Q&A: Configuration Management Tools vs Infrastructure as Code

Question

I have been reading lots of articles/blogs regarding Configuration management tools vs IaC, some say that configuration management tools like chef/puppet/ansible are different when compared to provisioning infrastructure and it's a bad practice to use them for infrastructure provisioning. Hence, for provisioning infrastructure tools like Terraform/Cloud Formation are more appropriate.

Few say that, config tools do convert infrastructure into code. Now, which is true? and what is the purpose of config tools, if IaC is already present to provision infrastructure on demand (in the form of code). Could you please help me understand the fundamental differences between them?

Answer

Briefly, yes; We should use tools that specialize in Infrastructure as Code for hardware and tools designed for Configuration Management for software.

But let's provide a bit more insight. In this discussion, let’s focus on cloud services like AWS, Google Cloud, and Azure.

Breaking Down the Use Cases

With Infrastructure as Code (IaC), we use text-based configurations combined with APIs to create, manage, and decommission things like servers, load balancers, databases, and resources in the cloud. Some IaC tools include Cloudformation, Terraform, and Azure Resource Manager. If we think about the most basic use of IaC, it is to provision resources in an automated manner.

With Configuration Management (CM), we use text-based configuration combined with APIs to manage the state of deployed resources, usually at the operating system or software application level. Chef, Puppet, and Ansible are among the most popular CM tools. If we consider the most basic use of CM, it's right there in the name: configuration. Essentially CM tools make sure a system maintains a desired configuration. First by putting a configuration in place and then by making sure the configuration does not drift out of line.

Overlapping Solutions

While IaC and CM have their specific domains, there is some overlap. For example, IaC tools can deploy applications and CM tools can create cloud resources. With both classes of tools offering similar capabilities, it may lead to confusion about which type of tool to select for a task.

There’s no right or wrong answer for which type of tool to pick. However, there are some best practices.

In the most common approach, Infrastructure as Code is used to deploy what one might consider “hardware” -- networks, servers, storage, etc. -- and any associated resources like security groups and permissions needed by the hardware. Once the hardware is in place, Configuration Management is used to deploy and configure the “software” which might include operating systems and applications. In the end, the two approaches work together to properly deploy and manage the complete system.