When comparing Puppet vs Snyk, the Slant community recommends Puppet for most people. In the question“What are the best DevOps tools?” Puppet is ranked 10th while Snyk is ranked 15th. The most important reason people chose Puppet is:
You define the state the server should be in and Puppet transforms it that state. This is opposed to explicitly declaring a list of actions to be performed. If a developer wants more flexibility and control there's always the option of falling back to explicitly running commands but that's discouraged.
Ranked in these QuestionsQuestion Ranking
Pro Declarative sematic
You define the state the server should be in and Puppet transforms it that state. This is opposed to explicitly declaring a list of actions to be performed.
If a developer wants more flexibility and control there's always the option of falling back to explicitly running commands but that's discouraged.
Pro Broad cross-platform support
Puppet is supported on a wide range of operating systems. See the Docs for a complete list.
Pro Large helpful community
Puppet is very mature and relatively old. This means that it has gathered quite a following over the years. This large community means that there are a lot of modules, guides and configuration recipes ready to use built by the community.
Puppet is a complete solution in terms of available features and modules. It has full support for all the main Operating Systems and provides lots of tools for its users.
Pro Exceptional enterprise support
Puppet Enterprise is used by 75 of the fortune 100 companies.
Pro All-in-one Package since version 4
With Facter, Collective and Hiera.
Pro Helpful UI
Puppet's UI is very useful. It allows real-time control of managed nodes by using modules and configuration recipes that are on the master servers. Although the UI is great for management, it lacks when trying to configure modules.
Pro Easy to learn
Puppet is model-driven and easier for diverse teams (that may include non-devs) to learn than it's main competitor, Chef.
Pro Can enforce policy even without a connection to the puppet master
With cached catalogs, puppet agents can continue to enforce policy even while your masters aren't functional
Con Poor training materials
The puppet documentation does not contain any proper tutorials to help new users on board easily.
Con Interaction between modules can get quite complex very fast
Due to it's out of order execution you can easily get into race condition between different modules. You have to be very careful declaring pre-requisites for the tasks so they don't step on top of each other. On the other hand when you get this lets you deploy things much faster than straight line execution tools
Con Lacks flexibility
The lack of control over Puppet's model-driven approach can result in less flexibility and power from the tool.
Con Solid knowledge of Ruby is needed to create your own modules
Modules and configurations are written in a specific language based on Ruby or in Ruby itself. So in order to be able to create custom configuration and modules you need a solid knowledge of Ruby.
Although it's fair to mention that there are many modules already available for every use-case.
Con Requires culture shifts
You might find difficulty adopting puppet due to the effort involved in convincing admins to switch from procedural automation to desired state automation.
Con Does not enforce policy when the puppetmaster is offline
Does not enforce policy when the puppetmaster is offline, does have a caching mechanism but since it does not include any files that need to be transfer it basically does not work
Con Slow as hell
Compared with other CM tools it's very slow and needs to do a lot of caching to give it the impression that it's fast (which it's not)
Con Syntax is a mess
To use puppet to the full extent you need to know the following tools; most of them are an integral part of puppet, Ruby, Ruby templates, puppet DSL, Hiera, Facter and Mcollective which all have a different syntax
Con Shallow .NET support
Only seems to check the NuGet packages and not much else.
Con ASP.NET Core is "High risk"
The TeamCity plugin fails the build for all ASP.NET Core applications stating that it is vulnerable to DOS attacks and that "there is no fix available".