A few weeks ago I gave Terraform a try. Ansible was my go-to tool when coming to managing servers for quite some time ago and I loved it for its simplicity and flexibility. So what about Terraform?

Well… It depends (I wish I could copyright that response :P). I have a feeling that Terraform along with Packer (because once you in you have to marry HashiCorp ecosystem) can shine when you have to provision hundreds and hundreds of servers on a single cloud provider. You prepare your base image with Packer, provision it with Ansible, Chef or whatever and use that image to spin more server as you need.

Terraform relies on a state you have to store somewhere (locally or remotely). So if you have the existing infrastructure you have to import the state into terraform which can be cumbersome. AFAIK there is some work in progress that should automate this step, so that might not be an obstacle soon/anymore.

Because it keeps state it can plan changes in your infra. This is a great feature because you can see what will be created/changed/removed globally before deciding to apply the change. Additionally, it allows having some fancy things like cost estimation for AWS services you spin up. At the moment it’s a paid feature tho and it gets pricey quite fast ($70/user).

Terraform.io web UI panel (running jobs view)

On the other hand if you use some tool for provisioning / configuring servers later on it gets kinda shady. Suddenly you have two tools that can do almost the same thing. You can use Terraform for managing ‘hard’ infra - spinning up servers, configuring DNSes, setting up alerting and so on. You will introduce some duplication sooner or later tho or you will end up doing some rather weird templates generation based on terraform run (which gets even more complicated if you rely on official Terraform’s remote backend/UI). Because you know - I need to grab that private ip address from the network to configure iptables somewhere etc.

So my advice if you have a handful of servers and your infrastructure doesn’t change much and is rather straightforward (old & boring 😉) - just go with Ansible (or whatever tool of your choice), I don’t see much of a benefit introducing more complexity in the mix.