The DevOps world has seen a lot of evolution in the creation and development of many tools in the last decade. These tools can help with deploying infrastructure in an automated way on a regular basis, or just apply changes in general. Here, we will discuss Terraform’s key features and provide a comparison of Terraform vs Chef vs Ansible.
Terraform Defined
HashiCorp’s Terraform is a Infrastructure as Code (IaC) service that allows for infrastructure provisioning and security on cloud to be automated based on infrastructure and policy as code. The technology codifies, shares, manages, and executes infrastructure and policies consistently within a workflow across all infrastructure. Niveus, a Google Cloud Partner and Hashicorp partner, is at the forefront of automation solution development and carries a strong focus driving innovation in infrastructure solutions. Our GCP landing zone is built on top of Terraform’s automated code solution for cloud deployment.
Chef vs Terraform vs Ansible: Key Differentiators
Configuration Management vs Provisioning
Chef and Ansible are configuration management tools, while Terraform on the other hand is a provisioning tool. Configuration management tools are designed to install and manage software on existing servers, while a provisioning tool is designed to provision the servers and the rest of your infrastructure, like load balancers, databases, networking configuration, etc. Terraform only provisions the requirements, and leaves the job of configuring those servers to other tools. The tools are going to be a better fit for certain types of tasks, based on the area of focus they have.
Mutable Infrastructure vs Immutable Infrastructure
Configuration management tools such as Chef, and Ansible, typically default to a mutable infrastructure paradigm. When using these to install a new version of OpenSSL, the software update will be run only on the existing servers with the changes happening in-place. With additional updates, each server builds a history of changes that are unique to itself. This can often lead to a configuration drift, where each server becomes slightly different than all the others. This causes subtle configuration bugs that can be difficult to diagnose and correct.
With a provisioning tool such as Terraform, then every “change” is actually a deployment of a new server. This approach has several benefits: from reducing the likelihood of configuration drift bugs, to easier overview on what software is running on which server, and to trivially deploying any previous version of the software at any time.
Procedural vs Declarative
There are two main ways to write code for infrastructure as code (IAC) tools: procedural and declarative. With procedural code, you write out each step needed to achieve a desired end state. This is how Chef and Ansible work. With declarative code, you only declare the desired end state. The IAC tool is then responsible for figuring out how to achieve that state. This is how Terraform works. One advantage of declarative code is that since all you do is declare the end state you want, Terraform (or any other IAC tool) will also be aware of any state it created in the past,
Master Versus Masterless
In order to use Chef, you need to have a master server up and running. This server is responsible for storing the state of your infrastructure and distributing updates. To make a change to your infrastructure, you use a client (such as a command-line tool) to issue new commands to the master server. The master server then pushes updates out to all the other servers, or those servers pull the latest updates from the master server on a regular basis.
However, having to run a master server has some serious drawbacks including requirement for additional infrastructure (such as an extra server, or even a cluster of extra servers), maintenance and security procedures.
Ansible and Terraform don’t require a separate master server. They communicate with cloud providers using the provider’s APIs, or in the case of Ansible, by connecting directly to each server over SSH. This means you don’t have to run extra infrastructure or manage extra authentication.
Agent Versus Agentless
Chef requires you to install agent software (e.g., Chef Client) on each server you want to configure. The agent typically runs in the background on each server and is responsible for installing the latest configuration management updates.
For each configured server, Chef requires an agent software such as Chef Client to run in the background on the server, and is responsible for installing the latest configuration management updates.
Ansible and Terraform do not require you to install any extra agents as they leverage agents that typically are a pre-installed part of the infrastructure. With Terraform, businesses can issue commands and the cloud provider’s agents execute them for all servers. With Ansible, your servers need to run the SSH Daemon, which is common to run on most servers anyway. When it comes to configuration management, there are a lot of options available. There are many that are feature-rich, some that are easy to code, and some that are easier to deploy.
Key Features of Terraform
Remote workflow and execution: Terraform Cloud offers a way to manage Terraform workflows remotely, so that it is easier for new users to learn and for existing Terraform users to be comfortable with. The basics of this workflow include, being able to run Terraform remotely, having a workspace-based organization, being able to use version control integration, command-line integration, and remote state management with cross-workspace data sharing. You can also use Terraform Cloud Agents to run Terraform on your own isolated, private, or on-premises infrastructure. With this feature, businesses can gain consistency, visibility, and can enable powerful features like Sentinel policy enforcement, cost estimation, notifications, version control integration, and more.
Local execution: There are benefits to both remote and local execution when it comes to Terraform. For example, most Terraform users are able to interactively check their work while editing configurations, while running Terraform plans locally. This helps to keep errors and bugs in check.
Private Registry: Teams of any size can reap big benefits by codifying commonly used infrastructure patterns into reusable modules. With Terraform, you can easily get providers and modules from a variety of different sources. The technology also makes it simpler to find providers and modules via a private registry. Its easy versioning enables downstream teams to confidently use private modules, as well as frees upstream teams to iterate faster.
Terraform Enterprise and Terraform Cloud: Terraform Enterprise, is more organization-friendly with more features, customization, improved performance and better support. It is offered as a private installation. On the other hand, Terraform Cloud, as a multi-tenant SaaS platform, brings a free tier for getting started, and can accommodate both small businesses and large organizations.
Terraform Enterprise includes Terraform Cloud’s paid features, along with some extra features for large enterprises. There are differences between some features owing to the nature of self-hosted and SaaS environments, and some features in Terraform cloud aren’t available because they wouldn’t work well or be relevant for the types of organizations that use Terraform Enterprise. These are clearly marked in documentation as cloud-only or enterprise-only.
To know how your business can leverage Terraform, get in touch with us at biz@niveussolutions.com