Ansible and Terraform are two popular open-source tools commonly found in DevOps stacks. Although distinct in purpose, these tools somewhat overlap in functionality (primarily in terms of IaC capabilities), which often leads to confusion about when one tool is a better option than the other.
This article offers an in-depth Ansible vs. Terraform comparison that outlines the main differences between the two solutions. We examine the pros and cons of both tools, explain their roles in infrastructure management, and show why the choice between Ansible and Terraform is not always an either-or dilemma.
What Is Ansible?
Ansible is an open-source Python-based automation tool that excels at configuring provisioned infrastructure, which includes tasks such as:
- Changing configuration files.
- Installing and updating software.
- Configuring runtime environments.
This Red Hat-owned tool also enables users to automate numerous IT processes, including:
- Provisioning of on-prem and cloud-based resources (servers, virtual machines, network devices, etc.).
- Orchestrating and deploying applications.
- Implementing security and compliance policies (e.g., a cloud security policy).
While the tool can provision resources, Ansible's functionalities gear more towards configuring existing infrastructure and automating repetitive tasks.
Main pros of Ansible
- There's a free and open-source version of the tool.
- Relies on the YAML (Yet Another Markup Language) syntax that's easy to read and write (especially when compared to XML or JSON).
- An emphasis on simplicity and ease of use.
- Does not require the presence of agents on managed systems, which speeds up setups and minimizes performance degradation.
- Highly scalable, allowing users to manage a large number of systems with ease.
- Seamlessly integrates with various other DevOps tools (such as Jenkins, Docker, and Git).
- A wide selection of helpful modules and plugins.
- A large community of users and numerous resources are available.
Main cons of Ansible
- Slow when collecting large volumes of data.
- Limited real-time feedback during code execution.
- Lacks a notion of state and does not track dependencies.
Ansible enables users to both automate and orchestrate configuration-related tasks. Our orchestration vs. automation article explains the difference between the overlapping terms.
Ansible Features
Here's an overview of Ansible's most notable features:
- A simple YAML syntax that enables declarative IaC capabilities.
- A lightweight agentless architecture that does not require users to set up any software on target systems.
- Top-tier configuration management and automation.
- Simplified troubleshooting due to executing tasks sequentially and stopping once the tool identifies an error.
- Idempotent execution enables users to execute the same instructions multiple times without changing the state of the target system.
- SSH communication between the control node and the target systems.
- Enables users to invert its setup to a pull architecture in which nodes request instructions from Ansible (typically done for scaling purposes).
- An extensive collection of pre-built modules (plus allows user-made modules written in Ruby or Python).
- A large number of plugins (both custom and official).
Ansible shares some similarities with K8s. Learn the difference between the two automation tools in our Ansible vs. Kubernetes article.
How Does Ansible Work?
The first step in using Ansible is to define an inventory of nodes (physical servers, virtual machines, cloud instances, etc.) you plan to manage with the tool. There's no need for any additional software or agents on the target machines. The inventory is either a:
- Simple text file.
- Dynamic inventory generated from an external system.
Once you define an inventory, start writing Ansible playbooks in YAML. Playbooks define the tasks required to reach the desired configuration on the target system.
Users write declarative code in playbooks, specifying the desired state of the system, and Ansible automatically performs the requested changes.
Ansible scripts are procedural, so they execute from top to bottom in the order they appear in the playbook. For instance, when setting up an Apache server on a VM as a root user, the playbook must first execute the user creation step before defining the server installation task.
The code in playbooks is quick and straightforward to write, thanks to Ansible modules, small programs that perform specific tasks on target nodes, such as:
- Start a service on target systems.
- Install a package.
- Configure a system.
Ansible connects to nodes via SSH and executes tasks once a playbook is defined. You execute an Ansible playbook using the ansible-playbook command.
Once initiated, the tool connects to every target device in the inventory and executes tasks specified in the playbook.
Learn how to install Ansible on Rocky Linux.
What Is Terraform?
Terraform is an open-source IaC tool for creating, managing, and versioning on-prem and cloud infrastructure. This IaC tool from HashiCorp is primarily an orchestrator and focuses equally on provisioning both types of instances:
- Low-level instances (such as databases, load balancers, and networking).
- High-level instances (such as Kubernetes clusters or SaaS).
Terraform mainly focuses on infrastructure provisioning. The tool enables users to deploy various resources through the use of descriptive languages and models. Terraform uses its native HashiCorp Configuration Language (HCL), a declarative language with a JSON-like syntax.
Main pros of Terraform:
- A human-readable declarative syntax.
- Works on a variety of operating systems (Windows, macOS, Linux, etc.) and supports all major cloud providers.
- Highly consistent and stable infrastructure that supports smooth configuration changes.
- Enables complete resource lifecycle management.
- Exceptional at provisioning and managing cloud-based infrastructure (especially in multi-cloud environments).
- No software is required on target systems.
- Has the backing of a large and active community.
Main cons of Terraform:
- No built-in GUI for any version of the tool.
- Tends to become challenging to manage when dealing with complex systems.
