diff --git a/index.html b/index.html index 6c90d9d..6f6fb01 100644 --- a/index.html +++ b/index.html @@ -8,20 +8,22 @@ - + - + @@ -60,13 +81,15 @@

⚙️ Configuration as Code

Puppet · Ansible · Terraform
— What's the difference and when to use what? —

FinistDevs · 2026

+

Arnaud Prémel-Cabic

Tech Lead @ OVHCloud

-

arnaud.premel-cabic@ovhcloud.com

+

arnaud.premel-cabic@ovhcloud.com

+ OVHcloud
@@ -118,7 +141,7 @@

Configuration as Code

Managing infrastructure through machine-readable files, stored in version control.

-

Reproducible  ·  Versionable  ·  Auditable

+

Reproducible  ·  Versionable  ·  Auditable

@@ -128,20 +151,20 @@ -
+

🏗️ Terraform

Start here. Before you configure a server, you need to have one.

-
+

HCL: HashiCorp Configuration Language.

Declarative, human-readable — and pure JSON works too.
terraform plan previews  ·  terraform apply creates  ·  terraform destroy removes.

-
+

Terraform remembers what it built.

The .tfstate file maps code to real-world resources. Store it remotely.
Depending on what you manage, it can contain plaintext sensitive values — credentials, tokens, secrets.
@@ -149,7 +172,7 @@

-
+

One tool. Every API.

1000+ providers: AWS, GCP, Azure, Cloudflare, GitHub, Kubernetes…
Not just cloud — manage GitHub teams, Datadog monitors, PagerDuty schedules, DNS records.
@@ -157,7 +180,7 @@

-
+

# main.tf


 terraform {
@@ -181,7 +204,7 @@ output "public_ip" {
-
+

In 2023, HashiCorp changed Terraform's license.

BSL instead of MPL — no longer truly open-source.
The community responded: OpenTofu, by the OpenTF Foundation, is the open-source fork.
@@ -189,7 +212,7 @@ output "public_ip" {

-
+

Terraform at scale needs a platform.

Terraform Enterprise / HCP Terraform — HashiCorp's commercial offering: remote state, RBAC, audit logs
@@ -200,13 +223,13 @@ output "public_ip" {

-
+

Ansible

Your servers are provisioned. Now make them do something.

-
+

Push, not pull. SSH, not agents.

YAML playbooks run tasks in order, across any number of hosts.
No daemon. No certificate authority. Just Python + SSH.
@@ -217,7 +240,7 @@ output "public_ip" {

-
+

# playbook/webserver.yml


 - name: Configure web server
@@ -245,14 +268,14 @@ output "public_ip" {
-
+

Not just configuration. Operations.

Patch 200 servers tonight. Roll out a kernel upgrade with a canary strategy. Run a compliance audit across your whole fleet.
Ansible is the tool you reach for when you need to do something — once, or every week.

-
+

The community does the heavy lifting.

Ansible Galaxy — 10,000+ ready-made roles and collections.
Don't write a playbook to install Docker from scratch. Someone already did.
@@ -260,7 +283,7 @@ output "public_ip" {

-
+

Ansible at scale: open-source vs enterprise.

AWX — open-source web UI, API, and scheduler for Ansible
@@ -271,20 +294,20 @@ output "public_ip" {

-
+

🐾 Puppet

Your servers are configured. Now keep them that way.

-
+

Pull, not push. Agents, not SSH.

Every 30 minutes, each puppet-agent polls the Puppet Server, compiles a catalog, and enforces it.
Drift is corrected automatically — without anyone lifting a finger.

-
+

# manifests/webserver.pp


 class webserver {
@@ -307,7 +330,7 @@ class webserver {
-
+

Someone SSH'd in and changed something.

Puppet noticed. Puppet fixed it.
Continuous compliance — not just at deploy time. Every. 30. Minutes.
@@ -318,7 +341,7 @@ class webserver {

-
+

Puppet is for large fleets that can't afford drift.

Continuous compliance, auditability, and guaranteed state — at scale.
Best suited for enterprises with hundreds or thousands of long-lived servers.
@@ -327,7 +350,7 @@ class webserver {

-
+

The ecosystem outlives the company.

Vox Pupuli — 100+ open-source Puppet modules, community-maintained.
OpenVox — an emerging open-source fork of the Puppet core.
@@ -371,6 +394,20 @@ class webserver {