Wikipedia

Comparison of open-source configuration management software: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Short descriptions: Consfigurator: fix typo
Basic properties: Small WP:COPYEDITs WP:EoS: WP:TERSE, clarify. MOS:FIRSTABBReviation clarify, define before WP:ABBR in parentheses. WP:BADEMPHASIS MOS:QUOTEMARKS > WP:ITALICs or <code>s. WP:LINKs: needless WP:PIPEs > WP:NOPIPEs, update-standardizes, adds. Avoidable WP:SLASH > comma.
Line 10:
 
==Basic properties==
"Verify mode" (also called [[dry run (testing)|dry run]]) refers to having an ability to determine whether a node is conformant with a guarantee of not modifying it, and typically involves the exclusive use of an internal language supporting read-only mode for all potentially system-modifying operations. "''[[Mutual authentication|Mutual auth]]"'' (mutual auth) refers to the client verifying the server and vice versa.
 
"''Agent"'' describes whether additional [[Daemon (computing)|software daemons]] are required. Depending on the management software these agents are usually deployed on the target system or on one or many central "''controller"'' servers. Although "<code>Agent-less"</code> = "<code>No"</code> is colored red and might seem to be a negative, in factinstead, having an agent can be considered quite advantageous to many. Consider the impact if an agent-less tool loses connectivity to a node while making critical changes—leaving the node in an indeterminate state that compromises its (production?) functionalityfunction.
 
<div class="overflowbugx" style="overflow:auto; width:99%;">
Line 41:
! {{rh}} | [[Bcfg2]]
| Python
| [[SIBSDBSD licenses#2-clause license .28.22Simplified BSD License.22 or .22FreeBSD License.22.29|BSD 2-clause]]<ref>{{cite web |author=solj |url=https://github.com/Bcfg2/bcfg2/blob/master/LICENSE |title=bcfg2Bcfg2/LICENSE at master · Bcfg2/bcfg2 · GitHub |publisherwebsite=Github.com[[GitHub]] |access-date=2014-02-10}}</ref>
| {{yes}}{{efn|name="Certificate and Passwords"|Certificate and Passwords: Uses SSL X.509 certificate and fingerprint for clients to authenticate server, and passwords for server to authenticate clients; clients should only share the same password if they are allowed access to each other's configuration data.}}
| {{yes}}{{efn|name="SSL"|SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.}}
Line 52:
! {{rh}} | [[Capistrano (software)|Capistrano]]
| [[Ruby (programming language)|Ruby]]
| [[MIT License|MIT]]
|
| {{yes}}{{efn|name="Secure Shell"}}
Line 77:
| {{yes}}{{efn|name="RSA Shared Keys"|Per request signed headers and [[pre-shared key]]s.}}
| {{yes}}{{efn|name="SSLpayload"|Payload encryption via SSL if HTTPS proxy is configured.}}
| {{yes}}{{efn|name="Verify-Chef"|Chef 10.14.0+ (called why-run mode)}}<ref>{{cite web |url=http://tickets.opscode.com/browse/CHEF-13 |title=[#CHEF-13&#93; Add -noop support - Opscode Open Source Ticket Tracking |publisher=Tickets.opscode.com |access-date=2014-02-10 |archive-url=https://web.archive.org/web/20140226055656/https://tickets.opscode.com/browse/CHEF-13 |archive-date=2014-02-26 |url-status=dead }}</ref>
| {{no}}
| {{yes}}
Line 119:
! {{rh}} | [[ISconf]]
| Python
| GPL<ref>{{cite web |url=http://trac.t7a.org/isconf/browser/trunk/LICENSE |title=/trunk/LICENSE - ISconf - Trac |publisher=Trac.t7a.org |date=1989-04-01 |access-date=2014-02-10 |archive-url=https://archive.today/20130415235717/http://trac.t7a.org/isconf/browser/trunk/LICENSE |archive-date=2013-04-15 |url-status=dead }}</ref>
|{{yes}}{{efn|name="HMAC"|HMAC: Uses [[HMAC]] signatures on all network traffic.}}
