Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
Comparison of open-source configuration management software
List article

This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Basic properties

"Verify mode" (also called dry run) refers to having an ability to determine whether a node is conformant with a guarantee of not modifying it, and typically involves the exclusive use of an internal language supporting read-only mode for all potentially system-modifying operations. Mutual authentication (mutual auth) refers to the client verifying the server and vice versa.

Agent describes whether additional software daemons are required. Depending on the management software these agents are usually deployed on the target system or on one or many central controller servers. Although Agent-less = No is colored red and might seem to be a negative, instead, having an agent can be considered quite advantageous to many. Consider the impact if an agent-less tool loses connectivity to a node while making critical changes—leaving the node in an indeterminate state that compromises its (production?) function.

LanguageLicenseMutual auth.EncryptionVerify modeAgent-lessIncl. GUIFirst releaseLatest stable release
AnsiblePythonGPLv3+Yes1Yes2YesYesYes32012-03-082025-03-25 2.18.44
Bcfg2PythonBSD 2-clause5Yes6Yes7Yes8NoYes92004-08-11102015-06-11 1.3.611
CapistranoRubyMITYes12Yes13No20052022-08-07 3.17.1
cdistPythonGPLv3+Yes14Yes15Yes20102021-08-24 6.9.816
ChefRuby, ErlangApache 2.0Yes17Yes18Yes1920NoYes2009-01-15 0.5.02023-01-05 18.1.0 (client),21 15.4.0 (server)22
CFEngineC23GPLv324Yes25Yes26Yes27282930NoYes311993

2025-01-07 3.26.0,322025-05-13 3.24.2,332025-05-13 3.21.734

ConsfiguratorScheme (SBCL)GPLv3+35Yes36Yes37No1.4.2 2024-07-2638
GuixScheme (Guile)3940GPLv3+41Yes42Yes43NoNo441.4.0 2022-12-19
ISconfPythonGPL45Yes46No4719982006-08-13 4.2.8.233
JujuPython, Go48AGPLYes49Yes50NoNoYes512010-09-17522024-02-15 3.6.053
Local ConFiGuration system (LCFG)PerlGPLPartial54Partial55NoNoNo1994Weekly Releases
NOC ProjectPythonBSD 2.0Yes56Yes57YesYesYes2012-03-082015-05-20 15.05.158
OCS Inventory NG with GLPIPerl, PHP, C++GPLNo59Yes60No20032014-07-1361
Open pc server integration (Opsi)Python, JavaGPLNoYes62No20042013-03-01 4.0.3
PIKTCGPLv2+63Yes64Yes65No1998662007-09-10 1.19.0
PuppetRuby, C++ & Clojure (server-side also Ruby before 4.067)Apache since 2.7.0, GPL before thenYes68Yes69Yes7071NoYes722005-08-30732024-04 8.6.0, 7.30.0 (client),74 2024-04 8.6.0, 7.17.0 (server)75
PyinfraPythonMIT LicenseYesYesYesYes2016-08-10 0.1762025-01-30 3.277
QuattorPerl, PythonApache 2.07879Yes80Yes81Partial82No2005-04-01832024-11-22 24.10.084
RadmindCBSD85Yes86Yes87No2002-03-26882008-10-08 1.13.089
RexPerlApacheYes90Yes91Yes2010-11-05 0.9.0922021-07-05 1.13.493
RudderC, Scala, RustGPLv3, Apache 2.094Yes95Yes96Yes9798NoYes2011-10-312023-07-21 7.3.4 99
SmartFrogJavaApache 2.0100Yes101Yes102No2004-02-112012-03-13 3.18.016103
Salt104Python105Apache 2.0106Yes107Yes108YesBoth109110Yes1111122011-03-17 0.6.01132023-05-05 v3006.1114
SpacewalkJava (C, Perl, Python, PL/SQL)GPLv2YesYesNo2008-061152019-01-14 2.9116
STAFC++CPL117No118119Partial120No1998-02-161212012-12-16 3.4.16 122
Synctool123Python124GPLv2125Yes126Yes127Yes128Yes12920031302019-08-11 6.3131
UyuniJava, Python, PL/SQL (Perl)GPLv2, Apache 2.0YesYesYesBothYes2018-0613231-01-2024 2024.01133
LanguageLicenseMutual authEncryptsVerify modeAgent-lessHave a GUIFirst releaseLatest stable release

Platform support

Note: This means platforms on which a recent version of the tool has actually been used successfully, not platforms where it should theoretically work since it is written in good portable C/C++ or an interpreted language. It should also be listed as a supported platform on the project's web site.

