Infrastructure as Code (IaC) is a popular term among DevOps engineers. It is used for provisioning and managing the complete IT infrastructure using code, which is machine-readable definition files. This is an approach of software engineering towards operations. Just by using a few programming scripts, you can automate the complete IT infrastructure.
Ansible and Terraform are two popular names which pop up when we talk about Infrastructure as Code. But there are many IT professionals out there who are not aware of the exact differences between these tools. In this blog, I will talk about what you can do with these tools, their advantages and the key differences between them. So, let’s get started!
What is Terraform?
Terraform is an open-source tool developed by HashiCorp for Infrastructure as code. By using very easy to use declarative language in Terraform, you can define and provision a complete IT infrastructure. Using Terraform, you can declare and configure the resources you want in your infrastructure, it will map all the dependencies and build the infrastructure for you.
This tool was launched just 6 six years ago in 2014, but the adoption of this tool has been amazing because of the amazing features it offers to ease the orchestration of the IT infrastructure, which is a very complex process for a large organization. Terraform can also be used with popular cloud providers like AWS, GCP, VMware. It integrates with the cloud providers easily. You can use Terraform to customize your IT infrastructure with ease. You can host your servers on AWS, use Heroku as a database and CloudFlare for DNS configuration.
Normally, most IT organizations have development, staging or QA and production environments. Over a period, the production environment becomes very complex and difficult to manage. You can codify everything happening in the production environment with terraform to ease the management. Also, using Terraform, you can spin dev and QA environments similar to the production environment really quick, which help developers and testers to have a similar platform to develop and test their applications. Uber, Slack, Twitch, Starbucks are few big names who are leveraging the power of Terraform.
Below are the advantages of Terraform:
- Provides a simple GUI to manage the services
- Provides one simple language (declarative) to describe the infrastructure for GCP, AWS, Azure and others
- Supports role-based access control (RBAC) for security
- Can be provisioned with AWS, GCP, Azure, OpenStack with ease by using their APIs
- Easily integrates with continuous integration platforms like Jenkins, Travis, GitLab for deploying DevOps pipelines
- Using the terraform registry, teams within an organization can collaborate with ease on the infrastructure
- It is masterless, so you do not need a master node to keep track of all the configuration updates
What is Ansible?
Ansible is a popular configuration management tool which automates your IT tasks. It is an open-source tool that uses both procedural and declarative languages for configuration management. With Ansible, you can automate your containers, applications, networks, infrastructure, security and it also has good support from cloud providers. It is majorly preferred by DevOps engineers because it reduces the complexities and speeds up the DevOps processes.
It uses simple YAML configuration files (human-readable) to automate the most complex infrastructure with ease. Ansible Playbooks are the code file written in YAML to perform configuration management. It is agentless but has a master to push the configuration for managing and updating the applications on the remote servers. It used SSH to connect to all the nodes in the IT infrastructure. Once it is connected to the nodes, it pushes the latest configuration by using Ansible modules to the nodes to install, update or remove the application.
It is also capable of using ad-hoc commands to execute simple tasks with speed. These are not for configuration management but for simple one-time tasks.
Ansible Advantages and Features:
- Unlike other configuration management tools like Puppet and chef, Ansible is agentless. You don’t need an agent running on the nodes to perform the tasks in Ansible.
- Has a plethora of libraries to offer in python as it was built on python, which makes it very developer-friendly.
- Uses SSH for secure authentication.
- It has a push-based deployment model where the master pushes the configurations to the remote servers to apply the changes in the infrastructure.
- Provides visualization features at the enterprise level through Ansible Tower.
- No exclusive coding skills required when working with ansible as it used YAML which is human-readable and easy to learn.
Terraform vs Ansible: Key Differences
Orchestration vs Configuration Management
The most basic difference between Terraform and Ansible is that Terraform is an orchestration tool and Ansible is a configuration management tool. There is an overlap between their functionalities but they are still different from each other. Ansible is responsible for keeping all the components of the infrastructure in working condition or repairing the infrastructure. Whereas Terraform is responsible for making sure the necessary components required for the infrastructure are present and running in a steady state.
