upvote

points

by orwin20 hours ago |
comments
upvoteby kstrauser17 hours ago|
next
[-]
I curse at Terraform at least once a week, usually right after I’ve discovered some weird arbitrary limitation surprising misfeature. It’s still what I reach for when I need to manage a whole organization. And compared to CloudFormation, it’s the freaking Cistine Chapel of IaC.
reply
upvoteby xorcist15 hours ago|
prev|
next
[-]
I never understood this. Why not use Ansible instead, especially if you already use it? Doubly so when you have Cisco config to manage. The experience is generally so much better it's not comparable, and it is much easier to infer running state.
reply
upvoteby orwin1 hours ago|
parent|
next
[-]
It's not the same purpose. Ansible is useful to configure your IAC, terraform to deploy and handle the state, which is very useful when you have multiple teams working on the same infrastructure.

What you can do if you _really_ like ansible is to use it to generate the terraform files (typically from Jinja2 template). In practice, i think Terragrunt is easier to use if you already have terraform modules. But if i was back at my first "real" job, where we had between 50 and 80 ansible modules (very short ones, it was really good, i've never saw an infrastructure that complex handled that concisely and easily), and if we had to use terraform, i would use ansible to generate terraform files 100%.

reply
upvoteby gchamonlive12 hours ago|
parent|
prev|
next
[-]
Ansible and terraform have some overlap, but they do tend to serve different purposes. The consequences of terraform having a state file should steer your decision.

However, I often find ansible modules to be confusing to use. Maybe with LLMs it's now easier to draft ansible roles and maintain them, but I always had agro whenever I needed to go to the docs for something I've done many times just because the modules are that much inconsistent.

reply
upvoteby xorcist10 hours ago|
parent|
[-]
Setting aside the turing completeness of them, in practice Ansible is a complete superset of Terraform. From experience, the only times you appreciate the state file is when you have uncontrolled changes, in which case you are in for a bad time anyway.

Ansible modules are trivial to write and more people should. Most are trivial in practice and just consists of a few underlying API calls. A dozen line snippet you fully understand is generally not a maintenance burden. A couple of thousand someone else wrote might be.

reply
upvoteby OJFord8 hours ago|
parent|
prev|
[-]
Because one's a language & tool for infrastructure as code, and the other's essentially a low-code ops scripting framework?
reply
upvoteby MrDarcy18 hours ago|
prev|
[-]
We can also use expect to configure Cisco routers and AWS infrastructure, doesn’t mean we should.
reply