AIX*BSDHP-UXLinuxOS XSolarisWindowsOthers
AnsibleYesYesYesYesYesYesPartial 134Yes135
Bcfg2Partial136Yes137NoYes138Partial139YesNoNo
CFEngineYesYes140YesYesYesYesYes (enterprise version only)Yes141
cdistYesYesYesNo
ChefYes142YesYesYesYesYesYes143Yes
ConsfiguratorPartial144Yes145No146
GuixNoNoNoPartial147NoNoNoPartial148
ISconfYesYesYesYesYesYesNoNo
JujuYesYes149
Local ConFiGuration system (LCFG)NoNoNoPartial150Partial151Partial152NoNo
OCS Inventory NGYesYesYesYesYesYesYesNo
Open pc server integration (Opsi)NoNoNoYesNoNoYesNo
PIKTYesYesYesYesYesYesNoYes153
PuppetYesYesYesYesYesYesYes154Yes
PyinfraYesYesYesPartial155
QuattorNoNoNoYesPartial156YesNoNo
RadmindYesYes157158159NoYesYesYesYesNo
RexYesYesYes160YesYes161No
RudderYesPartial162NoYesPartial163Partial164YesYes165
SmartFrogNo166No167YesYesYesYesYesNo168
SaltYesYesPartial169Yes170YesYes171YesPartial172
SpacewalkNo173NoNoYes174NoNo175NoNo
STAFYes176Yes177Yes178Yes179Yes180Yes181Yes182Yes183
SynctoolYesYesYesYesYesYesNoYes184
UyuniNoNoNoPartial185NoNoNoNo
AIX*BSDHP-UXLinuxOS XSolarisWindowsOthers

Short descriptions

Not all tools have the same goal and the same feature set. To help distinguish between all of these software packages, here is a short description of each one.

Ansible Combines multi-node deployment, ad-hoc task execution, and configuration management in one package. Manages nodes over SSH and requires python (2.6+ or 3.5+) to be installed on them.186 Modules work over JSON and standard output and can be written in any language. Uses YAML to express reusable descriptions of systems. Bcfg2 Software to manage the configuration of a large number of computers using a central configuration model and the client–server paradigm. The system enables reconciliation between clients' state and the central configuration specification. Detailed reports provide a way to identify unmanaged configuration on hosts. Generators enable code or template-based generation of configuration files from a central data repository. CFEngine Lightweight agent system. Manages configuration of a large number of computers using the client–server paradigm or stand-alone. Any client state which is different from the policy description is reverted to the desired state. Configuration state is specified via a declarative language.187 CFEngine's paradigm is convergent "computer immunology".188 cdist cdist is a zero dependency configuration management system: It requires only ssh on the target host, which is usually enabled on all Unix-like machines. Only the administration host needs to have Python 3.2 installed. Chef Chef is a configuration management tool written in Erlang,189 and uses a pure Ruby DSL for writing configuration "recipes". These recipes contain resources that should be put into the declared state. Chef can be used as a client–server tool, or used in "solo" mode.190 Consfigurator While Debian and derivatives are the best supported distributions, Consfigurator also work on other distributions and various unixes but they have less support for properties for configuring specific aspects of the system. Consfigurator can set properties to be applied in scheme. This requires Consfigurator to be installed on the target computer. A more restricted language is also available which works without needing Consfigurator to be installed on the target. Remote configuration is also supported: the of hosts can be defined with scheme code. Guix Guix integrates many things in the same tool (a distribution, package manager, configuration management tool, container environment, etc). To remotely manage systems, it needs the target machines to already run Guix191 or it can also alternatively deploy configurations inside Digital Ocean Droplet.192 The machines are configured with Scheme. ISconf Tool to execute commands and replicate files on all nodes. The nodes do not need to be up; the commands will be executed when they boot. The system has no central server so commands can be launched from any node and they will replicate to all nodes. Juju Juju concentrates on the notion of service, abstracting the notion of machine or server, and defines relations between those services that are automatically updated when two linked services observe a notable modification. Local Configuration system (LCFG) LCFG manages the configuration with a central description language in XML, specifying resources, aspects and profiles. Configuration is deployed using the client–server paradigm. Appropriate scripts on clients (called components) transcribe the resources into configuration files and restart services as needed. Open PC server integration (Opsi) Opsi is desktop management software for Windows clients based on Linux servers. It provides automatic software deployment (distribution), unattended installation of OS, patch management, hard- and software inventory, license management and software asset management, and administrative tasks for the configuration management.193 PIKT PIKT is foremost a monitoring system that also does configuration management. "PIKT consists of a sophisticated, feature-rich file preprocessor; an innovative scripting language with unique labor-saving features; a flexible, centrally directed process scheduler; a customizing file installer; a collection of powerful command-line extensions; and other useful tools." Puppet Puppet consists of a custom declarative language to describe system configuration, distributed using the client–server paradigm (using XML-RPC protocol in older versions, with a recent switch to REST), and a library to realize the configuration. The resource abstraction layer enables administrators to describe the configuration in high-level terms, such as users, services and packages. Puppet will then ensure the server's state matches the description. There was brief support in Puppet for using a pure Ruby DSL as an alternative configuration language starting at version 2.6.0. However this feature was deprecated beginning with version 3.1.194195196197 Pyinfra Pyinfra is an agentless server configuration management tool created in Python. Its execution speed is up to 10 times faster than Ansible.198 Pyinfra is also excellent for system integration, as it can control SSH connections, Docker, Terraform, Ansible, etc. using a mechanism called a connector. Pyinfra can be run ad hoc or through the API.199 Quattor The quattor information model is based on the distinction between the desired state and the actual state. The desired state is registered in a fabric-wide configuration database, using a specially designed configuration language called Pan for expressing and validating configurations, composed out of reusable hierarchical building blocks called templates. Configurations are propagated to and cached on the managed nodes. Radmind Radmind manages hosts configuration at the file system level. In a similar way to Tripwire (and other configuration management tools), it can detect external changes to managed configuration, and can optionally reverse the changes. Radmind does not have higher-level configuration element (services, packages) abstraction. A graphical interface is available (only) for OS X. Rex Rex is a remote execution system with integrated configuration management and software deployment capabilities. The admin provides configuration instructions via so-called Rexfiles. They are written in a small DSL but can also contain arbitrary Perl. It integrates well with an automated build system used in CI environments. Salt Salt started out as a tool for remote server management. As its usage has grown, it has gained a number of extended features, including a more comprehensive mechanism for host configuration. This is a relatively new feature facilitated through the Salt States component. With the traction that Salt has gotten in the last bit, the support for more features and platforms might continue to grow. SmartFrog Java-based tool to deploy and configure applications distributed across multiple machines. There is no central server; you can deploy a .SF configuration file to any node and have it distributed to peer nodes according to the distribution information contained inside the deployment descriptor itself. Spacewalk Spacewalk is an open source Linux and Solaris systems management service and is the upstream project for the source of Red Hat Network Satellite. Spacewalk works with RHEL, Fedora, and other RHEL derivative distributions like CentOS, Scientific Linux, etc. There are ongoing efforts on getting it packaged for inclusion in Fedora. Spacewalk provides systems inventory (hardware and software information, installation and updates of software, collection and distribution of custom software packages into manageable groups, provision systems, management and deployment of configuration files, system monitoring, virtual guest provisioning, starting/stopping/configuring virtual guests and delegating all of these actions to local or LDAP users and system entitlements). As of May 2020, Spacewalk is now EOL with users having moved to either Uyuni or Foreman/Katello. STAF The Software Testing Automation Framework (STAF) enables users to create cross-platform, distributed software test environments. STAF removes the tedium of building an automation infrastructure, thus enabling users to focus on building their automation service. The STAF framework provides the foundation upon which to build higher-level products, and provides a pluggable approach supported across a large variety of platforms and languages. Synctool Synctool aims to be easy to understand, learn and use. It is written in Python and makes use of SSH (passwordless, with host-based or key-based authentication) and rsync. No specific language is needed to configure Synctool. Synctool has dry run capabilities that enable surgical precision. Synctool depends on Python2 which is now EOL and there are no current plans to migrate it to Python3.

