1 Terraform state management
Terraform utilizes a state file to store the current state of the infrastructure, which includes the attributes and dependencies of the resources. This file is essential for Terraform to perform operations such as plan, apply, and destroy; however, it can also be a source of problems when working in a team or across multiple environments. Some of these issues include keeping the state file in sync with the actual infrastructure, avoiding conflicts and corruption of the state file, managing sensitive data in the state file, and scaling the state file for large or complex infrastructures. To address these challenges, Terraform offers several features and best practices such as using remote backends to store and access the state file securely and reliably, utilizing state locking to prevent concurrent modifications of the state file, utilizing workspaces to isolate and manage multiple state files, using modules and variables to reuse and customize configurations, utilizing outputs and data sources to share information between configurations, and using sensitive attributes and encryption to protect sensitive data in the state file.
2 Ansible state management
Ansible does not use a state file to manage the infrastructure, but instead relies on the desired state defined in the playbooks and roles. This means that Ansible will only make changes to the hosts if they are not already in the desired state, and that Ansible will describe what to do, rather than how to do it. Some of the advantages of this stateless approach are no need to sync or backup the state file, no risk of conflicts or corruption of the state file, no exposure of sensitive data in the state file, and easier scalability and parallelization of execution. However, there are some drawbacks such as difficulty tracking and auditing changes made by Ansible, dependency on target hosts’ connectivity and availability, lack of native support for dependencies and dependencies resolution, and complexity managing dynamic and heterogeneous infrastructures. To address these drawbacks, Ansible offers features like facts and inventory gathering, handlers and notifications triggering actions based on task results, tags and conditions controlling execution flow and scope, roles and collections structuring reusable configurations, and vault and secrets encrypting sensitive data.
3 Terraform concurrency issues
Terraform concurrency issues happen when multiple users or processes try to modify the same resources simultaneously, which can lead to inconsistent or unexpected outcomes such as two users attempting to create or delete the same resource, or one user trying to update a resource that another user has already modified. These issues can be caused by lack of coordination, communication, visibility, or isolation of resources. To prevent or resolve these issues, Terraform offers features and best practices such as remote backends and state locking for single user access, workspaces and modules for organizing resources, terraform plan and apply for previewing changes, terraform import and refresh for updating existing resources, and terraform taint and untaint for marking resources for recreation.
4 Ansible concurrency issues
Ansible concurrency issues can arise when multiple users or processes attempt to apply the same or conflicting desired states to the same target hosts simultaneously, potentially leading to inconsistent or unexpected outcomes. Such issues can be caused by a lack of coordination or communication between users and processes, lack of visibility or feedback on the desired and actual states of target hosts, and lack of isolation or segregation of the target hosts. To prevent or resolve Ansible concurrency issues, Ansible offers features and best practices such as inventory groups and variables for separating and organizing target hosts, ansible-playbook –check and ansible-playbook –diff for previewing and comparing changes before applying them, ansible-pull and ansible-pull –purge for pulling and applying the latest configurations from a remote repository, ansible-galaxy and ansible-galaxy –force for installing or updating roles and collections from a remote source, and ansible-lint and ansible-test for validating and testing playbooks and roles.
