supports SSH, rsync and Python.}} \|- ! {{rh}} \| Uyuni \| {{no}} \| {{no}} \| {{no}} \| {{partial}}{{efn\|SuSE"}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- ! style="width:12em" \| ! [[IBM AIX\|AIX]] ! [[Berkeley Software Distribution\|BSD]] ! [[HP-UX]] ! [[Linux]] ! [[OS X]] ! [[Solaris (operating system)\|Solaris]] ! [[Microsoft Windows\|Windows]] ! Others \|} </div> == Short ~~description~~ descriptions== Not all tools have the same goal and the same feature set. To help distinguish between all of these software packages, here is a short description of each one. ;[[Ansible (software)\|Ansible]] ~~Not all tools have the same goal and the same feature set. To help distinguish between all of these software, here is an objective short description of each one.~~ :Combines multi-node deployment, ad-hoc task execution, and configuration management in one package. Manages nodes over SSH and requires python (2.6+ or 3.5+) to be installed on them.<ref>{{cite web\|url=https://docs.ansible.com/ansible/latest/intro_installation.html#control-machine-requirements\|title=Installation — Ansible Documentation\|date=2018-01-29}}</ref> Modules work over JSON and standard output and can be written in any language. Uses YAML to express reusable descriptions of systems. ;[[Bcfg2]] :Software to manage the configuration of a large number of computers using a central configuration model and the [[~~client-server~~client–server model\|client–server paradigm]] ~~paradigm~~. ~~Compared to Cfengine, the~~The system enables reconciliation between clients' state and the central configuration specification,. Detailed reports provide a way to identify unmanaged configuration on hosts. Generators enable code or template -based generation of configuration files from a central data repository. ;[[~~Cfengine~~CFEngine]] :~~The~~Lightweight ~~veteran~~agent ~~of open source configuration management software~~system. Manages configuration of a large number of computers using the ~~[[client-server]]~~client–server paradigm. ~~The~~or ~~server~~stand-alone. ~~has the authoritative version of configuration: any~~Any client state which is different from the ~~server~~policy isdescription ~~always~~is reverted to the ~~authoritative~~desired ~~version~~state. Configuration state is specified via a declarative language.<ref name="upguard.com">{{Cite web\|url=https://www.upguard.com/blog/puppet-cfengine\|title = CFEngine vs Puppet: Detailed Comparison \| UpGuard}}</ref> CFEngine's paradigm is convergent "computer immunology".<ref>{{cite conference \|last1=Burgess \|first1=Mark \|title=Computer Immunology \|conference=Systems Administration Conference \|date=December 1998 \|url=https://www.usenix.org/legacy/event/lisa98/full_papers/burgess/burgess.pdf \|___location=Boston, Massachusetts}}</ref> ;[[cdist]] ~~;[http://trac.t7a.org/isconf ISconf]~~ :cdist is a zero dependency configuration management system: It requires only ssh on the target host, which is usually enabled on all Unix-like machines. Only the administration host needs to have Python 3.2 installed. :Tool to execute commands and replicate files on all nodes. Unlike [http://clusterssh.sourceforge.net/index.php/FAQ ClusterSSH], the nodes need not to be up; the commands will be executed when they boot. The system has no central server so commands can be launched from any node and they will replicate to all nodes. ;[[Chef (software)\|Chef]] :Chef is a configuration management tool written in Erlang,<ref>{{cite web\|title=Chef Github repository\|website=[[GitHub]] \|date=21 May 2021\|url=https://github.com/chef/chef-server}}</ref> and uses a pure Ruby [[Domain-specific language\|DSL]] for writing configuration "recipes". These recipes contain resources that should be put into the declared state. Chef can be used as a client–server tool, or used in "solo" mode.<ref name="alansharp-paul">{{cite web\|url=https://www.upguard.com/articles/puppet-vs.-chef-revisited\|title=Puppet vs. Chef - The Battle Wages On\|author=Alan Sharp-Paul\|work=upguard.com}}</ref> ;Consfigurator :While Debian and derivatives are the best supported distributions, Consfigurator also work on other distributions and various unixes but they have less support for properties for configuring specific aspects of the system. Consfigurator can set properties to be applied in scheme. This requires Consfigurator to be installed on the target computer. A more restricted language is also available which works without needing Consfigurator to be installed on the target. Remote configuration is also supported: the of hosts can be defined with scheme code. ;[[Guix]] :Guix integrates many things in the same tool (a distribution, package manager, configuration management tool, container environment, etc). To remotely manage systems, it needs the target machines to already run Guix<ref>{{Cite web \| title=GNU Guix Reference Manual \| url=https://guix.gnu.org/en/manual/en/guix.html#index-machine_002dssh_002dconfiguration \| archive-url=https://web.archive.org/web/20210612235408/https://guix.gnu.org/en/manual/en/guix.html \| access-date=2025-08-30 \| archive-date=2021-06-12}}</ref> or it can also alternatively deploy configurations inside Digital Ocean Droplet.