See also

Notes

References

  1. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  2. Secure Shell: Uses the Secure Shell protocol for encryption.

  3. Red Hat, Inc. "AWX Project FAQ - Ansible.com". ansible.com. http://www.ansible.com/products/awx-project/faq

  4. "Ansible community changelogs". docs.ansible.com. Red Hat, Inc. p. 1. Retrieved 2025-03-26. https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst#v2-18-4

  5. solj. "Bcfg2/LICENSE at master". GitHub. Retrieved 2014-02-10. https://github.com/Bcfg2/bcfg2/blob/master/LICENSE

  6. Certificate and Passwords: Uses SSL X.509 certificate and fingerprint for clients to authenticate server, and passwords for server to authenticate clients; clients should only share the same password if they are allowed access to each other's configuration data.

  7. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  8. Full support for non-modifying determination of node compliance, including nodes not previously modified by a Bcfg2 configuration pass.

  9. "Bcfg2 Web Reporting System — Bcfg2 1.3.6 documentation". http://docs.bcfg2.org/reports/dynamic.html#screenshots

  10. "Download – Bcfg2". bcfg2.org. Retrieved 2017-06-04. http://bcfg2.org/download/

  11. "Download – Bcfg2". bcfg2.org. Retrieved 2017-06-04. http://bcfg2.org/download/

  12. Secure Shell: Uses the Secure Shell protocol for encryption.

  13. Secure Shell: Uses the Secure Shell protocol for encryption.

  14. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  15. Secure Shell: Uses the Secure Shell protocol for encryption.

