Some time ago, we published an article on Infrastructure as a Code. This is where we mentioned Terraform for the first time. Today, I would like to focus explicitly on Terraform, explain why should you consider using it and why, in my subjective opinion, is it better than other popular IaC tools like Chef, Puppet, Ansible, SaltStack and CloudFormation.
Just a quick reminder: Configuration Management, or in other words Infrastructure as a Code, is concerned with writing and executing code in such a way to define, deploy and update a given infrastructure. This means that networks, routes, load balancer, compute instances, storage buckets, etc are managed in code. The main benefits of using IaC are the fact that is speedy and safe thanks to the automation of the deployment provisioning process. It requires less pure SysOps work, but still, it is good to have basic knowledge about the shell, the CIDR notation, basic Linux administration etc.
What is Terraform?
IaC tools can be divided into four general categories: ad hoc scripts, configuration management tools, server templating tools and server provisioning tools. The focus of this article - Terraform - is one of the server provisioning tools. This means it is responsible for server creation, contrary to tools that define the code that runs on a server. Provisioning tools are also used to create databases, firewall settings, SSL certificates, managing Vault policies, GitHub repositories and many others.
Terraform in itself is an open-source tool by HashiCorp, written in the Go language. The Go code is compiled into a single binary called. This binary is used to deploy infrastructures or build a server using just a shell. The
terraform binary makes API calls to Google Cloud, AWS, OpenStack etc. thanks to the Terraform providers maintained by the community.
Terraform vs Chef
First of all, Chef is a configuration management tool, contrary to the provisioning tool that Terraform is. Chef is concerned with installation and management of software on existing servers, while Terraform provisions the servers themselves. In this case, when using Docker or Packer, Terraform is a better choice than a configuration management tool. What is more, Chef defaults to a mutable infrastructure paradigm leading to hard to diagnose configuration bugs, but Terraform treats every change as a deployment of a new service configuration. Chef also represents a procedural style to code writing and requires running a master server for state storing as well as agent software on each configurable server.
Terraform vs Puppet
Similarily to Chef, Puppet is also a configuration management tool used to install and manage software on already existing servers. It also requires a master server for storing the infrastructure state as well as installation of an agent software for installing the latest configuration management updates. Puppet is also 4 years older than Chef (released in 2005). However, Puppet has a more declarative style, similarily to Terraform.
Terraform vs Ansible
Ansible, just like Chef represents a procedural style of coding. Like the two options above it is a configuration management tool and follows a mutable infrastructure paradigm. What is undoubtedly the advantage here is the fact that Ansible is represented by a big community with nearly 5k active contributors. It is also highly desirable on the job market. Just like Terraform, Ansible does not require running a master server in order to store the infrastructure state.
Terraform vs SaltStack
Although SaltStack is again a configuration management tool it has a more declarative style, like Terraform. Like Ansible, Chef and Puppet it is a mutable infrastructure paradigm. It requires the installation of agent software and to run a master server. Lately, SaltStack has been gaining an increase in developers’ interest.
Terraform vs CloudFormation
CloudFormation is similar to Terraform thanks to its declarative style. It is also a provisioning tool, just like Terraform. However, from all the mentioned tools, CloudFormation is the only non-open-source one. The tool belongs to AWS services, which means it can only be used within the AWS scope. Most recently, CloudFormation has been gaining a lot of recognition on StackOverflow as well as on the job market.
Why use Terraform?
Terraform is open-source, which means you have access to the code to read it, debug issues and contribute to future releases. Thanks to the community, Terraform gets frequent updates and supports new providers every day.
Terraform must store state about configuration and managed infrastructure. It’s used to map a configuration code to real resources. By default, the state file is stored locally, but it can be stored on different backends eg AWS S3, Consul, Google Cloud Storage or PostgreSQL.
HashiCorp decided to create HCL* (HashiCorp Configuration Language) to build a structured configuration language that is human and machine-friendly - what more it is fully JSON compatible, provides simple loops, conditions. It gives a lot of power to create a reusable and tested infrastructure. Terraform makes use of plan command which means you can review the changes you are about to apply before applying them as well as supports of cloud providers other than AWS or Google Cloud. At the 2019 HashiConf features of Terraform 0.12 were presented.