Ask Your Question

What performance to expect?

asked 2015-10-21 03:57:07 -0600

Christian gravatar image

Hello ,

I'm currently having a look at different system mangagement tools and wanted to get a first Impression on their performance. Therefore I tried to implement a simple compliance check which controls whether all files in /usr/lib and /usr/lib64 are not writable by group and world. To keep things simple I ran the puppet master and the puppet agent on the same machine. I know that this is not the way to set things up in real life, but anyway I was rather surprised to see that this check took about 70 seconds with Puppet while CFEngine (agent checked the rule directly - no policy server interaction) did the same in 3,5 seconds. So my question is whether this is a difference you would expect or did I setup puppet extremely disadvantageous? My puppet module looks like this:

class compliance {

    file { '/usr/lib':
    mode    => 'go-w',
    recurse => true,
    selinux_ignore_defaults => true,

    file { '/usr/lib64':
    mode    => 'go-w',
    recurse => true,
    selinux_ignore_defaults => true,

To run that check I started ' puppet agent --noop -t'.

Actually I know that puppet is different in many aspects and probably has many advantages like your active community and the broad support from many IT vendors. Nevertheless such a difference in resource consumption might be an issue for me. So I just wanted to make sure my testing was at least more or less fair.



edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-10-21 06:52:13 -0600

wow - big difference. puppet apply of a single module on my oldish (16Gb, 3.2Ghz dual core CPU, 1tb hd) - yakes around 2-3 secs

however I tested your module and it took me slightly longer - 64s

on looking closer though in /usr/lib I have over 27000 files - to check each one of these a minute seems reasonable - so i think your puppet figures are correct.

I suspect the cfengine script is either doing nothing or caching some previous result - if not its impressive as even doing a find and then check perms and then chmod takes me 50 secs!!

edit flag offensive delete link more


Thanks for your answer! cfengine doesn't seem to be caching because it immediately found a change I applied to one file's permissions. 'find' and 'chmod -R' are both fast for me (maybe filesystem cache effects) whereas Puppet is repeatedly slow.

Christian gravatar imageChristian ( 2015-10-21 07:38:33 -0600 )edit

I think that basically cfengine for this test is just faster - I've repeated test at home, and whilst not liking the cfengine install/way of doing things I did find similar results to yours. also had a look at which seems to confirm things.

sahumphries gravatar imagesahumphries ( 2015-10-22 05:00:28 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-10-21 03:57:07 -0600

Seen: 52 times

Last updated: Oct 21 '15