Why not just use Puppet or Chef?

I get asked this question quite a bit in certain situations. Especially when I have to hand something off to an operations team. Usually we’re talking about an application architecture that involves ten or more machines: several application servers, an (old clunky) relational database, and some web servers. These networks are not big by any means, but, I agree, they are certainly of a sufficient size to demand automation.

Operations: “Well, I see you’ve delivered a bunch of RPMs from the build, but why didn’t you just use Puppet or Chef?”

Developers: “I don’t have access at the appropriate level to start thinking about OS-level automation, I wish I did.”

The crux of the problem is that today’s operations departments are really concerned about “control” issues. They might be using VMware, but they’d never think of letting a development team automate calls to create VM instances as needed. Nope, everywhere I’ve gone in the last few years, the operations team is still handing out “new machines” as if they were physical artifacts.

Operations: “You need a new machine?”

Developers: “No, I need a new VMs.”

Operations: “It’s going to take us some time to provision that for you. How soon do you need it?”

Developers: “Five minutes enough time.”

Operations: “No, we have to set it up for you, and it takes time to provision this stuff.”

Developers: “I thought we used VMware, can’t you just…”

Operations: “Stop, it isn’t as easy as that.”

Developers: “At my last job, we just had a direct API call to Spring’s cloud…”

Operations: “Stop being ridiculous, we’re done.” (Walks away)

That dialog is fictional, but representative. All over the place, operations is holding on to this idea of “ceremony” when it comes to provisioning infrastructure. Puppet isn’t straightforward unless you have access to VMs at a certain level. At least in my experience, unless you can flick a switch and have some provider like EC2, Rackspace, or ten thousand other cloud providers rebuild a pristine VMs, you aren’t really testing your approach to automation.

…and, if you are trying to use Puppet or Chef without a good place to test the system (i.e. a fully virtualized environment under your control) there’s no use in trying. I love the idea of using Puppet or Chef, don’t get me wrong, but don’t use it in the middle of an active fire fight between two departments. That’s a recipe for failure.