The way DevOps as a culture is gaining momentum, tools like Ansible and Terraform witnessing a huge demand and popularity.
Both tools are considered as Infrastructure as Code (IaC) solutions which helps in deploying code and infrastructure. While Ansible acts as a configuration management solution commonly abbreviated as “CM”, Terraform is a service orchestration or provisioning tool.
Note that there are overlaps and these terms are not necessarily mutually exclusive. This is what confuses people and this is why I am going to compare Ansible and Terraform.
I'll explain what are these tools used for, what are their pros and cons. This will help you decide whether you should use Ansible or Terraform in your projects.
Ansible and Terraform: What are these tools?
Let's first briefly take a look at what are these popular DevOps tools.
What is Ansible?
Ansible is an IT automation tool. It can configure systems, deploy software, and perform more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
What is Terraform?
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Before highlighting the differences between these two tools let us first understand what Configuration Management and Orchestration is.
Configuration Management vs. Orchestration
Configuration management is a set processes and procedures that ensures that the desired and consistent state of your infrastructure which includes servers and software's are always met. In other words, it's a way to make sure that a system performs as it's expected to as changes are made over time.
CM tools ensure that IT deployments are faster, incremental, repeatable, scalable, predictable, and maintains the desired state, which brings managed assets into an expected state.
Tools like Ansible are used for doing configuration management.
When it comes to orchestration you can use the orchestration tools to not only provision servers, but also databases, caches, load balancers, queues, monitoring, subnet configuration, firewall settings, routing rules, SSL certificates, and almost every other aspect of your infrastructure, mainly public cloud infrastructure.
Terraform is an orchestration tool. It is designed to provision the server instances themselves, leaving the job of configuring those servers to other tools.
Procedural vs. Declarative Language
DevOps tools can be categorized as Procedural or Declarative based on how they perform their actions when applied.
Procedural describes an application that requires the exact steps to be laid out in the code whereas Declarative “declares” exactly what is needed, not the process by which the result is achieved.
Ansible uses procedural style where you write the code that specifies, step-by-step tasks in order to achieve desired end state.
Whereas tools like Terraform, AWS CloudFormation all are declarative in defining the process where you write code that specifies your desired end state. For example, if you needed 5 EC2 instances, that’s exactly how many you would have after the code has been executed.
Ansible and Terraform: Comparison
Let's see what are the advantages and disadvantages of using Terraform:
Pros of Terraform
- Terraform maintains whole cloud infrastructure and make those resources available as code. That makes incremental change process very easy.
- Modular design.
- Simple and Easy-to-Learn
- It maintains the state of the resources created. All the objects created by Terraform shall be recreated if deleted by any other process.
- Seamless integration with CI/CD pipelines.
- It allows import of existing resources to bring them in Terraform state.
- When you run
terraform plan, it shows the changes that are about to be applied to resources that already exist. This gives DevOps engineers an insight into the changes they're about to make, particularly if the changes are not as expected.
Cons of Terraform
- No rollbacks. You need to destroy everything and re-run of the tf script is required.
- Error handling is not mature. As of Terraform
v.12.20there are two new functions available for consumers
- Terraform scripts creation isn't allowed directly from state files.
- Terraform tool is still under development and going through many beta releases each month.
- Not every item can be imported.
terrafom importcommand can only import one resource at a time. This means you can't yet point Terraform import to an entire collection of resources such as an AWS VPC and import all of it.
Pros and cons of using Ansible
Now, let's take a look at the positives and negatives of Ansible.
Pros of Ansible
- Simple and Easy-to-Learn
- Make the whole deployment process automated and developer friendly
- YAML based simple and readable scripts (Ansible Playbooks)
- Huge module support
- Availability of a central repository called Ansible galaxy to find and reuse Ansible content.
Cons of Ansible
- Lacks in UI offering. AWX which eventually evolved into Ansible tower still has a huge room for improvement.
- No state maintenance. Ansible doesn’t keep track of dependencies. It just executes a sequential series of tasks, stops when it finishes, fails or encounters an error.
- Not up to the mark when it comes to Windows OS support. Ansible is still in early stages to extend support for Windows.
- Not that straightforward if you have to write complex scripts with extensive logics in playbooks.
- Enterprise support isn't yet matured/reliable.
- Lacks descriptive error messages when it comes to debugging complex playbooks.
Terraform or Ansible? Which one is better for you?
Believe me, it's not a simple question to answer. Because it depends largely on your requirements.
In real world, within IT organizations, you never rely on one tool instead you use combination of different tools to achieve the desired results.
Both Ansible and Terraform tools do a lot of things pretty well. And my personal preference is to use Terraform for orchestration/provisioning and Ansible for configuration management.
Terraform performs at its best of capabilities when used for infrastructure orchestration (managing cloud resources) as this is what it was created for.
Ansible, on the other hand, is best suited and optimized for configuration management tasks (provisioning software and machines). Orchestration tasks also can be performed with it, but that is just part of what it does.
My suggestion - use what is best and originally created for the task you want to perform.
But that's not the rule of thumb either as you may find people who prefer to use one tool for everything and it works for them!
Both tools have their own benefits as well as limitations when designing Infrastructure as Code environments for automation. And yes, the success totally depends on knowing which tools to use for which jobs.
I hope I have made a few things around Ansible and Terraform clearer for you. If you still have questions or suggestion, please let me in the comment section.