We're famous!

[Corey Quinn]

My blog post on Salt hit #2 on hackernews today.

Some interesting points in the comments:

https://news.ycombinator.com/item?id=5932608

-- Corey

[Michael March]

I added my $.02 how SaltStack changed my life.. 

:)

[David Boucha]

Congratulations, Corey!

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[David Kitchen]

Piqued my interest enough to look around.

I have a question though, which I couldn't see easily answered on the website:

If I experiment with SaltStack and we have 9 nodes today and 11 next week... do I suddenly have to pay this huge amount of money to licence it all?

Basically: We're bootstrapped and I don't want to start playing with something that might hit us with a limitation or hefty bill when we cross some magic number.

It's not clear on the site whether you can power on past that number and choose to pay if you want the peace of mind of support.

BTW, great article... clearly I read it and took notice.

[Michael March]

Arg.. I reread a lot of the comments and people keep mentioning "ansible".

We need to get the word out on how / why we are better:   Realtime / programmable infrastructure. 

[Corey Quinn]

I'm running it across (in total) a few hundred nodes; the only thing I've ever paid Saltstack for is an upcoming pizza order for fixing a bug that was driving me wild.

They do have an enterprise offering that's rather nifty, but paying for support is peace of mind and grants access to a stabler release IIRC. For my use case I haven't needed it yet.

-- Corey

[David Kitchen]

Thanks, that's what I had hoped. Will definitely take a look.

[Corey Quinn]

Yes, I'm already drafting an article on this. :-)

Be more specific, if you don't mind-- what makes the "salt versus ansible" decision in your mind?

-- Corey

[Michael March]

I have not used "ansible" beyond their 'hello world' examples so I'm probably missing a lot but I would sum it up and ask the ansible user base this:

If I wanted to have my CM system dynamically manage a nginx front end in real time as back end nodes spin up and down, how would you do that in ansible? 

[Kimbro Staken]

Interesting thread. Definitely more talk about ansible than salt
though. The lack of the need for a server seems to be the main thing
that draws people to ansible. I suspect a lot of people using it are
just using it as a way to do things the old way but across many
machines. That does make it a path of least resistance, whether that
serves as the gateway to real CM is another question. It's definitely
more accessible than Puppet or Chef since it doesn't force CM on you
right away. Salt kinda sits in the middle since it's quite useful even
if you don't use states but the master/minion thing definitely
increases the learning curve.

Kimbro Staken

[Jacob Albretsen]

On Monday, June 24, 2013 08:33:40 AM David Kitchen wrote:

> If I experiment with SaltStack and we have 9 nodes today and 11 next
> week... do I suddenly have to pay this huge amount of money to licence it
> all?

No, this isn't Splunk. ;)

[Barry Morrison]

Great article, but seems more high-level and less technical. More for C-level execs pitching Salt to, rather than to Sys Admins/Ops Engineers. 

On Monday, June 24, 2013 8:16:53 AM UTC-7, Corey Quinn wrote:

[Corey Quinn]

Exactly who it was targeted to. :-) There's no shortage of technical articles around this, but a lot of these decisions are made above the engineering level.

-- Corey

[Reginald Choudari]

You got me here thanks to your post on HN.

I'm a long time Puppet user, and am intrigued by Salt mainly for its "built-in" remote-execution capability.

I say "built-in" because Puppet requires you configure M-Collective for that functionality, which is painful enough.

Looking forward to trying it out on some throwaway servers ;)

[David Boucha]

We're glad to have you! Feel free to ask any questions here on this mailing list or in IRC in #salt on freenode.

--

You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

Dave Boucha  |  Sr. Engineer

5272 South College Drive, Suite 301 | Murray, UT 84123
office 801-305-3563
da...@saltstack.com | www.saltstack.com

[schlag]

it's funny, i do use ansible.. but only if i've broken my minions somehow ;)

[Barry Morrison]

I use Fabric when my minions break :P

On Mon, Jun 24, 2013 at 8:42 PM, schlag <teknop...@gmail.com> wrote:

it's funny, i do use ansible.. but only if i've broken my minions somehow ;)

--
You received this message because you are subscribed to a topic in the Google Groups "Salt-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/salt-users/zbzRvzRqNLs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to salt-users+...@googlegroups.com.

