This is very true, but it is fairly easy (in that you have to figure out the DSL bits) to abstract it out (into a module) so that your resource (not provisioner) is just calling a script to setup the box specific to the cloud provider.
I started with Ansible and quickly realized it was the Apache Ant of devops. I was programming in yaml, which is really convoluted... =(
I moved onto Terraform and in less than a page of fairly simple DSL, I can spin any number of instances up in the cloud across availability zones, attach storage, setup the box, add the IP -> DNS mapping in cloudflare. Part of what makes this work really well is they have the concept of storing state between runs as part of the core framework, which is something Ansible is missing, without using an external service.
It isn't perfect, but I'm super impressed with what Hashicorp has done.
Yeah so tf and cloudformation are kind of the big options in the aws space. They’re both good tools. But I like tf over cf because I have additional control.
The import functionality is super useful in real life, as is “state hacking”. Yeah so technically it’s an antipattern but when you are down and dirty cloud engineering it is very useful to be able to edit the tf state (by comparison you have no access to the internals of cf) to avoid destroying/migrating databases or other precious resources where it turns out you judged the proper point of ownership wrong. This is not really the reason one is “supposed” to like one tool over another but there it is.
Refactoring infrastructure as code is kind of a dark art, and IMHO tf has a way better story for that. SUPER hard to sell though because the problems are not obvious at all. The main reason is that it exposes state as a first-class concept and although big chunks of that are presented as “internals you should not mess around with” it is a pretty big win in terms of day-to-day engineering (and of course usually you shouldn’t...).
What I do wish is that HashiCorp would finally make using third party providers suck less. They seem super sold on a “registry” and bunch of stuff which solves HC level problems while I would be happy with a URL and a trust relationship...
Yeah so tf and cloudformation are kind of the big options in the aws space. They’re both good tools. But I like tf over cf because I have additional control.
I love Consul+Nomad for job scheduling for on prem deployments. Especially since you can use regular executables and not just Docker containers.
But for AWS, it’s CloudFormation all of the way. Not necessarily because it’s better, but if something weird happens that I can’t figure out, I have an easy button - the business support level of AWS.
I started with Ansible and quickly realized it was the Apache Ant of devops. I was programming in yaml, which is really convoluted... =(
I moved onto Terraform and in less than a page of fairly simple DSL, I can spin any number of instances up in the cloud across availability zones, attach storage, setup the box, add the IP -> DNS mapping in cloudflare. Part of what makes this work really well is they have the concept of storing state between runs as part of the core framework, which is something Ansible is missing, without using an external service.
It isn't perfect, but I'm super impressed with what Hashicorp has done.