What is Terraform and why it rocks
Configuration management is the essential part of DevOps methodology and the tools like Ansible, Chef, Puppet or SaltStack are the heart of the software development ecosystem.
Terraform is the example of next generation of configuration orchestration systems that brings new layer of features and functionalities to the table. Let’s take a look at what Terraform is and why it rocks.
Terraform is the configuration orchestration tool that works with any cloud, be it private on-prem or public system, and allows safe and convenient design, management and improvement for infrastructure as code. As a part of Hashicorp stack, including also Vagrant, Packer, Consul, Vault and Nomad, Terraform helps provision any application written on any language to any infrastructure.
Here are the benefits of using Terraform instead of Ansible, Chef, Puppet or SaltStack:
- Orchestration, not merely configuration
- Immutable infrastructure
- Declarative, not procedural code
- Client-only architecture
Below we will explain in more details, why this is so important.
Terraform, the server orchestration tool
All the aforementioned tools were created for server configuration, meaning they primary goal is to install and manage software an already existing servers. Terraform concentrates more on server provisioning, with software containers deployment left to Docker or Packer. When the whole cloud infrastructure is treated as code and all the parameters are combined in declarative configuration files, all the members of the team can easily collaborate on them, as they would do on any other code.
With Chef, Salt, Puppet, or Ansible, any software update must be run in place. Thus said, every server grows a unique record of updates throughout their lifecycle. This can quite often lead to so-called configuration drift, when the differences in these configurations lead to bugs, that can be used as exploits and security breaches. Terraform addresses the issue by utilizing immutable infrastructure approach, where every new update of any parameter creates a separate configuration snapshot, meaning the deployment of a new server and de-provisioning the old one should the need be. This way, updating the development environment goes smoothly , easily and is completely bug-proof, while returning to one of the previous configurations is as simple as choosing the configuration snapshot and provisioning a new environment according to it.
Declarative code style
While Chef or Ansible force you to write step-by-step procedural instructions for reaching the desired state, Terraform, Salt or Puppet prefer describing the desired end state of the system, and the tool itself deals with reaching the goals set. Why is it better? Because a pretty limited number of templates can satisfy all the configuration management needs, and included primitives allow building complex, yet clean and modular code. With procedural code you need to think of all the recent events and processes that took place in order to write clean instructions. With Terraform you simply order the tool to do something with the currently active state of the system, that is why the code base remains quite small and easily understandable.
Terraform leverages the cloud provider’s API for provisioning the infrastructure, which removes the need for additional security checks, running a separate configuration management server and multiple software agents. Ansible does this by connecting through SSH, yet the capabilities are quite limited. Due to working via APIs, Terraform presents a literally endless variety of actions. This is much better in terms of security, maintainability and overall ease-of-use.
As Terraform is a relatively new tool, it is still far from being perfect. For example, the provider had once fixed a bug in Terraform ignition provider and removed the indents from JSON, which forced the recreation of all previously configured infrastructures.
Another important thing to note is that there must be a single kapellmeister when using this orchestration tool, as conducting the same actions from differing terminals with differing Terraform versions can lead to an unpredictable result. Obvious issues with collaboration and governance arise and as of now, they are still to be addressed. This pretty much limits the number of DevOps engineers working with a code base to one (or to a single terminal working in shifts).
The third flaw of Terraform is that it was developed with cloud-only deployment in mind, while its counterparts like Salt, Ansible, Puppet work with bare metal servers just fine, due to being developed 5+ years ago, without cloud-only approach in mind. This makes the Terraform configuration orchestration tool really niche-specific and not a one-size-fits-all solution.
We are sure though, that within the next several years all the bugs will be fixed and all the issues will be resolved, further bolstering the undoubted Terraform benefits.
In addition to aforementioned advantages, there are two main Terraform benefits you have to keep in mind:
- Super portability — you have one tool and one language for describing infrastructure for Google cloud, AWS, OpenStack and ANY other cloud. Switching a provider is not a headache anymore.
- Ease of full-stack deployment — you can have Amazon instances running Kubernetes containers with your workloads, and manage the whole system from one tool.
We consider Terraform to be one of the best configuration orchestration tools available today. It might be not as popular as the other tools yet, but we firmly believe it will cause huge traction in the years to come. We think the creators of Vagrant and Consul have once again shown their expertise and delivered a great product. At IT Svit we were quick to begin using and mastering this tool and enjoy its capabilities.
Being open-source, Terraform gathered a strong and passionate community of developers that drive its evolvement ever onward. We believe this tool rocks and will become only better and much more popular with time. It will not be the downfall for Chef, Ansible or Puppet, it will simply take it’s rightful place in the DevOps toolkit.
What do you think?
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
SLA benefits: why do you need SLA and what does it cover
SLA is one of the most important papers in the business. It ensures the provider delivers the service of required quality and on time. However, in order to be efficient, SLA should be correctly composed and include specific points. Read on to know what are the main SLA benefits and what points it should cover.
Blockchain technology explained to your grandma
Despite being around for nearly a decade, the blockchain technology is still not too widespread. To say even more, the absolute majority of people still do not have a clue how the blockchain really works. The explanations circulating in the network are full of technical terms that require much deeper understanding of the technology that an average citizen possesses. We tried to deal with this shortcoming in our new article and provided an explanation of what makes the blockchain technology tick in the terms your grandma would understand.
How to protect the content from web scraping
Every website admin has two diametrically opposite goals: to help the legitimate web crawlers in indexing the website content
Hyperledger helps secure the medical records
Using the blockchain technology ensures security and immutability of data. Read how Hyperledger helps keep the medical records secure
Red Hat to acquire CoreOS: what lies ahead?
Container Linux by CoreOS is the leading operating system for Docker containers. Built as a lightweight fork of Chrome