- Requires careful management of the Terraform State file (.tfstate) to avoid merge conflicts.
- Lack of error handling.
Terraform fully integrates with Bare Metal Cloud (BMC), our cloud-native dedicated server platform. It only takes a few lines of HCL code to deploy a brand-new BMC server (as demonstrated in our IaC with Terraform on BMC article).
Terraform Features
Here's a list of Terraform's most notable features:
- A concise and straightforward language with a declarative syntax (the tool also supports an alternate JSON-compatible syntax).
- An agentless architecture that does not require users to install additional software on target systems.
- Enables users to edit, review, and version declarative configuration files through a command-line interface.
- Top-tier infrastructure provisioning and orchestration.
- Provisions immutable infrastructure, so the tool replaces the existing configuration with a new one whenever users make a change.
- State management that enables users to track infrastructure.
- A range of modules that speed up deployments.
- Graphs of all resources and dependencies.
- A plan-and-apply feature that previews changes without performing any updates.
- Drift detection that identifies problematic changes.
- Triggers from within the most popular CI/CD pipelines (GitLab, Jenkins, Circle, etc.).
- Enables the use of custom plugins to extend the tool's functionality.
- Simplified rollbacks thanks to version-controlled configurations and managed states.
Learn how to provision infrastructure with Terraform and see to what extent this tool streamlines deployments.
How Does Terraform Work?
The first step in using Terraform is to define the desired infrastructure in HCL, the tool's native declarative language. You define all the resources (servers, networks, storage, load balancers, etc.) in a TF-config file, after which Terraform does two processes:
- Compare the current state of the infrastructure with the desired state described in the config file.
- Develop a plan to automatically achieve the requested state on the node.
Unlike Ansible, Terraform configuration files do not require organizing tasks in a specific sequence. You can also disperse code in multiple files if that approach makes more sense for your use case.
After creating a plan, the user previews the changes to the current infrastructure before applying an update. If the user approves, Terraform executes the configuration. If you are provisioning cloud computing resources, the tool communicates with the provider's API to create instances.
Once the tool deploys the desired resources, Terraform tracks the state of the infrastructure using a state file. This file records current resources and helps determine required changes on subsequent runs.
Terraform also provides detailed reporting of the infrastructure changes made during execution. The tool communicates any errors or issues that occurred during provisioning to help users identify problems.
Check out our Terraform vs. Puppet comparison to see how Terraform stacks up against one of Ansible's most notable competitors in configuration management.
Ansible vs Terraform: Comparison
The table below offers a detailed Ansible vs Terraform comparison:
| Point of comparison | Ansible | Terraform |
|---|---|---|
| Maintained by | Red Hat | HashiCorp |
| Initial release date | 2012 | 2014 |
| Open source | Yes | Yes |
| Primary focus | Configuration management and automation | Infrastructure provisioning and orchestration |
| Configuration language | YAML | HCL (HashiCorp Configuration Language) |
| Programming approach | A mix of declarative and procedural | Strictly declarative |
| Setup complexity | Simple | Moderate |
| Agentless | Yes | Yes |
| Infrastructure mutability | Mutable infrastructure (i.e., updates components instead of replacing the whole infrastructure) | Immutable infrastructure (i.e., builds the entire system from scratch when you make a change) |
| Idempotent configurations | Yes | Yes |
| Architecture | Master-less, communicates over SSH protocol | Master-less, communicates with providers using APIs |
| State management | No | Yes |
| Packaging and templating | Complete support | Partial support |
| Built-in reporting | No | Yes |
| Push vs. pull | Both | Follows a push workflow |
| Built-in availability features | No | Yes |
| Scalability | High | High |
| GUI support | No for the free version, yes for the enterprise edition | No official GUI (but there are third-party GUIs) |
| Modules | Yes | Yes |
| Community support | Large and active (somewhat lacking in terms of Windows support) | Large and active |
| Detailed documentation | Yes | Yes |
| Learning curve | Moderate | Moderate |
| Optimal use cases | Configuring preexisting systems and network automation | Provisioning infrastructure from scratch and managing cloud-based resources spread across multiple providers |
| Pricing | The basic version is free, the enterprise edition costs ~$10,000 per year for up to 100 nodes | The basic version is free, and the enterprise edition charges custom prices based on usage |
Let's now take a closer look at the most notable differences between Ansible and Terraform.
Orchestration and Configuration Management
Ansible is primarily a configuration management tool, but it provides basic orchestration capabilities, such as:
- Running playbooks in parallel across multiple hosts.
- Performing rolling updates.
- Task control features (task retries, timeouts, error handling, etc.).
- A templating system that allows you to create dynamic configuration files.
On the other hand, Terraform provides far more features that enable users to orchestrate their infrastructure, such as managing complex dependencies between resources or managing multiple environments (development, staging, and production).
However, Terraform is not a full-blown configuration management tool. You can use Terraform to manage certain configuration aspects (e.g., setting up security groups or configuring load balancers), but the tool is not as flexible or robust as Ansible.