Procedural vs Declarative
This comparison tells you how these tools perform their actions. Terraform is declarative in nature where you declare something like, these are the 5 components I need for my infrastructure. Whereas Ansible is hybrid, both procedural and declarative. It uses a procedural approach step by step using the ad-hoc commands to achieve the desired state defined in the configurations. It also has several ansible modules that can use declarative configurations.
Mutable vs Immutable Infrastructure
Ansible is used to create mutable infrastructure and Terraform is used to create immutable infrastructure. Let me help you understand this with a simple example. When you are using Ansible to manage or update software, depending on the configuration it will update the software on the same server. As more and more updates get released, the production environment gets complex including multiple updates and leads to the subtle change in the server configurations which leads to bugs which can be difficult to diagnose.
Whereas in Terraform you use Docker or Packer to always deploy a new image on the server. When you have an update of your software and want to deploy it on all the servers, Terraform will create a new docker image of the new update, deploy the new image on all the servers and remove the older image. So, even over a period of time when the system has become complex and you have had multiple updates, still the configuration remains the same on all the servers.
Master vs Masterless
Ansible environment has a master machine, whereas Terraform is masterless. In Ansible, you have a master machine which is responsible for storing the state of the complete infrastructure and pushing the configuration updates to the remote servers. It follows a push-based deployment model. Now there can be some extra overload of managing, maintaining this extra infrastructure and keeping is secured.
Whereas Terraform has no master machine separately in its own architecture. In some cases, terraform may reply on a master server but that would already be a part of the infrastructure and not an additional server. For example, when terraform works with cloud providers like AWS using the APIs, the API servers can act as a master system here.
Community
Between Ansible and Terraform, I would say the community of Ansible is comparatively stronger. If you check the GitHub repository of both the tools, Ansible has 44 branches, 340 tags, 2000 watch, 45.6K star, and 19.8K forks so far. Whereas Terraform has 166 branches, 166 tags, 1200 watch, 24.5K star and 6.2K forks. But recently, both the tools have seen explosive growth in terms of their community activities.
Which one to Choose?
The answer to this completely depends on the business requirements. I would say it is not an apple to apple comparison between Ansible and Terraform. If you are looking for a focused configuration management tool, you need to go with ansible. If you are looking for a tool to orchestrate the complete IT infrastructure, you need to use Terraform. If you are looking to work with cloud providers and cloud resources closely, terraform is a better option. If you are looking to provision and manage your software, then Ansible is the better tool for the task. Both the tools have their own benefits and limitations depending on the problem statement you would have.
Just to summarize, here is a comparison table of Ansible and Terraform.
| Criteria | Ansible | Terraform |
| Founded On | 2012 | 2014 |
| Written In | Python | Go |
| Developed By | Ansible Inc. / Red Hat Inc. | HashiCorp |
| Type | It is a configuration management tool | It is an orchestration tool |
| Infrastructure | It supports mutable infrastructure | It supports immutable infrastructure |
| Language | It uses both procedural and declarative languages | It uses declarative language |
| Lifecycle Management | No | Yes |
| VM Provisioning and Networking | Partial | Completely supported |
| Packaging and Templating | Completely supported | Partial |
| Community and Support | 44 branches, 340 tags, 2000 watch, 45.6K star, 19.8K forks | 166 branches, 166 tags, 1200 watch, 24.5K star, 6.2K forks |
Final Thoughts
Both DevOps tools, Ansible and Terraform have been highly popular and successful in the DevOps domain. Both are highly used in the production environments in the majority of organizations leveraging the DevOps stack. So, go ahead and try both the tools for different problem statements where these tools suit the best as per the differences mentioned in this blog and evaluate their performance yourself.
