ministicraft/finistdev-configuration-as-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ministicraft:fa76a3a19a51c2ab2c4c9affdcc47bd058b658a5
Branches Tags
ministicraft:master ministicraft:pages
...
compare: ministicraft:pages
Branches Tags
ministicraft:master ministicraft:pages

20 Commits
fa76a3a19a ... pages

Author SHA1 Message Date
Arnaud Prémel-Cabic
e4e42f3e69 docs: slide 33 — add speaker notes on Puppet's CA/certificate auth model 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 14:59:09 +02:00
Arnaud Prémel-Cabic
e763f16a07 docs: slide 14 — add a small HCL example illustrating block anatomy 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 14:50:12 +02:00
Arnaud Prémel-Cabic
9b33886075 feat: vendor tool icons and "this is fine" GIF locally 
Download the Terraform/Ansible/Puppet simpleicons SVGs and the giphy
GIF into vendor/ and point all references at local paths, so the deck
runs fully offline with no runtime CDN dependencies.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 14:41:55 +02:00
Arnaud Prémel-Cabic
b93bf81151 docs: slide 41 — drop Copilot credit, reword to "with the help of Claude" 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:57:45 +02:00
Arnaud Prémel-Cabic
0e1f2d896b docs: slides 39/40 — note Ansible for on-demand one-off patching 
Highlight Ansible's punctual/push ops (single patch on demand) alongside
config/deploy, contrasted with Puppet's continuous enforcement.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:55:48 +02:00
Arnaud Prémel-Cabic
b53bb67791 fix: slide 39 SVG — correct a-down arrow marker orientation 
Marker polygon pointed down while orient=auto expects a right-pointing
arrow, so the heads rendered sideways. Use a right-pointing triangle
with proper refX/refY so orient=auto rotates it to point down.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:53:33 +02:00
Arnaud Prémel-Cabic
6e32edfe28 docs: slide 38 — add Perforce/OpenVox context in speaker notes 
Keep the slide bullet concise; detail the Nov 2024 Perforce binary
lockdown, the developer/commercial EULA, and the Jan 2025 OpenVox
8.11 fork in the notes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:50:38 +02:00
Arnaud Prémel-Cabic
c80049b0ce fix: slide 36 SVG — move loop label above the curved arrow 
"continuous enforcement loop" overlapped the top arc; raise it
above the curve (y 42 -> 22).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:46:45 +02:00
Arnaud Prémel-Cabic
a208ff4986 fix: slide 33 SVG — move Puppet Server label above box 
Label was behind the pull arrows; move it on top of the box, shift
the box/icons down to make room, and re-point arrows to the new edge.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:42:37 +02:00
Arnaud Prémel-Cabic
4d22fc0f2a docs: fix slide 30 Ansible core license Apache 2.0 -> GPLv3 
Same correction as slide 23 — ansible-core is GPLv3, not Apache 2.0
(slide line + speaker note)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:36:50 +02:00
Arnaud Prémel-Cabic
f8db0fda48 docs: slide 29 Galaxy — minimal install example, trusted-source guidance in notes 
- replace specific geerlingguy example with generic
  ansible-galaxy install <namespace>.<role>
- move trusted/official/certified supply-chain guidance into speaker notes

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:35:36 +02:00
Arnaud Prémel-Cabic
99cc2de41e docs: link slide 26 dynamic inventory to Terraform state 
- dynamic example now uses cloud.terraform.terraform_state plugin
  reading the .tfstate from the earlier Terraform slides
- notes explain the Terraform -> Ansible handoff (single source of truth)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:29:38 +02:00
Arnaud Prémel-Cabic
d085952a69 style: set global header/bullet sizing, drop inline overrides 
- .reveal h2 -> 1.05em; section ul -> 0.9em globally
- keep Terraform/Ansible/Puppet divider titles large (2em on colored span)
- remove per-slide inline font-size overrides on slides 13/16/20/21/26

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:26:11 +02:00
Arnaud Prémel-Cabic
e893e39871 docs: add Ansible inventory slide (static vs dynamic) + Jinja2 notes 
- new slide 26: inventory construction — static YAML vs dynamic
  OpenStack plugin, with side-by-side examples and notes
- renumber subsequent slide markers 26-40 -> 27-41 (now 41 slides)
- slide 25: add Jinja2 templating speaker notes