[Corey Quinn]

You are both terrible administrators. In reality, your minions never break, because Salt is perfect. Perfect, I tell you!

-- Corey, whose bias may be crossing into unreasonable levels…

You received this message because you are subscribed to the Google Groups "Salt-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.

[Barry Morrison]

I wish they wouldn't...but the first script I ever wrote at my new job, was a fabric script to restart salt-minion service on all the minions. :P

[martin f krafft]

also sprach Michael March <mma...@gmail.com> [2013.06.24.1734 +0200]:

> Arg.. I reread a lot of the comments and people keep mentioning "ansible".
> We need to get the word out on how / why we are better: Realtime
> / programmable infrastructure.

Also, the community is much more open.

The Ansible author banned me from their mailing lists and IRC
channels because I pointed out too many problems with Ansible.

Of my 25-or-so pull requests, many got rejected with "I don't care
for this" or "This is not the way to use Ansible", even though
I took care *not* to interfere with existing functionality.

And the lack of variable scoping, as well as precedence rules that
completely violate the principle of least surprise make Ansible hard
to work with.

I've seen problem in Salt and those led me to try Ansible for the
next project. Now that I've dipped my feet into the water to find
that Ansible is not the place to invest time into, I am glad to be
able to come back.

Feel free to ask questions about Ansible. I have spent a lot of time
on it and I will try to give you real answers, but I feel like it's
necessary to let people know about the community and the project
leader before you invest as much time as I did.

--
martin | http://madduck.net/ | http://two.sentenc.es/

/.ing an issue is like asking an infinite number of monkeys for advice
-- in #debian-devel

spamtraps: madduc...@madduck.net

[Antoine Pitrou]

Le Wed, 26 Jun 2013 12:22:05 +0200,
martin f krafft <mad...@madduck.net> a
écrit :

>
> I've seen problem in Salt and those led me to try Ansible for the
> next project. Now that I've dipped my feet into the water to find
> that Ansible is not the place to invest time into, I am glad to be
> able to come back.
>
> Feel free to ask questions about Ansible. I have spent a lot of time
> on it and I will try to give you real answers, but I feel like it's
> necessary to let people know about the community and the project
> leader before you invest as much time as I did.

Would you have anything to say about this comparison?
http://missingm.co/2013/06/ansible-and-salt-a-detailed-comparison/

Regards

Antoine.

[martin f krafft]

also sprach Antoine Pitrou <soli...@pitrou.net> [2013.06.26.1226 +0200]:

> Would you have anything to say about this comparison?
> http://missingm.co/2013/06/ansible-and-salt-a-detailed-comparison/

Argh, such a shame that I need JavaScript and other juice just to
read a blog post, but so be it.

I am going to leave these comments there too.

Overall, I agree with the article, and I had much the same
enthusiasm about Ansible. I still think it's a pretty good system,
but the project leader is a showstopper for me, as I cannot be sure
what's going to be next. Being prevented from interacting with the
community "because I don't make this a happy place" means I won't
invest any time into this Free Software project. In fact, while Salt
and Ansible both have companies behind them, I have the feeling that
Ansible is a lot less about Free Software than Salt. Make of that
what you will, but I don't want to rely on a software whose author
made it clear to me that he's neither open to suggestions, nor open
to alternative uses of his tool.

I disagree that Salt having a lot of dependencies is a downside.
First, it's just a couple of Python libraries that are quickly
installed and hardly do any harm. Second, and more importantly, this
means that Salt doesn't need to transfer anything other than control
data over the network. Ansible, on the other hand, always assembles
a module and sends that over the link, then executes it (and
actually uses three shell invocations, where only one is needed). It
does that for every single task, one after the other, and I found
this to majorly slow things down. The enforcement of a TTY for every
single connection also doesn't help things and deprives all modules
of stderr.

Furthermore, the way this is done is just horrific: the module is
loaded as a string, then manipulated with string-replace functions
(e.g. the logging facility is done by replacing "syslog.USER" with
whatever is in the configuration file) and this makes for very big
surprises during debugging.