  16. "cdist 6.9.8 has been released". https://groups.google.com/g/cdist-configuration-management/c/38qJsamcXJ8

  17. Per request signed headers and pre-shared keys. /wiki/Pre-shared_key

  18. Payload encryption via SSL if HTTPS proxy is configured.

  19. Chef 10.14.0+ (called why-run mode)

  20. "[#CHEF-13] Add -noop support - Opscode Open Source Ticket Tracking". Tickets.opscode.com. Archived from the original on 2014-02-26. Retrieved 2014-02-10. https://web.archive.org/web/20140226055656/https://tickets.opscode.com/browse/CHEF-13

  21. "Chef Infra Client 18.1.0 Released! - Chef Release Announcements - Chef Questions". 5 January 2023. Retrieved 2023-01-26. https://discourse.chef.io/t/chef-infra-client-18-1-0-released/21738

  22. "Chef Infra Server 15.4.0 Released! - Chef Release Announcements - Chef Questions". 5 January 2023. Retrieved 2023-01-26. https://discourse.chef.io/t/chef-infra-server-15-4-0-released/21739

  23. "CFEngine Source Code". Northern.tech AS. 26 May 2020. https://github.com/cfengine/core

  24. "core/License at master · cfengine/core · GitHub". GitHub. 26 May 2020. https://github.com/cfengine/core/blob/master/LICENSE

  25. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  26. TLS: Uses TLS. "tls_min_version in common control". Northern.tech. Retrieved 2018-11-30. https://docs.cfengine.com/latest/reference-components.html#tls_min_version

  27. "--dry-run option for cf-agent". Northern.tech. Retrieved 2022-01-14. https://docs.cfengine.com/latest/reference-components-cf-agent.html

  28. "dryrun option in agent control". Northern.tech. Retrieved 2018-11-30. https://docs.cfengine.com/latest/reference-components-cf-agent.html#dryrun

  29. "--simulate option for cf-agent". Northern.tech. Retrieved 2022-01-14. https://docs.cfengine.com/latest/reference-components-cf-agent.html

  30. "Common promise attribute action_policy warn or nop". Northern.tech. Retrieved 2022-01-14. https://docs.cfengine.com/docs/latest/reference-promise-types.html#action_policy

  31. "CFEngine Enterprise Mission Portal". Northern.tech AS. https://cfengine.com/product/

  32. "CFEngine 3.26.0 released". Northern.tech AS. https://cfengine.com/blog/2025/cfengine-3-26-released-admin/

  33. "CFEngine 3.24.2 released". Northern.tech AS. https://cfengine.com/blog/2025/cfengine-3-21-7-and-3-24-2-released/

  34. "CFEngine 3.21.7 released". Northern.tech AS. https://cfengine.com/blog/2025/cfengine-3-21-7-and-3-24-2-released/

  35. https://spwhitton.name/tech/code/consfigurator/ https://spwhitton.name/tech/code/consfigurator/

  36. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  37. Secure Shell: Uses the Secure Shell protocol for encryption.

  38. https://github.com/spwhitton/consfigurator/tags https://github.com/spwhitton/consfigurator/tags

  39. https://guix.gnu.org/en/manual/en/guix.html#System-Configuration https://guix.gnu.org/en/manual/en/guix.html#System-Configuration

  40. https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-deploy https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-deploy

  41. https://git.savannah.gnu.org/cgit/guix.git/tree/gnu.scm?h=v1.4.0#n8 https://git.savannah.gnu.org/cgit/guix.git/tree/gnu.scm?h=v1.4.0#n8

  42. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  43. Secure Shell: Uses the Secure Shell protocol for encryption.

  44. It requires the guix daemon on the target Guix system.

  45. "/trunk/LICENSE - ISconf". Trac.t7a.org. 1989-04-01. Archived from the original on 2013-04-15. Retrieved 2014-02-10. https://archive.today/20130415235717/http://trac.t7a.org/isconf/browser/trunk/LICENSE

  46. HMAC: Uses HMAC signatures on all network traffic. /wiki/HMAC

  47. Improved security which would include an encrypted, mutually authenticated, peer-to-peer message bus is tracked here "#39 (Implement TCP mesh) - ISconf - Trac". Archived from the original on 2012-07-16. Retrieved 2007-04-17. https://archive.today/20120716131832/http://trac.t7a.org/isconf/ticket/39

  48. "Juju Source Code". github.com. 2015-06-19. Retrieved 2015-06-21. https://github.com/juju/juju

  49. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  50. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  51. "Juju Gui". jujucharms.com. 2015-06-15. Archived from the original on 2015-06-21. Retrieved 2015-06-21. https://web.archive.org/web/20150621233749/https://demo.jujucharms.com/trusty/juju-gui/

  52. "timeline: pyjuju". Launchpad.net. Retrieved 2014-02-10. https://launchpad.net/juju/+series

  53. "GitHub". github.com. Retrieved 2024-11-26. https://github.com/juju/juju/releases

  54. LCFG does not provide its own transport mechanism; it relies on an external program, most often Apache. Using Apache it should be possible to do mutual authentication in several ways; however the documentation at The Complete Guide to LCFG, Section 9.4: Authorization and Security, shows access control based on IP address ranges, implying that the client does not authenticate itself to the server via an SSL certificate; it also does not mention if the LCFG client checks the validity of the server's SSL certificate (such as via a per-site fingerprint distributed with the client, or a chain of trust to an accredited CA). It mentions that there can be a per-client password in the profile, but also states that "The contents of the LCFG profile should be considered public". http://www.lcfg.org/doc/guide.pdf

  55. LCFG supports encrypted communications channels (SSL via Apache); however the documentation at The Complete Guide to LCFG, Section 9.4: Authorization and Security, states that "The contents of the LCFG profile should be considered public". http://www.lcfg.org/doc/guide.pdf

  56. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  57. Secure Shell: Uses the Secure Shell protocol for encryption.