<ref>{{Cite web \| title=GNU Guix Reference Manual \| url=https://guix.gnu.org/en/manual/en/guix.html#index-digital_002docean_002dconfiguration \| archive-url=https://web.archive.org/web/20210612235408/https://guix.gnu.org/en/manual/en/guix.html \| access-date=2025-08-30 \| archive-date=2021-06-12}}</ref> The machines are configured with Scheme. ;[[ISconf]] :Tool to execute commands and replicate files on all nodes. The nodes do not need to be up; the commands will be executed when they boot. The system has no central server so commands can be launched from any node and they will replicate to all nodes. ;[[Juju (software)\|Juju]] :Juju concentrates on the notion of service, abstracting the notion of machine or server, and defines relations between those services that are automatically updated when two linked services observe a notable modification. ;Local Configuration system ([[LCFG]]) :LCFG manages the configuration with a central description language in XML, specifying resources, aspects and profiles. Configuration is deployed using the client–server paradigm. Appropriate scripts on clients (called ''components'') transcribe the resources into configuration files and restart services as needed. ;Open PC server integration ([[Opsi]]) :Opsi is [[desktop management]] software for [[Microsoft Windows\|Windows]] clients based on [[Linux]] servers. It provides automatic [[software deployment]] (distribution), [[installation (computer programs)#Types\|unattended installation]] of OS, [[patch (computing)\|patch]] management, hard- and software inventory, license management and [[software asset management]], and administrative tasks for the [[configuration management]].<ref>{{Cite web \|url=http://www.opsi.org/features/ \|title=opsi features \|access-date=2009-02-22 \|archive-url=https://web.archive.org/web/20090130033052/http://www.opsi.org/features/ \|archive-date=2009-01-30 \|url-status=dead }}</ref> ;PIKT :PIKT is foremost a monitoring system that also does configuration management. "PIKT consists of a sophisticated, [[feature-rich]] file preprocessor; an innovative scripting language with unique labor-saving features; a flexible, centrally directed process scheduler; a customizing file installer; a collection of powerful command-line extensions; and other useful tools." ;[[Puppet (software)\|Puppet]] :Puppet consists of a custom declarative language to describe system configuration, distributed using the client–server paradigm (using [[XML-RPC]] protocol in older versions, with a recent switch to [[Representational State Transfer\|REST]]), and a library to realize the configuration. The resource abstraction layer enables administrators to describe the configuration in high-level terms, such as users, services and packages. Puppet will then ensure the server's state matches the description. There was brief support in Puppet for using a pure Ruby DSL as an alternative configuration language starting at version 2.6.0. However this feature was deprecated beginning with version 3.1.<ref name="upguard.com"/><ref name="alansharp-paul"/><ref name = "Ruby DSL">{{cite web\|url=https://puppetlabs.com/blog/ruby-dsl/\|title=Puppet & Ruby DSL - Puppet Labs\|work=Puppet Labs}}</ref><ref name = "Ruby DSL is Deprecated">{{cite web\|url=http://docs.puppetlabs.com/puppet/3/reference/whats_new.html#ruby-dsl-is-deprecated\|title=Puppet 3.0 — 3.4 Release Notes\|work=puppetlabs.com\|access-date=2013-05-23\|archive-url=https://web.archive.org/web/20130513170449/http://docs.puppetlabs.com/puppet/3/reference/whats_new.html#ruby-dsl-is-deprecated\|archive-date=2013-05-13\|url-status=dead}}</ref> ;Pyinfra :Pyinfra is an agentless server configuration management tool created in Python. Its execution speed is up to 10 times faster than Ansible.<ref>{{cite web\|url=https://docs.pyinfra.com/en/3.x/performance.html#performance\|title=Performance\|access-date=2025-02-23}}</ref> Pyinfra is also excellent for system integration, as it can control SSH connections, Docker, Terraform, Ansible, etc. using a mechanism called a connector. Pyinfra can be run ad hoc or through the API.<ref>{{cite web\|url=https://pyinfra.com/\|title=Pyinfra\|access-date=2025-02-23}}</ref> ;[[Quattor]] :The quattor information model is based on the distinction between the desired state and the actual state. The desired state is registered in a fabric-wide configuration database, using a specially designed configuration language called [[Pan (programming language)\|Pan]] for expressing and validating configurations, composed out of reusable hierarchical building blocks called templates. Configurations are propagated to and cached on the managed nodes. ;[[Radmind]] :Radmind manages hosts configuration at the file system level. In a similar way to [[Tripwire (software)\|Tripwire]] (and other configuration management tools), it can detect external changes to managed configuration, and can optionally reverse the changes. Radmind does not have higher-level configuration element (services, packages) abstraction. A graphical interface is available (only) for OS X. ;[[Rex (software)\|Rex]] :Rex is a remote execution system with integrated configuration management and software deployment capabilities. The admin provides configuration instructions via so-called ''Rexfiles''. They are written in a small [[Domain-specific language\|DSL]] but can