While Terraform is one of the most popular tools for “Infrastructure-as-code”, the fact is it is not the only one in the race. There are various other tools available in the market and figuring out which one to choose surely gives us a headache.
In this blog post, we have covered why you should choose Terraform over other IaC tools such as Chef, Puppet, Ansible and CloudFormation.
Let’s understand various aspects on the basis of which we can differentiate these tools and decide which one best suits your requirements.
- Configuration Management vs Provisioning
- Mutable vs Immutable Infrastructure
- Procedural vs Declarative
- Master vs Masterless
- Agent vs Agentless
- Large Community vs Small Community
Choosing A Right IaC Tool?
There are a lot of IaC (Infrastructure as Code) tools available in the market and we will be discussing a few of them in this blog post like Terraform, Chef, Puppet, Ansible and CloudFormation and will try to resolve the dilemma of which one to pick for the automation of your cloud resources.
Terraform is an open-source, cloud-agnostic provisioning tool that supported immutable infrastructure, a declarative language, a masterless and agentless architecture, and had a large community and a mature codebase.
Configuration Management vs Provisioning
Chef, Puppet, and Ansible are all configuration management tools, designed to install and manage software on existing servers whereas CloudFormation and Terraform are provisioning tools designed to provision the servers themselves (and the rest of the infrastructure, like load balancers, databases, networking configuration, etc), leaving the job of configuring those servers to other tools.
That said, most of the time a good alternative is to use a configuration management and provisioning tool together. For example, using Terraform to provision your servers while running Chef to configure them.
Mutable vs Immutable Infrastructure
Configuration management tools such as Chef, Puppet, and Ansible typically creates a mutable infrastructure. For example, using Chef to install a new version of a software, it’ll run the software update on the existing servers and the changes will happen in-place.
While in Terraform, every “change” is the deployment of a new server. Immutable components are recreated and replaced instead of updating in-place the existing components. Here, the servers are never modified after they’re deployed.
An immutable infrastructure provides more consistency and reliability in your infrastructure and a simpler, more predictable deployment process. It mitigates or entirely prevents issues that are common in mutable infrastructures such as configuration drift.
Procedural vs Declarative
Chef and Ansible are based on a procedural or imperative style where you write code that specifies a complete step-by-step process on how to achieve the desired end state. Terraform, CloudFormation, and Puppet all are based on a more declarative style where you only specify the desired end state, and the IaC tool itself is responsible for figuring out how to achieve that state.
Benefits of the declarative approach of Terraform:
- Code always represents the latest state of your infrastructure
- It explains the currently deployed resources and how they’re configured
- No need to worry about history or timing.
- It is easy to create reusable code.
Master vs Masterless
Chef and Puppet require a master server for storing the state of your infrastructure and distributing updates. Every time you need to install an update, a client is used to issue commands to the master server and then the master server pushes the updates out to all other servers. The master server acts as a centralized place to manage the infrastructure.
However, A master server comes with some drawbacks:
- Extra infrastructure: A master server requires to deploy an extra server or even a cluster of extra servers (for high availability and scalability).
- Maintenance: You have to maintain, upgrade, back up, monitor, and scale the master server(s).
- Security: Security is a challenge with the master server communicating to all other servers.
Ansible, CloudFormation, and Terraform are all masterless by default. Although some of them may rely on a master server, but it’s already part of the infrastructure you’re using and not an extra piece you have to manage.
Agent vs Agentless
Chef and Puppet require you to install agent software (e.g., Chef Client, Puppet Agent) on each server you want to configure. The agent typically runs in the background on each server and is responsible for installing the latest updates.
This approach has a few drawbacks:
- Bootstrapping: How to provision and install the agent software on the server in the first place.
- Maintenance: Keep the agent software in sync with the master server and updated.
- Security: The agent has to be authenticated to the Master server leading to the increased surface area to attackers.
Ansible, CloudFormation, and Terraform do not require you to install any extra agents. As in Terraform, you just issue commands and the cloud provider’s agents execute them for you on all of your servers. With Ansible, your servers need to run the SSH Daemon, which is common to run on most servers anyway.
Large Community vs Small Community
The community plays an important role while selecting a technology since the community determines how many people contribute to the project, how many plug-ins, integrations, and extensions are available, how easy it is to find help online (e.g., blog posts, questions on StackOverflow), and how easy it is to hire someone to help you (e.g., an employee, consultant, or support company).
All of the IAC tools discussed in this blog post are open source and can work with many cloud providers, except for CloudFormation, which is closed source and only works with AWS, which plays a big role in building community.
From the recent trends, we can say that Terraform and Ansible are experiencing explosive growth. The increase in the number of contributors, stars, open-source libraries, StackOverflow posts, and jobs is through the roof. Although CloudFormation has also been gaining a lot of recognition on StackOverflow as well as on the job market.
All of the above-discussed tools have their benefits and limitations when designing IAC environments for automation such as Ansible is excellent at provisioning software and machines while Terraform is excellent at managing cloud resources. So I’ll leave it to you for picking the right tool for the right job.
Terraform and other IaC tools are covered in our HashiCorp Infrastructure Automation Certification: Terraform Associate Training. To know more about this click here.
- Terraform Installation Overview
- Variables in Terraform
- Terraform Providers Overview
- HashiCorp Infrastructure Automation Certification: Terraform Associate
- 1Z0-1072-20 | Oracle Cloud Infrastructure 2020 Architect Associate
- [AZ-400] Microsoft Azure DevOps Certification Exam: Everything You Need To Know
Join FREE Masterclass
Join our FREE Masterclass to know more about Terraform and get access to all Hands-On labs that you must perform to clear the Terraform Certified Associate certification exam.
Click on the below image to Register for the FREE Masterclass Now!