  58. "NOC". nocproject.org. https://kb.nocproject.org/display/SITE/NOC

  59. Server authenticates to client, but client does not authenticate to server. See OCS Inventory NG Installation and Administration guide, page 114. http://prdownloads.sourceforge.net/ocsinventory/OCS_Inventory_NG-Installation_and_Administration_Guide_1.9_EN.pdf.zip?download

  60. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  61. "2.1.2 stable published". OCS Inventory NG. Retrieved 2014-12-16. http://www.ocsinventory-ng.org/en/home/news/ocs-inventory-ng-2.1.2-stable-publised.html

  62. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  63. Robert Osterlund (2014-01-04). "PIKT Licensing". Pikt.org. Retrieved 2014-02-10. http://pikt.org/pikt/licensing.html

  64. PIKT uses shared secret keys for mutual authentication. "As an option, you can use secret key authentication to prove the master's identity to the slave. [...] If one managed to crack any system in the PIKT domain, one would have access to all common secrets. To solve this problem, you may use per-slave uid, gid, and private_key settings." - from Security Considerations. http://pikt.org/pikt/ref/ref.6.security_considerations.html

  65. "For file installs, file fetches (to diff against the central configuration), and command executions, you can optionally encrypt all such data traffic between master and slave." - from Security Considerations. http://pikt.org/pikt/ref/ref.6.security_considerations.html

  66. "Index of /pikt/dist". Pikt.org. Retrieved 2014-02-10. http://pikt.org/pikt/dist/?C=M;O=A

  67. "Evolving Puppet for the Next 10 Years". Luke Kanies. 2014-09-23. Retrieved 2017-05-26. https://puppet.com/blog/evolving-puppet-for-next-10-years

  68. Certificates: Uses SSL X.509 Certificates for mutual authentication. Can use any SSL Certificate Authority to manage the Public Key Infrastructure.

  69. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  70. Using the --noop option

  71. "puppet agent Man Page — Documentation — Puppet Labs". Docs.puppetlabs.com. Archived from the original on 2013-07-07. Retrieved 2014-02-10. https://web.archive.org/web/20130707135331/http://docs.puppetlabs.com/man/agent.html

  72. "Puppet Management GUI Comparison". olindata.com. Archived from the original on 2015-01-17. Retrieved 2015-01-12. https://web.archive.org/web/20150117063953/http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison

  73. "Index of /puppet". Puppetlabs.com. Retrieved 2014-02-10. http://puppetlabs.com/downloads/puppet/?C=M;O=A

  74. "Puppet release notes". Retrieved 2024-05-06. https://puppet.com/docs/puppet/latest/release_notes_puppet.html

  75. "Puppet Server: Release Notes". Retrieved 2024-05-06. https://puppet.com/docs/puppetserver/latest/release_notes.html

  76. "pyinfra v0.1". GitHub. Retrieved 2025-02-23. https://github.com/pyinfra-dev/pyinfra/releases/tag/v0.1

  77. "Pyinfra v3.2". GitHub. Retrieved 2025-02-23. https://github.com/pyinfra-dev/pyinfra/releases/tag/v3.2

  78. "EU DataGrid Software License (EUDatagrid) | Open Source Initiative". Opensource.org. 1999-02-22. Retrieved 2014-02-10. http://www.opensource.org/licenses/eudatagrid.php

  79. "DataGrid Software License (do not change the page URL)". Eu-datagrid.web.cern.ch. 2004-05-26. Retrieved 2014-02-10. http://eu-datagrid.web.cern.ch/eu-datagrid/license.html

  80. "Client to server authentication and vice versa: on one hand, this allows to enforce access policies to sensitive data according to the client "name", on the other hand, clients are guaranteed to talk to the original server." - from Quattor Installation and User Guide: Version 1.1.x Archived 2013-04-06 at the Wayback Machine, page 70 http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms

  81. "[...] secure information transfer, since data are encrypted: this prevents eavesdroppers from obtaining information in transit over the network." - from Quattor Installation and User Guide: Version 1.1.x Archived 2013-04-06 at the Wayback Machine, page 70 http://isscvs.cern.ch:8180/cgi-bin/cvsweb.cgi/%7Echeckout%7E/elfms/quattor/documentation/installation-guide/pdf/quattor-install-guide_1_1.pdf?rev=HEAD&content-type=application/pdf&cvsroot=elfms

  82. "ncm-ncd — Quattor". quattor-documentation.readthedocs.io. Retrieved 2025-02-25. https://quattor-documentation.readthedocs.io/latest/ncm-ncd/ncm-ncd.html#other-options

