Ansible vs Terraform: Best DevOps tool?
Ansible and Terraform are excellent DevOps tools that can provide many automation benefits in enterprise and cloud environments. However, I would say that each has its strengths in configuring and provisioning infrastructure. Look at Ansible vs Terraform and see which automation tool is best for which task.
Table of contents
At a high-level
Ansible and Terraform are two of my favorite DevOps tools as they provide quick time to value, and you can start accomplishing a lot by using them. I started first with Ansible as for me I was looking more for a configuration management tool at the time.
When I started looking to provision infrastructure, Terraform was the name that kept coming up. And it is great at provisioning infrastructure. The short answer, in my opinion, to Ansible vs Terraform is this:
Ansible for configuration management
Terraform for infrastructure provisioning
I think these are the strength of these two DevOps tools. However, can they both do some configuration management and deploy infrastructure? Yes, they can. I think Ansible is probably better at playing both sides than Terraform. However, Terraform has provisioners that can be used for some configuration management, but this is not its strong suit, and the provisioned actions aren’t tracked in state management.
Ansible is an all-out jack of all trades that can do almost anything you want it to do, including spinning up infrastructure. However, I tend to use Terraform more in this realm than Ansible for configuration management and everything else.
Let’s look at each in a bit more detail.
Installing Ansible vs Terraform
The award for ease of “installation” definitely goes to Terraform. Terraform is a self-contained binary you download from Hashicorp. You are ready to rock and roll with Terraform as soon as you download the binary. Ansible is a bit more involved as you need to ensure you have Python and a few other things installed along with installing Ansible itself, especially if you are working with things like Kerberos in Windows environments.
Below is an example of installing related components and Ansible. You can pull it from most Linux repositories and also use it in Windows by installing it in Windows Subsystem for Linux (WSL). This is a noted difference between Ansible and Terraform. Terraform does have native Windows support without WSL. However, Ansible does require WSL to work on a Windows machine.
apt-get update && \
apt-get install -y gcc python-dev libkrb5-dev && \
apt-get install python3-pip -y && \
pip3 install --upgrade pip && \
pip3 install --upgrade virtualenv && \
pip3 install pywinrm[kerberos] && \
apt install krb5-user -y && \
pip3 install pywinrm && \
pip3 install ansibleTerraform is just a single binary file download from here: Install | Terraform | HashiCorp Developer. After downloading, you add a PATH variable to point to your Terraform binary.
Ansible for Configuration Management
Ansible is good at doing configuration management by writing simple YAML configuration files. It can orchestrate management changes and has a wide range of automation tools that can be used for modifying the environment.
Configuration Management in Depth
Let’s look at configuration management with Ansible.
Ansible Configuration Management
Ansible’s configuration management is centered around its use of playbooks written in YAML. These playbooks allow users to define the desired state of their infrastructure components, making them easy to read and write. Here’s an example of an Ansible playbook that sets up a web server:
---
- name: Set up Apache web server
hosts: webservers
tasks:
- name: Ensure Apache is installed
package:
name: httpd
state: present
- name: Start Apache
service:
name: httpd
state: started
Mutable Infrastructure Approach
Ansible is a tool that can change existing infrastructure and it allows you to make modifications on-the-fly. With this, you can make small changes, and capture these in code.
Also, you have a large set of modules and plugins that can allow you to do a wide range of configuration management tasks.
Terraform Configuration Management
Terraform uses HashiCorp Configuration Language (HCL), specifically designed to describe infrastructure resources. It provides a way to define the desired state of infrastructure. Here’s an example of a Terraform code snippet to create a cloud instance:
resource "aws_instance" "example" {
ami = "ami-0c94855ba95c71c99"
instance_type = "t2.micro"
}
Immutable Infrastructure and state
Terraform is focused on immutable infrastructure, where changes are made by replacing existing infrastructure rather than you modifying it. This makes sure you have infrastructure management processes and minimizes risks. Risks include configuration drift.
Terraform emphasizes state management by keeping a record of the existing infrastructure and its configuration. This helps synchronize the real-world infrastructure with the code and allows for predictable changes.
Cloud Provisioning and Multiple Providers
Terraform is very good at provisioning infrastructure across multiple cloud platforms. It supports multiple providers and makes sure that the same configuration can be applied across different cloud environments.
Infrastructure Automation and Provisioning
Both Ansible and Terraform are renowned for their infrastructure automation capabilities. Here’s how they handle these tasks to create infrastructure.
Ansible
Using Ansible you can automate a lot of different things. These tasks you can automate with Ansible include configuring servers, managing cloud services, etc. For example, here’s us using Ansible to install Nginx on a web server and start the service:
- name: Install Nginx
apt:
name: nginx
state: present
notify:
- Start Nginx
handlers:
- name: Start Nginx
service:
name: nginx
state: startedTerraform for creating infrastructure
Terraform is best at provisioning new infrastructure in on-premises and cloud environments. It gives you control over cloud provisioning. You can do this by using its infrastructure as code approach with Terraform. For instance, here’s how you can create a Virtual Private Cloud (VPC) in AWS using Terraform:
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}Terraform and Ansible for Network Automation
Ansible uses its playbooks that can be used for network automation. You can configure switches, routers, and other network devices with Ansible. Here’s an example of configuring a VLAN on a Cisco switch using Ansible:
---
- name: Configure VLAN 100
hosts: cisco_switch
tasks:
- name: Ensure VLAN 100 exists
ios_vlan:
vlan_id: 100
name: My_VLAN
state: presentThis YAML code connects to the Cisco switch specified under “cisco_switch” and makes sure that VLAN 100 is configured with the given name.