Overall, I was also not impressed with Ansible's code quality.
There's a bunch of plain mistakes (like a select loop that's wrong),
yet the author has no interest in accepting patches to fix that, as
he sees no problem with it. Also, there's a really complex callback
system in place, which is at first a nice sight. However, trying to
understand the system is neigh impossible, and getting it to do
things like limiting the console output by removing expected results
just wasn't possible.

You can take a peak at some of the pull requests I sent, including
Michael's comments: https://github.com/ansible/ansible/pulls/madduck

I agree that the use of SSH is nice, and I wish Salt wouldn't have
gone with the less mature 0mq project, having to add its own
encryption layer (which I think it does suboptimally, working way
more than necessary, actually).

On the other hand, push-mode with Ansible doesn't really make well
for team-maintenance, and while there is a pull-mode, it's not
really trivial to set up, especially not if your inventory comes
from an external source.

As for maintenance, I also agree that Salt have to do a better job
at stable releases and changelogs, but I disagree that Ansible is
without fault. The recent 1.2 release added a lot of features that
felt immature and unnecessary. For instance, Jinja2-templating was
added to all variables, which means that everything is now a string
and cannot be casted back easily.

Speaking of Jinja2: I hate it because we are not writing
HTML for super-secure web applications. Salt lets you use other
renderers, like Mako, which are much more suited for sysadmin work.

It's true that Ansible's break with the traditional requirements
ordering of tasks is a refreshing novelty, and being able to name
everything is nice, although cosmetic. The notification/handler
system isn't really different from Salt's. And I am sure Salt could
be extended to allow for deterministic ordering. Anyway, it's hardly
difficult to maintain dependencies and let the ordering be
indeterminate. Just don't use requisite_in and keep to requisite…

Ansible centres around Playbooks, which you play over your
infrastructure. That's great for making infrastructure-wide changes,
but it's not really suitable to keeping your infrastructure aligned.
Here, salt-call invoked from Cron every 3 hours is a much better
approach.

So, in conclusion, I think Ansible has some good concepts, but it's
not worth adopting. Instead, I think Salt can borrow and integrate
some of the concepts, and hopefully address some of the other issues
that I pointed out a while ago:

http://madduck.net/blog/2013.02.01:a-botnet-for-configuration-management/

and then there won't be much of a question anymore as to what's
better.

That shall be all for now. I'll write again if I remember something
I forgot.

--
martin | http://madduck.net/ | http://two.sentenc.es/

the uncertainty principle:
you can never be sure how many
beers you had last night.

spamtraps: madduc...@madduck.net

[Antoine Pitrou]

Le Wed, 26 Jun 2013 14:01:48 +0200,

martin f krafft <mad...@madduck.net> a
écrit :

> also sprach Antoine Pitrou
> <soli...@pitrou.net> [2013.06.26.1226
> +0200]:
> > Would you have anything to say about this comparison?
> > http://missingm.co/2013/06/ansible-and-salt-a-detailed-comparison/
>
> Argh, such a shame that I need JavaScript and other juice just to
> read a blog post, but so be it.
>
> I am going to leave these comments there too.

[snip]

Thank you very much. Your insight is very valuable :-)

Regards

Antoine.

[Joseph Hall]

On Wed, Jun 26, 2013 at 6:01 AM, martin f krafft <mad...@madduck.net> wrote:
> Ansible is a lot less about Free Software than Salt. Make of that
> what you will, but I don't want to rely on a software whose author
> made it clear to me that he's neither open to suggestions, nor open
> to alternative uses of his tool.

I have now had the opportunity to meet the core devs of four of the
major players in this space: I met one of the core Puppet devs, along
with Michael DeHaan, at a Puppet training some years ago, during the
couple of weeks that Michael was an employee there. Over the weekend I
met one of the core Chef devs at Devopsdays, and of course I work with
core Salt devs on a daily basis.

Each team has some brilliant gray matter behind it, the loss of which
would be crippling to their product and their company. I have watched
Michael and his other projects since before I met him, and he can
truly be an asset to whatever team he is a part of. If he can manage
to both overcome his ego and stick with a project for more than a
couple of years, he will be a force to be reckoned with. Do not
discount him based solely on your interaction with him.

On a side note, it's good to see you back, Martin. Your attention to
detail and quest for perfection are more than admirable, and have been
an asset to the development of Salt. While I certainly don't agree
with you on everything, you are not to be brushed aside so callously
as your description of your experiences depict.