  83. "Index of /quattorsw/software/quattor/release". Quattorsw.web.cern.ch. Archived from the original on 2014-03-18. Retrieved 2014-02-10. https://web.archive.org/web/20140318090836/http://quattorsw.web.cern.ch/quattorsw/software/quattor/release/

  84. "Quattor 24.10.0 released". quattor.org. https://www.quattor.org/news/2024/11/22/announcing-quattor-24.10.0.html

  85. "Research Systems Unix Group: beepage". Rsug.itd.umich.edu. Archived from the original on 2015-02-10. Retrieved 2014-02-10. https://web.archive.org/web/20150210155103/http://rsug.itd.umich.edu/software/copyright.html

  86. "SSL certificates can also be used to authenticate both the Radmind server and the managed clients, regardless of DNS or IP-address variation." - from Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html

  87. "For network security, Radmind supports SSL-encrypted links. This allows nodes on insecure networks to be updated securely." - from Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management http://www.usenix.org/events/lisa03/tech/full_papers/craig/craig_html/index.html

  88. "Radmind - Browse /radmind/radmind-0-6-0 at". Sourceforge.net. 2006-02-10. Retrieved 2014-02-10. http://sourceforge.net/project/showfiles.php?group_id=141444&package_id=155276&release_id=392624

  89. fitterhappier. "Radmind". sourceforge.net. http://sourceforge.net/project/showfiles.php?group_id=141444

  90. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  91. Secure Shell: Uses the Secure Shell protocol for encryption.

  92. "Release 0.9.0 · krimdomu/Rex · GitHub". GitHub. https://github.com/krimdomu/Rex/releases/tag/0.9.0

  93. "Rex/ChangeLog at master · RexOps/Rex · GitHub". GitHub. https://github.com/RexOps/Rex/blob/master/ChangeLog

  94. "Rudder FAQ". rudder.io. https://faq.rudder.io/knowledge-bases/2/articles/6-what-licences-apply-to-rudder

  95. Key pair: uses public/private key pairs and key fingerprints for mutual authentication, like SSH.

  96. SSL: Uses the Secure Sockets Layer, Transport Layer Security (TLS) for encryption.

  97. Using the Audit mode.

  98. "Policy Mode (Audit/Enforce) - Rudder 4.0 - User Manual". rudder-project.org. Retrieved 2017-01-17. https://www.rudder-project.org/doc-4.0/_policy_mode_audit_enforce.html

  99. "Change logs for Rudder 7.3 :: Rudder Documentation". rudder.io. https://docs.rudder.io/changelogs/7.3/main.html

  100. "SmartFrog / SVN / Commit [r8898]". Sourceforge. 2017-05-16. https://sourceforge.net/p/smartfrog/svn/8898/

  101. See Using the new SmartFrog Security http://www.hpl.hp.com/research/smartfrog/papers/sfSecurityTutorial.pdf

  102. See Using the new SmartFrog Security http://www.hpl.hp.com/research/smartfrog/papers/sfSecurityTutorial.pdf

  103. "SmartFrog - Browse /development/smartfrog-3.18.016 at SourceForge.net". Retrieved 2022-04-27. https://sourceforge.net/projects/smartfrog/files/development/smartfrog-3.18.016/

  104. Salt is an open source tool to manage your infrastructure. Easy enough to get running in minutes and fast enough to manage tens of thousands of servers http://saltstack.org/

  105. "Installation". saltstack.com. http://docs.saltstack.com/en/latest/topics/installation/index.html#dependencies

  106. "SaltStack community". SaltStack. http://saltstack.org/topics/index.html#open

  107. "SaltStack community". SaltStack. http://saltstack.org/topics/index.html#building-on-proven-technology

  108. "SaltStack community". SaltStack. http://saltstack.org/topics/index.html#building-on-proven-technology

  109. "Salt SSH". saltstack.com. http://docs.saltstack.com/en/latest/topics/ssh/

  110. "SaltStack Enterprise". SaltStack. http://www.saltstack.com/enterprise/

  111. "erwindon/SaltGU". GitHub. 20 May 2021. https://github.com/erwindon/SaltGUI

  112. "vRealize Automation SaltStack Config". vmware.com. https://www.vmware.com/products/vrealize-automation/saltstack-config.html

  113. "SaltStack community". SaltStack. http://saltstack.org/topics/releases/0.6.0/

  114. "Salt Releases". saltstack.com. https://github.com/saltstack/salt/releases

  115. "SpacewalkFaq – spacewalk". fedorahosted.org. https://fedorahosted.org/spacewalk/wiki/SpacewalkFaq#HowlonghasSpacewalkbeenaround

  116. "spacewalkproject/spacewalk". GitHub. Retrieved 2018-10-18. https://github.com/spacewalkproject/spacewalk/wiki

  117. "Software Testing Automation Framework (STAF)". sourceforge.net. http://staf.sourceforge.net/license.php

  118. Network Trust: Trusts the network, like rsh.

  119. User-only Auth: User authenticates to server via password, but uses Network Trust to authenticate user to server, like telnet.