Key Features:
Device-Specific Modules: Ansible has device-specific modules for various vendors, simplifying the configuration tasks.
Integration with Existing Infrastructure: Ansible can manage configurations seamlessly with the existing network infrastructure.
Mutable Infrastructure: Ansible can make direct changes to the current configuration, supporting a mutable infrastructure approach.
Terraform Network Automation
Terraform also has network automation support but it takes a different approach. Here’s an example of creating a VPC and subnet in AWS using Terraform:
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "subnet" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
}This HCL code sets up a VPC and a subnet within it in AWS, following the specified CIDR blocks.
Features:
Declarative Syntax: Terraform uses HashiCorp Configuration Language (HCL) that allows you to declare what you want the infrastructure to look like
Immutable Infrastructure Approach: You create new infrastructure each time to keep from having configuration drift.
Provider Support: Terraform supports multiple providers and this allows you to be consistent across the board
Building Cloud Infrastructure: Ansible vs. Terraform
Let’s consider examples between the two of creating cloud infrastructure.
Ansible for Cloud Infrastructure
Ansible uses playbooks to define the desired state of cloud resources. Here’s an example of creating an EC2 instance in AWS using Ansible:
- name: Launch an EC2 instance
hosts: localhost
tasks:
- name: Create EC2 instance
ec2:
key_name: mykey
instance_type: t2.micro
image: ami-12345678
wait: yes
group: webserverThis code snippet makes sure the creation of an EC2 instance in the security group with the given key and instance type.
Key Aspects of Ansible:
Integration with Cloud Services: Ansible has modules for various cloud services, allowing for seamless integration.
Flexible Configuration Management: Ansible’s YAML-based configuration files are human-readable and support reusable roles.
Mutable Infrastructure Approach: Ansible makes adjustments to existing infrastructure resources, enabling quick configuration changes.
Terraform for Cloud Infrastructure
Terraform uses declarative HCL to manage cloud resources. Here’s an example of defining an AWS EC2 instance using Terraform:
resource "aws_instance" "my_instance" {
ami = "ami-12345678"
instance_type = "t2.micro"
key_name = "mykey"
vpc_security_group_ids = ["webserver"]
}This code makes sure that the EC2 instance exists with the specified attributes.
Key Aspects of Terraform:
Declarative Syntax: Terraform describes the desired state of infrastructure, creating or modifying resources accordingly.
Immutable Infrastructure: Terraform provisions new resources for changes, minimizing the risks of configuration drift.
Provider Support: Terraform’s wide range of providers allows for a consistent approach across different cloud platforms.
Deploying Across Multiple Cloud Platforms
Terraform for Multi-Cloud Deployment
Terraform can handle deployments across multiple cloud platforms from its extensive provider support. Here’s an example of creating a virtual machine in Azure:
resource "azurerm_virtual_machine" "my_vm" {
name = "myvm"
location = "East US"
resource_group_name = "myResourceGroup"
vm_size = "Standard_DS1_v2"
}This code creates a VM in Azure using the specified parameters.
Ansible for Multi-Cloud Management
Ansible can also manage infrastructure across various clouds through its cloud-specific modules. Here’s an example of creating a Google Compute Engine instance:
- name: Create instance(s) on GCE
gce:
instance_names: my-instance
machine_type: n1-standard-1
image: debian-11This playbook makes sure the creation of an instance in GCE with the given specifications.
Comparison of Key Differences
The key differences between Ansible and Terraform come down to their core functionalities and how they approach common tasks:
Ansible Terraform Approach to Cloud Services
While both can manage cloud services, Ansible offers broader configuration management tools, whereas Terraform specializes in cloud provisioning. Understanding these nuances is essential when choosing the right tool for your specific cloud infrastructure needs.
Infrastructure Management: An In-Depth Look
Infrastructure management involves a complex set of tasks. Both Ansible and Terraform provide extensive capabilities, but their approach differs in managing infrastructure resources, handling network automation, and integrating with various network devices.
Versioned Software Component Installation
Ansible excels in tasks like versioned software component installation and managing configurations across various infrastructure components. While strong in provisioning infrastructure, Terraform may require additional tools for detailed configuration management tasks.
Code Examples: Ansible vs. Terraform
Comparing running code between Ansible and Terraform can provide valuable insights into their operation. Here are examples for both:
Ansible Code Example
- name: Install Apache
hosts: webservers
tasks:
- name: Install httpd
yum:
name: httpd
state: presentTerraform Code Example
provider "aws" {
region = "us-west-2"
}
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
}
output "ip" {
value = aws_instance.web.public_ip
}These examples illustrate how Ansible focuses on managing configurations and Terraform on provisioning infrastructure.
Wrapping up
The answer no one ever likes: the choice between Ansible and Terraform depends. Actually using both together is the best approach. Terraform is best for provisioning new infrastructure and Ansible is best for configuring and modifying existing infrastructure.