also contain arbitrary Perl. It integrates well with an automated build system used in [[Continuous integration\|CI]] environments. ;[[Salt (software)\|Salt]] :Salt started out as a tool for remote server management. As its usage has grown, it has gained a number of extended features, including a more comprehensive mechanism for host configuration. This is a relatively new feature facilitated through the Salt States component. With the traction that Salt has gotten in the last bit, the support for more features and platforms might continue to grow. ;[[SmartFrog]] :Java-based tool to deploy and configure applications distributed across multiple machines. There is no central server; you can deploy a .SF configuration file to any node and have it distributed to peer nodes according to the distribution information contained inside the deployment descriptor itself. ;[[Spacewalk (software)\|Spacewalk]] ~~== Discussion ==~~ :Spacewalk is an open source Linux and Solaris systems management service and is the upstream project for the source of Red Hat Network Satellite. Spacewalk works with RHEL, Fedora, and other RHEL derivative distributions like CentOS, Scientific Linux, etc. There are ongoing efforts on getting it packaged for inclusion in Fedora. Spacewalk provides systems inventory (hardware and software information, installation and updates of software, collection and distribution of custom software packages into manageable groups, provision systems, management and deployment of configuration files, system monitoring, virtual guest provisioning, starting/stopping/configuring virtual guests and delegating all of these actions to local or LDAP users and system entitlements). As of May 2020, Spacewalk is now EOL with users having moved to either Uyuni or Foreman/Katello. ;[[Software Testing Automation Framework\|STAF]] ~~Not all tools are ideal for all jobs. Here are some strong and weak points of each one.~~ :The Software Testing Automation Framework (STAF) enables users to create cross-platform, distributed software test environments. STAF removes the tedium of building an automation infrastructure, thus enabling users to focus on building their automation service. The STAF framework provides the foundation upon which to build higher-level products, and provides a pluggable approach supported across a large variety of platforms and languages. ;Synctool ~~;[[ISconf]]~~ :Synctool aims to be easy to understand, learn and use. It is written in Python and makes use of SSH (passwordless, with host-based or key-based authentication) and rsync. No specific language is needed to configure Synctool. Synctool has dry run capabilities that enable surgical precision. Synctool depends on Python2 which is now EOL and there are [https://github.com/walterdejong/synctool/issues/55 no current plans] to migrate it to Python3. :ISconf is controversial in its treatment of preconditions and postconditions of actions. Some tools, such as Bcfg2 and Puppet, require explicit descriptions of preconditions to hold before they apply an action, and further require an explicit description of postconditions, to be used by subsequent actions. Together, these have been called closure. [http://www.usenix.org/event/lisa03/tech/couch.html Couch, Hart, Idhaw, Kallas] Other tools, such as cfengine, don't make explicit the preconditions, but require their actions to be idempotent; thus an action may fail, but it keeps getting applied until some other action supplies the precondition, and then it succeeds - and keeps succeeding. These tools rely on convergence. [http://www.usenix.org/event/lisa2000/full_papers/burgess/burgess.pdf Burgess] ISconf differs in that it places no restriction on the nature of the action to be taken, nor any description of preconditions, but it requires that actions be applied to a known labeled state (e.g., a pristine OS install or system image), which after the action becomes a distinct state known only by its label; actions are always applied in identical order. This permits a theoretically perfect replicability. [http://www.usenix.org/events/lisa02/tech/full_papers/traugott/traugott_html/index.html Traugott, Brown] In practice, this model deals well with the often non-idempotent actions of package installation, but it can be expensive: actions either incorporate all the initial errors of the learning done by the sysadmin in creating a change, or the learning environment must be reimaged to a known prior state before the perfected performance of the action gets recorded; further, either any action performed with the machine whatsoever must be called an action and recorded, or actions must be accurately divided into either significant system actions and recorded, or else those concerning "only business data". An illustration of the difficulty: does a user account constitute significant system state or mere "business data"? == See also == ~~[[Category:Software comparisons]]~~ *[[List of systems management systems]] ==Notes== ~~{{compu-soft-stub}}~~ {{notelist}} ==References== {{Reflist\|30em}} {{DEFAULTSORT:Open source configuration management software comparison}} [[Category:Configuration management\| ]] [[Category:Software comparisons]] [[Category:Free software lists and comparisons\|Configuration management software]]