| {{no}}<ref>Improved security which would include an encrypted, mutually authenticated, peer-to-peer message bus is tracked here {{cite web |url=http://trac.t7a.org/isconf/ticket/39 |title=#39 (Implement TCP mesh) - ISconf - Trac |access-date=2007-04-17 |url-status=dead |archive-url=https://archive.today/20120716131832/http://trac.t7a.org/isconf/ticket/39 |archive-date=2012-07-16 }}.</ref>
|
|
Line 135:
| {{no}}
| {{no}}
| {{yes}}<ref>{{cite web |url=https://demo.jujucharms.com/trusty/juju-gui/ |title=Juju Gui |publisher=jujucharms.com |date=2015-06-15 |access-date=2015-06-21 |archive-url=https://web.archive.org/web/20150621233749/https://demo.jujucharms.com/trusty/juju-gui/ |archive-date=2015-06-21 |url-status=dead }}</ref>
| style="text-align:left;"|2010-09-17<ref>{{cite web|url=https://launchpad.net/juju/+series |title=timeline : pyjuju |publisher=Launchpad.net |access-date=2014-02-10}}</ref>
| style="text-align:left;"|2024-02-15 3.4.0<ref>{{cite web|url=https://github.com/juju/juju/releases |title=GitHub |publisher=github.com |access-date=2022-03-21}}</ref>
|-
! {{rh}} | Local ConFiGuration system ([[LCFG]])
| [[Perl]]
| GPL
| {{partial}}<ref>LCFG does not provide its own transport mechanism; it relies on an external program, most often Apache. Using Apache it should be possible to do mutual authentication in several ways; however the documentation at [http://www.lcfg.org/doc/guide.pdf The Complete Guide to LCFG], Section 9.4: Authorization and Security, shows access control based on IP address ranges, implying that the client does not authenticate itself to the server via an SSL certificate; it also does not mention if the LCFG client checks the validity of the server's SSL certificate (such as via a per-site fingerprint distributed with the client, or a chain of trust to an accredited CA). It mentions that there can be a per-client password in the profile, but also states that ''"The contents of the LCFG profile should be considered public"''.</ref>
Line 152:
! {{rh}} | [[NOC (software)|NOC Project]]
| [[Python (programming language)|Python]]
| [[BSD Licenseslicenses|BSD License 2.0]]
| {{yes}}{{efn|name="Key Pair"}}
| {{yes}}{{efn|name="Secure Shell"}}
Line 162:
|-
! {{rh}} | [[OCS Inventory]] NG with GLPI
| Perl, [[PHP]], [[C++]]
| GPL
| {{no}}<ref>Server authenticates to client, but client does not authenticate to server. See [http://prdownloads.sourceforge.net/ocsinventory/OCS_Inventory_NG-Installation_and_Administration_Guide_1.9_EN.pdf.zip?download OCS Inventory NG Installation and Administration guide], page 114.</ref>
Line 195:
|-
! {{rh}} | [[Puppet (software)|Puppet]]
| Ruby, [[C++]] & [[Clojure]] (server-side also Ruby before 4.0<ref>{{cite web |url=https://puppet.com/blog/evolving-puppet-for-next-10-years |title=Evolving Puppet for the Next 10 Years |publisher=Luke Kanies |date=2014-09-23 |access-date=2017-05-26}}</ref>)
| Apache since 2.7.0, GPL before then
| {{yes}}{{efn|name="Certificates"|Certificates: Uses SSL X.509 Certificates for mutual authentication. Can use any SSL Certificate Authority to manage the Public Key Infrastructure.}}
| {{yes}}{{efn|name="SSL"}}
| {{yes}}{{efn|name="Verify-Puppet"|Using the --noop option}}<ref>{{cite web |url=http://docs.puppetlabs.com/man/agent.html |title=puppet agent Man Page — Documentation — Puppet Labs |publisher=Docs.puppetlabs.com |access-date=2014-02-10 |archive-url=https://web.archive.org/web/20130707135331/http://docs.puppetlabs.com/man/agent.html |archive-date=2013-07-07 |url-status=dead }}</ref>
| {{no}}
| {{yes}}<ref>{{cite web|url=http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison|title=Puppet Management GUI Comparison|work=olindata.com|access-date=2015-01-12|archive-url=https://web.archive.org/web/20150117063953/http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison|archive-date=2015-01-17|url-status=dead}}</ref>
Line 210:
| {{yes}}<ref>"Client to server authentication and vice versa: on one hand, this allows to enforce access policies
to sensitive data according to the client "name", on the other hand, clients are guaranteed to talk to
the original server." - from [http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms Quattor Installation and User Guide: Version 1.1.x] {{Webarchive|url=https://web.archive.org/web/20130406095526/http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application%2Fpdf&cvsroot=elfms |date=2013-04-06 }}, page 70</ref>
| {{yes}}<ref>"[...] secure information transfer, since data are encrypted: this prevents eavesdroppers from obtaining information in transit over the network." - from [http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms Quattor Installation and User Guide: Version 1.1.x] {{Webarchive|url=https://web.archive.org/web/20130406095526/http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application%2Fpdf&cvsroot=elfms |date=2013-04-06 }}, page 70</ref>
|
|
|
| style="text-align:left;"|2005-04-01<ref>{{cite web |url=http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/ |title=Index of /quattorsw/software/quattor/release |publisher=Quattorsw.web.cern.ch |access-date=2014-02-10 |archive-url=https://web.archive.org/web/20140318090836/http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/ |archive-date=2014-03-18 |url-status=dead }}</ref>
| style="text-align:left;"|2023-08-14 23.6.0<ref>{{cite web|url=https://www.quattor.org/news/2023/08/14/announcing-quattor-23.6.0.html|title=Quattor 23.6.0 released|work=quattor.org}}</ref>
|-
! {{rh}} | [[Radmind]]
| C
| BSD<ref>{{cite web |url=http://rsug.itd.umich.edu/software/copyright.html |title=Research Systems Unix Group: beepage |publisher=Rsug.itd.umich.edu |access-date=2014-02-10 |archive-url=https://web.archive.org/web/20150210155103/http://rsug.itd.umich.edu/software/copyright.html |archive-date=2015-02-10 |url-status=dead }}</ref>
| {{yes}}<ref>''"SSL certificates can also be used to authenticate both the Radmind server and the managed clients, regardless of DNS or IP-address variation."'' - from [http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management]</ref>
| {{yes}}<ref>''"For network security, Radmind supports SSL-encrypted links. This allows nodes on insecure networks to be updated securely.''" - from [http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management]</ref>
Line 230:
|-
! {{rh}} | [[Rex (software)|Rex]]
| [[Perl (programming language)|Perl]]
| [[Apache License|Apache]]
| {{yes}}{{efn|name="Key Pair"}}
Line 241:
|-
! {{rh}} | [[Rudder (software)|Rudder]]
| [[C (programming language)|C]], [[Scala (programming language)|Scala]] and, [[Rust (programming language)|Rust]]
| GPLv3 and, Apache 2.0<ref>{{cite web|url=https://faq.rudder.io/knowledge-bases/2/articles/6-what-licences-apply-to-rudder|title=Rudder FAQ|work=rudder.io}}</ref>
| {{yes}}{{efn|name="Key Pair"}}
| {{yes}}{{efn|name="SSL"}}
Line 308:
! {{rh}} | Uyuni
| Java, Python, [[PL/SQL]] (Perl)
| GPLv2/, Apache 2.0
| {{yes}}
| {{yes}}
Line 314:
| Both
| {{yes}}
| style="text-align:left;"| 2018-06<ref name="Uyuni: Forking Spacewalk with Salt and Containers">{{cite web|url=https://news.opensuse.org/2018/05/26/uyuni-forking-spacewalk-with-salt-and-containers/|title=Uyuni: Forking Spacewalk with Salt and Containers|date=26 May 2018 }}</ref>
| style="text-align:left;"| 31-01-2024 2024.01<ref>{{Cite web |title="Uyuni 2024.01 is released" |url=https://lists.opensuse.org/archives/list/announce@lists.uyuni-project.org/thread/QJBVKBUS25XJHEUAFHXGYDYT44QCZ334/ |access-date=2024-02-01 |website=Uyuni |language=en}}</ref>
|-
Retrieved from "https://en.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software"