Installing the right software, applying the correct settings, managing users, and keeping everything up to date across tens or hundreds of servers is a complex and error-prone task when done manually.
Configuration management is the practice of automating and standardizing how systems are configured, maintained, and kept in their desired state over time.
It is a foundational DevOps practice that sits directly between infrastructure provisioning and application deployment. And without it, even well-provisioned infrastructure quickly becomes inconsistent, unreliable, and difficult to manage.
What is Configuration Management?
Configuration management is the practice of defining the desired state of a system in code and using automated tools to apply and maintain that state consistently across all target machines, whether there are two servers or two thousand.
The "configuration" being managed includes everything that defines how a system behaves:
1. Installed software packages and their versions.
2. System and application configuration files.
3. User accounts and permissions.
4. Running services and their startup behavior.
5. Environment variables and system settings.
6. Security policies and firewall rules.
Rather than configuring each server manually, which is slow and inconsistent — configuration management tools read a defined specification and automatically apply it to every target system.
The Problem Configuration Management Solves
In small environments, manually configuring servers is manageable. As environments grow, the following problems emerge quickly:
1. Inconsistency: Servers configured at different times by different people inevitably differ in subtle ways, causing unpredictable behavior.
2. Configuration drift: Systems change over time due to manual updates, patches, or ad-hoc fixes, diverging from their intended state.
3. No audit trail: Manual changes leave no record of what was changed, by whom, and why.
4. Slow provisioning: Setting up a new server manually takes significant time and effort.
5. Difficult recovery: Rebuilding a failed server from memory or incomplete documentation is stressful and error-prone.
Configuration management eliminates these problems by making system configuration automated, version-controlled, repeatable, and auditable.
Core Concepts of Configuration Management
1. Desired State
Configuration management tools work on the principle of desired state — you define what a system should look like, and the tool ensures it always matches that definition. If something changes unexpectedly, the tool detects and corrects it.
2. Idempotency
A configuration management operation is idempotent — running it once or ten times produces exactly the same result. If the desired state is already in place, the tool makes no changes. This makes it safe to apply configurations repeatedly without risk of side effects.
3. Code-Based Configuration
System configurations are written as code — in YAML, JSON, or a domain-specific language — stored in version control, and managed with the same discipline as application code. This makes configurations reviewable, testable, and auditable.
4. Push vs. Pull Model
Configuration management tools operate in one of two modes:
The push model is simpler to set up and does not require agents on managed nodes. The pull model is better suited for large, always-on environments where continuous compliance enforcement is needed.
Configuration Management vs. Infrastructure as Code
Configuration management and Infrastructure as Code are complementary but distinct practices. A clear understanding of where one ends and the other begins helps teams use both effectively.
In practice, the two work together, Terraform provisions a virtual machine, and Ansible then configures it with the correct software and settings.
Key Benefits of Configuration Management
1. Consistency: Every server is configured identically, eliminating environment-specific bugs.
2. Speed: New servers are configured automatically in minutes rather than manually in hours.
3. Repeatability: Any server can be rebuilt from code reliably at any time.
4. Drift prevention: Continuous enforcement keeps systems in their defined state.
5. Auditability: Every configuration change is tracked in version control with a clear history.
6. Scalability: The same configuration applies to two servers or two thousand without additional effort.
Popular Configuration Management Tools
1. Ansible
Ansible is the most widely adopted configuration management tool in modern DevOps environments. It is agentless, requiring no software installed on managed nodes, and uses simple YAML files called playbooks to define configurations.
It communicates with target systems over SSH, making it easy to adopt without significant infrastructure changes. Ansible will be covered in detail in the next section.
2. Puppet
Puppet uses a pull-based model where an agent installed on each managed node periodically checks in with a central Puppet server and applies the latest configuration.
It uses its own declarative language and is well-suited for large enterprises requiring continuous compliance enforcement.
3. Chef
Chef uses a pull-based model similar to Puppet, with configurations written in Ruby-based recipes and cookbooks. It offers significant flexibility but has a steeper learning curve than Ansible.
4. SaltStack
SaltStack supports both push and pull models and is known for its high speed and scalability. It is particularly well-suited for environments requiring fast, real-time configuration changes across large fleets of servers.
Configuration Management in the DevOps Workflow
Configuration management sits at a critical junction in the DevOps workflow, between infrastructure provisioning and application deployment. A typical flow looks like this:
1. Terraform provisions the required servers and cloud infrastructure.
2. Ansible (or another configuration management tool) connects to the new servers and applies the defined configuration — installing software, setting up users, configuring services.
3. The application is deployed onto the correctly configured servers.
4. Configuration management tools continue to enforce the desired state over time, detecting and correcting any drift.
Configuration management also integrates directly into CI/CD pipelines, when infrastructure changes are merged, the pipeline automatically applies updated configurations to all affected systems, ensuring that changes to system configuration follow the same controlled, reviewed, and automated process as any other code change.