Code: Declarative vs. Procedural
Terraform users write declarative code in HCL to describe the desired state of the infrastructure. There's no need to detail how the tool should reach the desired state, as users focus solely on the outcome instead of specific commands and steps.
The alternative to declarative coding is procedural (or imperative) programming, in which you provide the program with a step-by-step guide to completing each task. Ansible is both declarative and procedural since:
- The tool uses YAML, which computers interpret and execute in a procedural manner (i.e., the exact sequence in which you write the code).
- Most Ansible modules work declaratively, so users do not have to specify exact steps for every task.
Ansible enables users to combine the two methodologies without having to adhere to a single paradigm. This mix provides greater flexibility in how you utilize the tool. On the other hand, Terraform's declarative approach is more straightforward and intuitive, but it limits you to a specific way of defining resources.
Generally speaking, procedural languages are an excellent fit for system admins with a background in scripting. Declarative code is typically the preferred option for users with a programming background.
Ease of Use
Ansible is relatively easy to set up and use since:
- The tool is agentless, so you do not have to install any software on target devices.
- YAML-based playbooks are easy to write and read.
- The tool offers a range of pre-built modules that speed up operations.
Ansible tends to become more complex to use as your infrastructure grows. Extensive playbooks and complex dependencies are challenging to manage, particularly for users with limited scripting experience.
Terraform is also relatively easy to set up and use due to simple-to-read HCL and a variety of pre-built modules. However, installing Terraform requires more upfront configuration and setup than Ansible, as it requires the creation of a state file and some backend configuration.
Infrastructure Mutability
Ansible primarily works with mutable infrastructure (an environment that changes after the initial installation). When a user updates the configuration, the tool tweaks the existing infrastructure to reach the desired state.
Terraform relies solely on immutable infrastructure. The tool never modifies servers after deployment; instead, it provisions an entirely new set of infrastructure whenever the user makes a change. Meanwhile, the tool tears down the older set.
Ansible also supports some immutable infrastructure use cases, primarily through VM image creations and the tool's support for configuring container-based environments.
Availability
Ansible lacks built-in features to ensure resource availability, except for automating failover in case of server or service failure.
On the other hand, Terraform has various features for ensuring high availability, such as:
- Deploying resources to multiple cloud providers or availability zones.
- Storing states in a remote backend to improve fault tolerance.
- Creating auto-scaling groups that allow resources to scale automatically based on demand.
Learn about high availability (HA) and see how organizations minimize the likelihood of service downtime.
Ansible vs. Terraform for Provisioning
Ansible is primarily a configuration management tool, but it also offers some provisioning capabilities. The tool enables users to provision resources both in the cloud and on-prem (physical servers, virtual machines, containers, etc.).
Ansible also provisions apps and services, plus has a helpful templating feature that enables users to generate config files dynamically based on variables. However, the tool lacks a notion of state and does not track dependencies, so there's no lifecycle management for provisioned resources.
Terraform is primarily a provisioning tool, so it unsurprisingly offers excellent provisioning capabilities. The tool enables users to:
- Provision resources across multiple cloud providers and on-prem infrastructure.
- Rely on a state management system that tracks the state of resources over time and rolls back changes when necessary.
- Utilize various pre-built modules to deploy from popular cloud providers.
- Use templating to generate configuration files dynamically.
- Preview deployments with the plan-and-apply feature.
If you're looking for a long-term provisioning tool, Terraform is far more flexible and manageable than Ansible. Terraform is also the better option when provisioning cloud-based resources.
Ansible or Terraform: How to Choose
Choosing between Ansible and Terraform comes down to your IT priorities. Ansible is the better option when you're:
- On the market for a configuration management and multi-purpose automation tool.
- Looking to automate a variety of configuration-related tasks.
- In the habit of regularly configuring preexisting resources.
- Relying on a team that prefers working with YAML or has hands-on experience with Ansible.
On the other hand, Terraform is the better choice when you're:
- Running most of your infrastructure in the cloud.
- On the market for an infrastructure provisioning and management tool.
- Looking for an IaC tool with built-in state management and availability features.
- Planning to build infrastructure from scratch.
- Relying on a team that has hands-on experience with Terraform.
Since the two tools complement each other, there are situations in which you should use both Ansible and Terraform. For example, let's say you must provision a Bare Metal Cloud instance with a MySQL server configured with a variety of:
- Port settings.
- Security constraints.
- Performance optimization parameters.
In that scenario, it's a sensible decision to use Terraform to provision the BMC server via the Bare Metal Cloud API and then use Ansible to set up and configure the MySQL database.
Making the most out of Terraform or Ansible requires a high level of DevOps maturity. Check your DevOps maturity level and see whether your team is ready to take on one (or both) of these tools.
Two Complementary, Not Competitive Tools
Ansible and Terraform share similarities, but they serve distinct purposes. Just because you can create resources with Ansible doesn't necessarily mean that's a good long-term solution. Likewise, Terraform is not ideal for in-depth configuration management, so ensure your team has a sound understanding of the go-to use cases for both of these powerful tools.
