As your application becomes more complicated, you need to make sure all the various components have the right infrastructure and configuration to run smoothly. While you could certainly manage this orchestration manually, it’ll only get more difficult as your system evolves.

Infrastructure as code (IaC) is a practice that helps manage that pain point. You can code how you’d like your infrastructure to look and then apply that to your actual infrastructure resources (locally or in the cloud) so you always have the infrastructure you need—all without having to manually configure things or remember specific configuration steps. IaC gives you a “single source of truth” for all your configuration and allows you to track configuration changes through version control, making it easier to manage.

Ansible, Terraform, Chef, Salt, and Puppet are all tools that facilitate this automatic configuration and orchestration. Of course, each has slightly different capabilities and a slightly different syntax for handling infrastructure provisioning.

Let’s take a look at some of the benefits and drawbacks of these IaC solutions to help you decide which one to adopt. We’ll compare these five tools based on the following metrics:

• Whether they’re procedural or declarative
• Their language support
• Their community support
• Overall user experience
• Their UI/GUI
• Their modularity
• Whether they run as an agent or not

Ansible

Ansible is one of the most flexible automation systems. According to Ansible's documentation, "It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration."

Ansible is a procedural tool, meaning that each Ansible playbook defines the steps to transform your infrastructure or configuration into what it should look like. Ansible primarily uses YAML for its playbooks and Python under the hood. With YAML as a common interface, interfacing with other languages is very straightforward.

Ansible playbooks can be broken down into separate sub-files and included in a larger playbook, making it very modular and easy to organize. Additionally, "Ansible is agentless," which means you don't need any special software installed on your machines to automate them.

Note that while the default version of Ansible relies on writing code in playbooks (YAML files) and executing them using the command line, the enterprise-level Ansible Tower offers a web UI.

With nothing to install and the ability to use existing tools to get up and running quickly, Ansible’s ease of use may help explain its strong community adoption. Ansible has a dedicated and thriving community, with over 200 meetups around the world and even more online interaction and support.

TL;DR: Ansible is most useful when you don't have containerization but need the flexibility to work within almost any system. And because it’s imperative, it’s very straightforward to use and great for all sorts of configuration management needs.

Terraform

Terraform is an "open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure." It uses a language known as HCL for developers to automate infrastructure deployments and safely make changes to their existing configuration, regardless of their cloud provider. It uses connectors known as providers to enable communication between Terraform and the APIs of various platforms and services.

As a tool, Terraform is declarative. The .tf files that are used to configure Terraform describe the ideal end state of your infrastructure without having to detail the infrastructure's configuration. Besides HCL, Terraform can also use JSON, which is familiar to most developers.

Image courtesy of Terraform

The Terraform community is growing, as evident from the 35,000-plus stars on Terraform's GitHub. It also offers a community forum and public bug tracker on GitHub, as well as training and certification options.

With an overall 4.3 star rating on Gartner, Terraform is well-regarded for its flexibility and its broad integration capability provides a solid user experience. Just as with Ansible, your code editor and command line largely serve as Terraform's UI. However, Terraform Cloud does provide a web UI.

By default, Terraform is organized into modules, with the root module as the base of a Terraform configuration. In addition, the Terraform Registry provides many more user-maintained modules that you can add to your configuration. Terraform doesn’t need an agent to manage the resources that it creates and manages, and, due to its popularity, already integrates with many infrastructure providers.

TL;DR: Terraform is most useful when your infrastructure is complex, potentially spread across multiple cloud providers, but you have an ideal infrastructure state you can summarize in a configuration file. Terraform's pre-built integrations also make it a strong choice for managing public cloud resources, like those on AWS, Google Cloud, or Azure.

Chef

Chef is also a system and infrastructure automation platform largely built on open-source tools. However, unlike some of the other tools discussed here, you have to install the Chef agent on each client machine. Although Chef has been around longer than some of the other IaC tools and platforms, its flexibility and advanced capabilities come with a steeper learning curve.

Chef is procedural, meaning that rather than defining the end state, you write configuration code to determine how your infrastructure setup should eventually look. The Chef Infra Language (CIL) is largely based on Ruby, so developers can lean on Ruby when CIL falls short.

