Tuesday, February 5, 2013

What I wish Puppet and Salt would do differently


I like the idea of configuration management tools like Puppet and Salt; they have promise.  They attempt to solve a huge, complex problem.  I haven't come up with a working solution that is any better.  But if I ever had time to work on a solution it would improve on the current solutions in the following ways:

I wish they would use a standard for state definition


If each tool worked from a standard state description syntax, then people could try different tools without so much more effort.  Perhaps this could be achieved by developing a standard for describing machine state, and then developing tools that convert from the standard state definition to the tool-specific state definition.

A standard would also allow for more general tools to create state definitions.

And a standard would allow interoperability with things that are not configuration management tools: state visualization tools, for instance.


I wish they would stop claiming that you describe state only


Both tools inspire awe when they claim that you only have to describe "the desired state" of resources, rather than a script of things to do.  But they lie!

Puppet manifest files and Salt sls files both include syntax for restarting services, running scripts based on changes or doing other one-time events.  In other words, you are describing both state AND events.

I think the tools could be simplified if they would stop pretending that you can manage a system by describing state alone.


I wish they would focus on getting out of the way instead of cute, colored output

Colored output can be useful.  But when you're coloring output instead of providing useful data, the color is infuriating.

I spent an hour with Salt trying to create a user on a machine.  Every time it failed to create the user, this is the error I would see:

'Failed to create new user lighttpd'

It didn't show the command it was trying to execute.  It didn't show the stdout/stderr from the shell.  The logs didn't help either.  The output was very cute, colorful and useless.  When something runs, I should be able to see the arguments used to spawn the process, the environment variables for the process and the stdin, stdout, stderr and exit code of the process.  Why replace that great debugging information with cute, custom messages and colors?