What is Terraform and why it rocks
Configuration management is the essential part of DevOps methodology and the tools like Ansible, Chef, Puppet, Terraform or SaltStack are at the heart of the software development ecosystems.
Terraform is the example of next generation of configuration orchestration systems bringing a new layer of features and functionalities to the table. Let’s take a look at what Terraform is and why it rocks.
Terraform is the configuration orchestration tool that works with any cloud, be it private on-prem or public system, and allows safe and convenient design, management and improvement for infrastructure as code. As a part of Hashicorp stack, including also Vagrant, Packer, Consul, Vault, and Nomad, Terraform helps provision any application written in any language to any infrastructure.
Here are the benefits of using Terraform instead of Ansible, Chef, Puppet or SaltStack:
- Orchestration, not merely configuration
- Immutable infrastructure
- Declarative, not procedural code
- Client-only architecture
Below we will explain in more details, why this is so important.
Terraform, the server orchestration tool
All the aforementioned tools were created for server configuration, meaning their primary goal is to install and manage software on the already existing servers. Terraform concentrates more on server provisioning, with software containers deployment left to Docker or Packer. When the whole cloud infrastructure is treated as code and all the parameters are combined in declarative configuration files, all the members of the team can easily collaborate on them, as they would do on any other code.
With Chef, Salt, Puppet, or Ansible, any software update must be run in place. Thus said, every server grows a unique record of updates throughout their lifecycle. This can quite often lead to so-called configuration drift when the differences in these configurations lead to bugs, that can be used as exploits and security breaches. Terraform addresses the issue by utilizing immutable infrastructure approach, where every new update of any parameter creates a separate configuration snapshot, meaning the deployment of a new server and de-provisioning the old one should the need be. This way, updating the development environment goes smoothly, easily and is completely bug-proof, while returning to one of the previous configurations is as simple as choosing the configuration snapshot and provisioning a new environment according to it.
Declarative code style
While Chef or Ansible force you to write step-by-step procedural instructions for reaching the desired state, Terraform, Salt or Puppet prefer describing the desired end state of the system, and the tool itself deals with reaching the goals set. Why is it better? Because a pretty limited number of templates can satisfy all the configuration management needs, and included primitives allow building complex, yet clean and modular code. With the procedural code, you need to think of all the recent events and processes that took place in order to write clear instructions. With Terraform you simply order the tool to do something with the currently active state of the system, that is why the code base remains quite small and easily understandable.
Terraform leverages the cloud provider’s API for provisioning the infrastructure, which removes the need for additional security checks, running a separate configuration management server and multiple software agents. Ansible does this by connecting through SSH, yet the capabilities are quite limited. Due to working via APIs, Terraform presents a literally endless variety of actions. This is much better in terms of security, maintainability and overall ease-of-use.
As Terraform is a relatively new tool, it is still far from being perfect. For example, the provider had once fixed a bug in Terraform ignition provider and removed the indents from JSON, which forced the recreation of all previously configured infrastructures.
Another important thing to note is that there must be a single kapellmeister when using this orchestration tool, as conducting the same actions from differing terminals with differing Terraform versions can lead to an unpredictable result. Obvious issues with collaboration and governance arise and as of now, they are still to be addressed. This pretty much limits the number of DevOps engineers working with a code base to one (or to a single terminal working in shifts).
The third flaw of Terraform is that it was developed with cloud-only deployment in mind, while its counterparts like Salt, Ansible, Puppet work with bare metal servers just fine, due to being developed 5+ years ago, without cloud-only approach in mind. This makes the Terraform configuration orchestration tool really niche-specific and not a one-size-fits-all solution.
We are sure though, that within the next several years all the bugs will be fixed and all the issues will be resolved, further bolstering the undoubted Terraform benefits.
In addition to the aforementioned advantages, there are two main Terraform benefits you have to keep in mind:
- Super portability — you have one tool and one language for describing infrastructure for Google cloud, AWS, OpenStack and ANY other cloud. Switching a provider is not a headache anymore.
- Ease of full-stack deployment — you can have Amazon instances running Kubernetes containers with your workloads, and manage the whole system from one tool.
We consider Terraform to be one of the best configuration orchestration tools available today. It might be not as popular as the other tools yet, but we firmly believe it will cause huge traction in the years to come. We think the creators of Vagrant and Consul have once again shown their expertise and delivered a great product. At IT Svit we were quick to begin using and mastering this tool and enjoy its capabilities.
Below is the comparative table of Terraform, Ansible, Saltstack and Chef features and functionality.
Being open-source, Terraform gathered a strong and passionate community of developers that drive its evolvement ever onward. We believe this tool rocks and will become only better and much more popular with time. It will not be the downfall of Chef, Ansible or Puppet, it will simply take its rightful place in the DevOps toolkit.
What do you think?