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:22:25 +02:00
Arnaud Prémel-Cabic
b1dab6fde4 docs: fix Ansible license + bullet sizing + slide 21 notes 
- slide 23: Apache 2.0 -> GPLv3 (bullet + note), BSL -> BUSL in note
- slide 21: add Scalr to SaaS list in notes
- slides 13/16/20/21: shrink bullet lists to 0.9em

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 11:05:03 +02:00
Arnaud Prémel-Cabic
58ae6e890d docs: fix slide 20 OpenTofu facts + slide 21 heading size 
- slide 20: BSL -> BUSL 1.1; "OpenTF Foundation" -> CNCF project;
  soften "fully compatible" to "diverging features"; note CNCF since 2025
- slide 21: smaller heading to match slide 20

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 10:58:33 +02:00
Arnaud Prémel-Cabic
5b11b26642 docs: refine Terraform slides (providers, versions, copy) 
- slide 7: "Snowflake Hell" -> "configuration drift"
- slide 8: drop "Prod breaks on a Tuesday" bullet
- slide 13: BSL -> BUSL 1.1
- slide 17: lead with FR/EU providers (OVHcloud, Scaleway, Clever Cloud), drop GCP/Azure
- slide 18: Debian 13, OVH provider ~> 2.0, add version-syntax note
- slide 19: bump versions (openstack v3.4.0, ovh v2.13.1), minimal "..." trim markers + notes
- slide 20: smaller heading

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 10:54:09 +02:00
Arnaud Prémel-Cabic
b7b7998f22 docs: switch README to FR title + bilingual abstract 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-01 14:18:35 +02:00
Arnaud Prémel-Cabic
f8dc80027f feat: add speaker notes to all 40 slides 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-01 10:37:33 +02:00
Arnaud Prémel-Cabic
07ca8f2e3d docs: add title and abstract to README 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-01 10:17:42 +02:00
6 changed files with 422 additions and 61 deletions
Expand all files Collapse all files

16
README.md
View File

@@ -1,6 +1,18 @@
# Configuration as Code Puppet vs Ansible vs Terraform
# Terraform, Ansible & Puppet — Les Trois Mousquetaires de la Configuration as Code
Presentation for the **Finistère Dev Meetup**.
Présentation pour le **Finistère Dev Meetup**.
## 📝 Abstract (FR)
> Gérer un serveur à la main, ça se fait. En gérer 10, c'est encore faisable. Mais provisionner, configurer et maintenir 100, 1000+ serveurs, c'est une autre histoire.
>
> Et si votre infrastructure n'était que du code ? Venez découvrir comment provisionner, configurer et maintenir facilement une flotte de serveurs avec les Trois Mousquetaires de la Configuration as Code : Terraform, Ansible et Puppet. Que sont ces outils, à quoi servent-ils, et comment sont-ils complémentaires ?
## 📝 Abstract (EN)
> Managing one server by hand? Doable. Managing 10 by hand? Still manageable. But provisioning, configuring and maintaining 100, 1000+ servers — that's another story.
>
> What if your infrastructure was just code? Come discover how to easily provision, configure and maintain a fleet of servers with the Three Musketeers of Configuration as Code: Terraform, Ansible and Puppet. What are these tools, what do they do, and how are they complementary?
## 🌐 View the slides