  120. There is a feature request for a Secure TCP/IP Connection Provider, and one of the developers stated on 2007-04-05 that "You will need to download the source code for OpenSSL and point the build files at it. Other than that, it should just work.", so it looks like there may be working encryption if you build from scratch instead of using the prebuilt binaries. It is unclear what if any authentication building against OpenSSL would give STAF. http://sourceforge.net/tracker/index.php?func=detail&aid=940264&group_id=33142&atid=407384

  121. "Software Testing Automation Framework (STAF)". sourceforge.net. http://staf.sourceforge.net/history.php

  122. "Software Testing Automation Framework (STAF)". sourceforge.net. http://staf.sourceforge.net/

  123. Synctool aims to be easy to understand and use. It is built in Python and uses SSH and Rsync. http://www.heiho.net/synctool/

  124. "synctool documentation". heiho.net. http://www.heiho.net/synctool/doc/chapter2.html

  125. "synctool/LICENSE at master · walterdejong/synctool · GitHub". GitHub. https://github.com/walterdejong/synctool/blob/master/LICENSE

  126. Secure Shell: Uses the Secure Shell protocol for authentication.

  127. Secure Shell: Uses the Secure Shell protocol for encryption.

  128. Synctool performs a dry-run by default, and only modifies things when invoked with '--fix'.

  129. "synctool documentation". walterdejong.github.io. https://walterdejong.github.io/synctool/doc/chapter1.html

  130. "synctool documentation". heiho.net. http://www.heiho.net/synctool/doc/chapter1.html

  131. "Synctool releases". GitHub. https://github.com/walterdejong/synctool/releases

  132. "Uyuni: Forking Spacewalk with Salt and Containers". 26 May 2018. https://news.opensuse.org/2018/05/26/uyuni-forking-spacewalk-with-salt-and-containers/

  133. ""Uyuni 2024.01 is released"". Uyuni. Retrieved 2024-02-01. https://lists.opensuse.org/archives/list/[email protected]/thread/QJBVKBUS25XJHEUAFHXGYDYT44QCZ334/

  134. yes for managed machine; no for managing machine

  135. Installation: Control Machine Requirements, retrieved May 12, 2015 Can manage any machine with Python 2.4 or later and sshd. Control machine can be any non-Windows machine with Python 2.6 or 2.7 installed. This includes Red Hat, Debian, CentOS, OS X, any of the BSDs, and so on. http://docs.ansible.com/intro_installation.html#control-machine-requirements

  136. Encap, RPM, and POSIX file support only.

  137. FreeBSD.

  138. Debian, Ubuntu; Gentoo; RPM-based distributions (CentOS, Mandrake, Red Hat, RHEL, SLES, SuSE)

  139. POSIX File, Launchd, and MacPorts Support only. /wiki/Launchd

  140. FreeBSD.

  141. Unix.

  142. Opscode and IBM Join Forces to Bring Open Source Cloud Automation to the Enterprise, 2013-04-25 http://www.opscode.com/blog/2013/04/25/opscode-and-ibm-join-forces-to-bring-open-source-cloud-automation-to-the-enterprise/

  143. Install the chef-client on Microsoft Windows, retrieved 2017-03-15 https://docs.chef.io/windows.html#install-the-chef-client-on-windows

  144. https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability

  145. https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability

  146. https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability https://spwhitton.name/doc/consfigurator/introduction.html#portability-and-stability

  147. "Only support Guix system."

  148. "It also works on Guix system with HURD."

  149. Windows workloads using juju, retrieved November 25, 2015 https://jujucharms.com/docs/1.25/about-juju#what-about-windows-or-other-linux-operating-systems?

  150. "Recent versions run on Fedora Core (3, 5, 6). Various people have ported some of the LCFG core to other Linux distributions, such as Debian, but these ports have not been incorporated"

  151. "There has been an experimental port to OS X, which does work and includes some Mac-specific components. However, this is not production quality and the lack of uniform packaging system under OS X means that automatic management of installed software is likely to be difficult."

  152. "LCFG core has been ported back to Solaris and we are using this in production, although the software has not been packaged for distribution, and is not so well supported"

  153. Digital Unix; IRIX

  154. Puppet on Windows: top questions for 2019, retrieved 2019-01-15 https://puppet.com/blog/puppet-windows-top-questions-2019/

  155. Pyinfra WinRM connector, retrieved 2025-02-23 https://github.com/pyinfra-dev/pyinfra-windows

  156. "quattor". sourceforge.net. http://sourceforge.net/p/quattor/mac-quattor/

  157. FreeBSD.

  158. NetBSD.

  159. OpenBSD.

  160. "Rex installation instructions". Retrieved 2014-07-19. http://www.rexify.org/get

  161. "Rex installation instructions". Retrieved 2014-07-19. http://www.rexify.org/get

  162. Multiple users have successfully built and run the agent on FreeBSD, but no official package is available currently.