According to Chef, "our greatest strength is our community." Chef has a self-learning platform and live streams twice a week. In addition, much of Chef's development happens in the open, on GitHub. Community engagement is important to help counteract the steep learning curve in terms of user experience.

Chef comes with a web interface out of the box. However, in recent versions, this web UI is a paid, premium feature. All Chef cookbooks are modular by default, and cookbooks created by the community can be downloaded from the Chef Supermarket.

TL;DR: Chef is most useful when you’re looking for an established automation tool with a strong community, a solid track record of stability, and a relatively low barrier to entry. It’s also very customizable and can handle complex infrastructure tasks, whereas some of the other providers are better suited to simpler deployments.

Salt

Salt (sometimes known as SaltStack) is an infrastructure management tool focused on high-speed communication between large numbers of systems. Salt aims to be able to communicate with each system in seconds, regardless of the size of your infrastructure. It does this through its remote execution engine, which "creates a high-speed, secure, and bi-directional communication net for groups of systems."

Much like Chef, Salt uses a central master server that controls each of the clients that need to be affected (referred to as minions). It’s built on Python and uses YAML as its configuration language.

Salt is a declarative tool, meaning that you write code that describes the desired state of your infrastructure, and the tooling takes care of the rest. Salt is written in Python, but can interact with many languages and frameworks. It focuses on being simple, extensible, and deterministic. Using its master/minion architecture, Salt provides "a cohesive platform for orchestration and automation between managed systems."

Salt's very long list of supported modules also means it will probably work with whatever tools your development team already uses. While it usually requires an agent to run, it also has an agentless mode that only requires you to install SSH and Python on the target system.

Image courtesy of Salt

The Salt enterprise edition comes with a GUI, but for non-enterprise editions, you'll need a community-maintained version. The Salt community is spread out across several channels, including a mailing list and IRC, and all development happens on Salt's GitHub.

TL;DR: Salt is great for orchestrating a complex configuration of systems and servers that can run the Salt minions. These minions also work well for monitoring resources and processes, so you can always know what’s going on inside your Salt stack.

Puppet

Puppet is an automation tool that focuses on pull-based architecture (like Chef) where the clients pull in changes from a master server. Puppet is most popular with larger companies, particularly its Puppet Enterprise product, and is one of the oldest tools in the configuration management world. Developers and operations staff can use its domain-specific language (DSL) to configure their infrastructure.

Puppet is declarative—you define your ideal configuration and infrastructure state, which Puppet then creates, as opposed to a script that has to be run line by line. Puppet accomplishes this using files called manifests to describe the desired state of a system and uses its own language within these manifests.

Puppet Forge has thousands of modules that you can include in your Puppet configurations to speed up development time. Generally, nodes that are expected to run Puppet require agents, but with Puppet's inventory service, "you can manage nodes and devices (such as network switches and firewalls) without installing the Puppet agent on them."

As one of the oldest tools, Puppet has advanced capabilities and a well-developed GUI. However, its age causes some friction in the user experience, whereas many of the newer tools are much easier to use. Still, Puppet has a widespread community with channels including Slack, dev.to, mailing lists, and even office hours where you can ask questions and get to know community members.

TL;DR: Puppet is useful for teams that are stronger in system administration than programming. The push/pull architecture also makes it easier to detect configuration drift, which is when your deployed configuration is different than what’s specified in your configuration files.

Wrapping up

Any of these tools can improve your infrastructure management and help you avoid some common errors that result from manually provisioned and managed infrastructure. They all have the ability to manage a wide variety of infrastructures and integrations, including Redpanda, for your streaming data needs.

The following table provides a more summarized view of how the tools stack up:

Take Redpanda's free Community edition for a test drive. Make sure to check out our documentation to understand the nuts and bolts of the platform, and browse the Redpanda blog for tutorials and guides on how to easily integrate with Redpanda.

If you get stuck, have a question, or just want to chat with our solution architects, core engineers, and fellow Redpanda users, join our Redpanda Community on Slack.