Keep fighting the good fight.

--
"In order to create, you have to have the willingness, the desire to
be challenged, to be learning." -- Ferran Adria (speaking at Harvard,
2011)

[martin f krafft]

also sprach Joseph Hall <perl...@gmail.com> [2013.06.26.1631 +0200]:

> On a side note, it's good to see you back, Martin. Your attention to
> detail and quest for perfection are more than admirable, and have been
> an asset to the development of Salt. While I certainly don't agree
> with you on everything, you are not to be brushed aside so callously
> as your description of your experiences depict.

Thanks, it's good to be back. Expect pull requests to come. Let's
make Salt even more awesome.

--
martin | http://madduck.net/ | http://two.sentenc.es/

"memory is like an orgasm.
it's a lot better
if you don't have to fake it."
-- seymour cray commenting on virtual memory

"but virtual memory still gets the job done."
-- gr

spamtraps: madduc...@madduck.net

[Oleg Anashkin]

Martin, did you notice that the blog author has deleted your comment criticizing Ansible's project leadership? He also deleted my comment where I supported your critique with my own evidence.

This is the perfect example of censorship which Michael DeHaan applies everywhere around Ansible.

[martin f krafft]

also sprach Oleg Anashkin <oleg.a...@gmail.com> [2013.06.29.0152 +0200]:
> Antoine, why did you delete Martin's and mine comments criticizing
> Ansible's project leadership? Is it the same censorship which Michael
> DeHaan applies everywhere else in Ansible?

Let's not jump to conclusions. Antoine is not the owner of the blog,
and the owner of the blog did get in touch with me, leading me to
believe that it's not just censorship. Let's wait and see.

--
martin | http://madduck.net/ | http://two.sentenc.es/

"a scientist once wrote that all truth passes through three stages:
first it is ridiculed, then violently opposed and eventually,
accepted as self-evident."
-- schopenhauer

spamtraps: madduc...@madduck.net

[Antoine Pitrou]

Le Fri, 28 Jun 2013 16:52:52 -0700 (PDT),
Oleg Anashkin <oleg.a...@gmail.com> a
écrit :

> Antoine, why did you delete Martin's and mine comments criticizing
> Ansible's project leadership? Is it the same censorship which Michael
> DeHaan applies everywhere else in Ansible?

Sorry for the misunderstanding. As Martin pointed out, I am in no way
associated with that blog (and I am not part of the Ansible community).
I was simply interested in potential reactions to the contents of that
blog post.

Regards

Antoine.

>
> On Wednesday, June 26, 2013 3:26:19 AM UTC-7, Antoine Pitrou wrote:
> >
> > Le Wed, 26 Jun 2013 12:22:05 +0200,
> > martin f krafft <mad...@madduck.net

> > <javascript:>> a écrit :

[Joshua Lund]

Hi! I am the author of the comparison blog post and I'm sorry that you got dragged into this, Antoine.

Oleg, speaking candidly, your comment was a disrespectful and profane ad hominem attack that was devoid of both substance and evidence, and it added nothing whatsoever to the discussion. I understand that you might feel frustrated, but please try to see it from my perspective. Your first comment, my explanatory comment giving you a second chance, and your follow-up comments that were even worse than the original are the only comments that have been removed from my blog. As Martin has already mentioned, I reached out to him early and sent him a detailed email last night. His comment is up and unmodified.

I dedicated hundreds of hours to the comparison project, the writeup, and the companion open source repositories. It is important to me that the result is seen as the earnest and sincere evaluation that it was and is. Part of that involves having some standards and trying to keep the conversation technical and on-topic. I definitely don't agree with censorship, but I'm also not going to implicitly condone trolling or provide a megaphone for vapid character attacks.

Feel free to post your original comment here if it is something that you are proud of and willing to stand behind. I wasn't that impressed.

I'm a huge fan of Ansible *and* Salt. I've contributed pull requests and documentation to both projects and plan on continuing to do so. You can try to spin this into an awkward conspiracy theory if you would like, but I don't think that makes much sense. It would be better to let it go, and collectively we can all get back to making the world awesome in our own little ways. Tedious drama is tedious :)

Josh