  163. Multiple users have successfully built and run the agent on FreeBSD, but no official package is available currently.

  164. "rudder-packages/rudder-agent/other at master · cfengineers-net/rudder-packages · GitHub". GitHub. https://github.com/cfengineers-net/rudder-packages/tree/master/rudder-agent/other

  165. Android.

  166. Written in Java, so should in theory work on this platform if there is the appropriate JVM version available for it; however it has not been tested on the platform, which should be considered unsupported.

  167. Written in Java, so should in theory work on this platform if there is the appropriate JVM version available for it; however it has not been tested on the platform, which should be considered unsupported.

  168. Written in Java, so should in theory work on this platform if there is the appropriate JVM version available for it; however it has not been tested on the platform, which should be considered unsupported.

  169. Will run anywhere Python runs, but handlers for different platforms are untested.

  170. "SaltStack community". SaltStack. http://saltstack.org/topics/tutorial.html#installing-salt

  171. Salt was added to the OpenCSW package repository in September of 2012 in version 0.10.2 of Salt http://docs.saltstack.org/en/latest/topics/installation/solaris.html

  172. Will run anywhere Python runs, but handlers for different platforms are untested.

  173. "BrainBox – spacewalk". fedorahosted.org. https://fedorahosted.org/spacewalk/wiki/BrainBox

  174. "spacewalk". fedorahosted.org. https://fedorahosted.org/spacewalk/wiki/WikiStart#Introduction

  175. "ManagingSolarisSystems – spacewalk". fedorahosted.org. https://fedorahosted.org/spacewalk/wiki/ManagingSolarisSystems

  176. 4.3.3+ (Power 32); 5.1+ (Power 32/64)

  177. FreeBSD 4.10 (x86-32); FreeBSD 6.1+ (x86-32)

  178. 11.00+ (PA-RISC 32, IA-64)

  179. (x86-32, x86-64, IA-64, PPC 64, zSeries 32/64)

  180. [1]10.2+ (?) http://sourceforge.net/tracker/index.php?func=detail&aid=1458480&group_id=33142&atid=407383

  181. 2.6+ (Sparc 32); 10+ (x86-32, x86-64)

  182. 95, 98, Me, NT4, 2000, XP, 2003, Vista (x86-32), 7 (x86-32), 7 (x86-64); 2003, Vista (x86-64); 2004 (IA-64)

  183. OS/400 5.2+ (iSeries 32); z/OS Unix 1.4+

  184. Synctool runs on any platform that supports SSH, rsync and Python.

  185. SuSE"

  186. "Installation — Ansible Documentation". 2018-01-29. https://docs.ansible.com/ansible/latest/intro_installation.html#control-machine-requirements

  187. "CFEngine vs Puppet: Detailed Comparison | UpGuard". https://www.upguard.com/blog/puppet-cfengine

  188. Burgess, Mark (December 1998). Computer Immunology (PDF). Systems Administration Conference. Boston, Massachusetts. https://www.usenix.org/legacy/event/lisa98/full_papers/burgess/burgess.pdf

  189. "Chef Github repository". GitHub. 21 May 2021. https://github.com/chef/chef-server

  190. Alan Sharp-Paul. "Puppet vs. Chef - The Battle Wages On". upguard.com. https://www.upguard.com/articles/puppet-vs.-chef-revisited

  191. https://guix.gnu.org/en/manual/en/guix.html#index-machine_002dssh_002dconfiguration https://guix.gnu.org/en/manual/en/guix.html#index-machine_002dssh_002dconfiguration

  192. https://guix.gnu.org/en/manual/en/guix.html#index-digital_002docean_002dconfiguration https://guix.gnu.org/en/manual/en/guix.html#index-digital_002docean_002dconfiguration

  193. "opsi features". Archived from the original on 2009-01-30. Retrieved 2009-02-22. https://web.archive.org/web/20090130033052/http://www.opsi.org/features/

  194. "CFEngine vs Puppet: Detailed Comparison | UpGuard". https://www.upguard.com/blog/puppet-cfengine

  195. Alan Sharp-Paul. "Puppet vs. Chef - The Battle Wages On". upguard.com. https://www.upguard.com/articles/puppet-vs.-chef-revisited

  196. "Puppet & Ruby DSL - Puppet Labs". Puppet Labs. https://puppetlabs.com/blog/ruby-dsl/

  197. "Puppet 3.0 — 3.4 Release Notes". puppetlabs.com. Archived from the original on 2013-05-13. Retrieved 2013-05-23. https://web.archive.org/web/20130513170449/http://docs.puppetlabs.com/puppet/3/reference/whats_new.html#ruby-dsl-is-deprecated

  198. "Performance". Retrieved 2025-02-23. https://docs.pyinfra.com/en/3.x/performance.html#performance

  199. "Pyinfra". Retrieved 2025-02-23. https://pyinfra.com/