Ansible Won Because It's the Simplest

| 2 min read |
ansible puppet chef devops

I used all three. Ansible required the least ceremony. That's the whole argument.

I’ve run all three in production. Puppet at one gig, Chef at another, Ansible across several. Here’s where I landed.

Puppet

Puppet’s declarative DSL is solid. The agent-server model gives you continuous enforcement, which compliance-heavy orgs love. But you’re running agent infrastructure on every node, learning a custom DSL that isn’t quite a programming language, and debugging catalog compilation errors that give you nothing useful.

For a 500-node fleet with a dedicated infra team and compliance requirements? Puppet earns its keep. For anything smaller, it’s overhead you don’t need.

Chef

Chef lets you write real Ruby. That’s its greatest strength and its biggest trap. I’ve watched teams build incredibly clever Chef cookbooks that nobody else could maintain. The testing story is good if you invest in it, but most teams don’t.

If your infra team already thinks in Ruby, Chef can be powerful. If they don’t, you’re paying the Ruby learning tax on top of the config management learning tax. That’s two taxes too many.

Ansible

Ansible is YAML, SSH, no agents. You write a playbook, you run it, machines converge. Done.

- hosts: web
  tasks:
    - name: install nginx
      apt:
        name: nginx
        state: present

That’s readable by anyone on the team. The new hire understands it on day one. The on-call engineer at 3am can follow it. That matters more than any feature comparison chart.

The tradeoff is real: Ansible is push-based, not continuously enforcing. At serious scale you’ll bolt on AWX or Tower for scheduling and reporting. But for most teams, “run the playbook” is the right model.

My take

The config management wars of 2016 are mostly a distraction. Docker and immutable infrastructure are already eating into this space. But you still need something for the hosts that run your containers, for your legacy systems, for the stuff that isn’t going anywhere.

For that, I want the tool with the least ceremony. The one where I spend time on the actual infrastructure problem, not on the tool’s own complexity.

That’s Ansible.

Pick it, version your playbooks, write roles that are boring and readable, and get back to work that actually matters.