I thought this was a known HashiCorp thing - we’ve been using it for a while now to manage a complex multi-account AWS infrastructure, and it’s worked really well.
I’ve run into some limitations, e.g. not being able to interpolate values loaded in files, though I understand the ‘why not’. Or missing features like multi-AZ elasticache redis.
It also feels a bit dangerous since you could do something REALLY bad like wipe out your RDS instances. We always run a plan (in our CI, even), but I do worry that somebody may miss a +/- where they expect a ~ (destroy/create vs modify) in the plan. We adjusted our IAM permissions to prevent deletes from most accounts to help mitigate that risk.
It’s really nice to be able to manage our infrastructure as code - we keep in a git repository and have a workflow around it that way.
Ever since this was imported as a port to OpenBSD I have been meaning to set some time aside to compare it against Ansible but I haven’t gotten around to it yet.
Do you happen to have experience with tools like Ansible and how do they compare to terraform?
These are different use cases: Ansible is used to configure an installed OS; Terraform gets you from cloud API to an installed OS that Ansible (or Chef, or Puppet, or CFEngine, or a bunch of shell scripts) can manage: AWS instance, storage volumes, security groups, networking setup, DNS, and so on (I use AWS cloud as an example, because this is what I work with; Terraform supports multiple cloud providers, and to some extent non-cloud infrastructure too).
I’m not sure what open source tool could I compare Terraform to; within the AWS ecosystem, the closest thing is CloudFormation.
Edit: here’s a good overview of how Terraform is useful (half year old now, so some of the details might be out of date): https://charity.wtf/2016/02/23/two-weeks-with-terraform/
Oh, Ansible has lots of modules for AWS, Google, Azure and friends but there is no built-in abstraction so I need plays for each provider I want to use.
Nope, I’m fairly new to devopsing, sorry. Terraform is the only tool of this nature I’ve used.
We’re big believers in Terraform at http://mantl.io. We use it to bring up cloud hosts that we then provision with Ansible. Terraform allows us to easily support 6+ public and private cloud environments.
I especially love the lack of abstraction; cloud providers really do just support different resources, and you should make educated decision about which ones you need in each environment.