Puppet, Chef, CFEngine

10 reasons to Choose Puppet over Chef: http://bitfieldconsulting.com/puppet-vs-chef
Sean OMeara (OpsCode) Comparing CFEngine/Puppet/Chef:

• http://blog.afistfulofservers.net/post/2011/12/30/cfengine-puppet-and-chef-part-1/ 
• http://blog.afistfulofservers.net/post/2011/12/30/cfengine-puppet-and-chef-part-2/ 
• http://blog.afistfulofservers.net/post/2011/12/30/cfengine-puppet-and-chef-part-3/ 

When and Where Ordering Matters: http://cfengine.com/markburgess/blog_order.html
http://hackerne.ws/item?id=3090800
http://devopsanywhere.blogspot.com.au/2011/10/puppet-vs-chef-fight.html

Infrastructure

• stuff” that is configured across machines to enable an application or service:
• operating system baselines, 
• kernel settings, 
• disk mounts, 
• OS user accounts, 
• directories, 
• symlinks, 
• software installations, 
• configuration files, 
• running processes, etc
• Services running in an Infrastructure need to communicate with each other, and do so via networks. This means that Infrastructure has a topology - yet another thing to manage. 
• Automated services need maintenance.   Once turned on, it takes input, does something useful, then leaves logs and other data in it’s wake 
• Arrangement of software installation, configuration, and the running state of a process. 
• Maintenance is performed in a control loop, where an agent comes around at regular intervals inspecting it’s parts and fixing anything that’s broken.
• Automated Configuration Management - hosting policy. 
• The agents that build and maintain systems pull down blueprints and set to work building our automatons. 
• Systems configure themselves by downloading policy from the server.

Puppet

• convergence based configuration management tools inspired by CFEngine 
• stand alone discovery agents (facter) 
• Puppet clients connect to the Puppet server where configuration is determined based on a certificate CN 
• Statements in Puppet are convergent operators, in that they are declarative (and therefore idempotent), and convergent in that they check a resource’s state before taking any action. 
• A catalog of serialized configuration data is shipped back to the client for execution.
• This catalog is computed based on the contents of the manifests stored on the server, as well as a collection of facts collected from the clients. 
• Puppet facts, like CFEngine hard classes, are discoverable things about a node such as OS version, hostname, kernel version, network information, etc 
• Non-optimally ordered execution will usually work itself out after repeated Puppet runs
• Resources make up the basic atoms of a system, and the precise configuration of each must be defined. 
• If a resource is defined twice in a manifest with conflicting states, Puppet refuses to run. 
• Ordering can be specified though require statements that set up relations between resources. These are used to build a directed graph, which Puppet sorts topologicallyand uses to determine the final ordering. If a resource in a chain fails for some reason, dependent resources down the graph will be skipped 
• Fact, Resource, Manifest (.pp)

Chef

• Adam Jacob
• convergence based configuration management tools inspired by CFEngine 
• stand alone discovery agents (ohai)
• RESTful APIs 
• has a lot more in common with CFEngine  than Puppet does
• copies policy from the server and evaluates it on the edges 
• recipe is a collection of convergent resource statements (like CFEngine's prommise bundle)
• Chef run list - CFEngine bundlesequence
• makes it easy to reason about what’s going on when writing infrastructure as code 
• Imperative programming (ruby) and declarative interface
• Configurable immunity, convergent operators
• Imperative ordering of declarative statements give the best of both worlds
• Convergence in systems automation speak means "bringing the system closer to correct with each action you take" 
• Server, Client, Node, Ohai, Cookbooks, Libraries, Recipe, Attribute, Resource, Provider, Platform , Notification Handlers, Exception Handlers, run list

CFEngine

• Mark Burgess
• Configurable immunity
• proved that it is NOT necessary to erase, or baseline a system and reconstruct it using a unique set of commands 
• The `clever' aspect of CFEngine is to find an approximation to determinism within a framework of incomplete certainty 
• policy is copied and evaluated on the edges 
• based on promise theory 
• Promises provide a declarative interface to resources under management, which has the remarkably handy attribute of being idempotent 
• "Promises can be constant, but the recipe of actions, procedures and responses needed to realize a promise might change from moment to moment, if the environment changes."
• Convergent maintenance refers to the continuous repair of a system towards a desired state 
• Convergence in a larger system of promises can take multiple runs if things are processed in a non-optimal order  
• configuration file (.cf), BundleSequence, inputs, promise bundle,