464
index.html
View File

@@ -54,7 +54,15 @@
.reveal h1, .reveal h2 { text-align: left; }
.reveal h1 { font-size: 1.8em; }
.reveal h2 { font-size: 1.3em; }
.reveal h2 { font-size: 1.05em; }
/* Content bullet lists sit a touch smaller than the heading */
.reveal .slides section ul { font-size: 0.9em; }
/* Section-divider titles (Terraform / Ansible / Puppet) stay large */
.reveal h2 .tf-col,
.reveal h2 .ansible-col,
.reveal h2 .puppet-col { font-size: 2em; }
.title-slide, .title-slide h1 { text-align: center !important; }
.title-slide .subtitle { color: var(--ods-text); }
@@ -124,11 +132,18 @@
<section class="title-slide">
<h1>Configuration as Code</h1>
<p class="subtitle">
<img src="https://cdn.simpleicons.org/puppet/C17F00" alt="Puppet" style="height:0.9em; vertical-align:middle;"> Puppet ·
<img src="https://cdn.simpleicons.org/ansible" alt="Ansible" style="height:0.9em; vertical-align:middle;"> Ansible ·
<img src="https://cdn.simpleicons.org/terraform" alt="Terraform" style="height:0.9em; vertical-align:middle;"> Terraform
<img src="vendor/icons/puppet.svg" alt="Puppet" style="height:0.9em; vertical-align:middle;"> Puppet ·
<img src="vendor/icons/ansible.svg" alt="Ansible" style="height:0.9em; vertical-align:middle;"> Ansible ·
<img src="vendor/icons/terraform.svg" alt="Terraform" style="height:0.9em; vertical-align:middle;"> Terraform
<br>— What's the difference and when to use what? —</p>
<p class="meta">FinistDevs · 2026</p>
<aside class="notes">
<ul>
<li>Welcome — quick intro to the topic: how we manage infrastructure as code.</li>
<li>Three tools compared: Puppet, Ansible, Terraform — what each is for, when to pick which.</li>
<li>Goal: not "which is best" but understanding their distinct roles.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 2 : Speaker intro ─────────────────────────────────── -->
@@ -136,18 +151,37 @@
<h2>Arnaud Prémel-Cabic</h2>
<p>Tech Lead @ OVHCloud</p>
<p><small style="color:var(--ods-text);">arnaud.premel-cabic@ovhcloud.com</small></p>
<aside class="notes">
<ul>
<li>Tech Lead at OVHcloud — work with these tools daily.</li>
<li>Keep it short, get to the content.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 3 ─────────────────────────────────────────────────── -->
<section>
<h2>"It works on my server."</h2>
<p><em>Why doesn't it work here when it works everywhere else?</em></p>
<aside class="notes">
<ul>
<li>The classic excuse — everyone's heard it (or said it).</li>
<li>Hook: the real problem isn't the code, it's the un-managed environment.</li>
<li>Sets up the whole talk: configuration we can't reproduce.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 4 ─────────────────────────────────────────────────── -->
<section>
<h2>You have a server. It works.</h2>
<p><em>Great.</em></p>
<aside class="notes">
<ul>
<li>One server, configured by hand — totally fine at this scale.</li>
<li>No tooling needed yet. The pain starts when you grow.</li>
</ul>
</aside>
<!-- SVG1 — single server, green check -->
<svg width="700" height="250" viewBox="0 0 700 250" style="margin-top:0.5em;" xmlns="http://www.w3.org/2000/svg">
<!-- Server body -->
@@ -179,6 +213,12 @@
<li>10 manual edits</li>
<li>10 chances to make a mistake</li>
</ul>
<aside class="notes">
<ul>
<li>Manual edits don't scale — repetition breeds error.</li>
<li>Did you apply the change to all 10? Identically? You can't be sure.</li>
</ul>
</aside>
<!-- SVG2 — laptop + 10 servers fan-out -->
<svg width="720" height="260" viewBox="0 0 720 260" style="margin-top:0.5em;" xmlns="http://www.w3.org/2000/svg">
<!-- Laptop body -->
@@ -269,6 +309,13 @@
<li>Some 2 years old. Some a few months. Some brand new.</li>
<li>None of them are exactly alike.</li>
</ul>
<aside class="notes">
<ul>
<li>Different ages, different patch levels, manual tweaks over time.</li>
<li>Point at the snowflakes/warnings in the diagram — each box is subtly different.</li>
<li>This is the reality of a hand-managed fleet.</li>
</ul>
</aside>
<!-- SVG3 — 100-server chaos grid with drift indicators -->
<svg width="700" height="260" viewBox="0 0 700 260" style="margin-top:0.5em;" xmlns="http://www.w3.org/2000/svg">
<defs>
@@ -403,8 +450,15 @@
<!-- ─── SLIDE 7 ─────────────────────────────────────────────────── -->
<section>
<h2>Unique. Unreproducible. Undocumented.</h2>
<p><em>Welcome to Snowflake Hell.</em></p>
<img src="https://media.giphy.com/media/QMHoU66sBXqqLqYvGO/giphy.gif"
<p><em>Welcome to configuration drift.</em></p>
<aside class="notes">
<ul>
<li>"Snowflake servers" — unique, fragile, impossible to recreate.</li>
<li>The "this is fine" meme — we've all normalized this chaos.</li>
<li>Lighten the mood, then pivot to the consequences.</li>
</ul>
</aside>
<img src="vendor/img/this-is-fine.gif"
alt="This is fine"
style="height:220px; margin-top:0.5em; border-radius:6px;">
</section>
@@ -413,11 +467,17 @@
<section>
<h2>Configuration drift is silent…</h2>
<ul>
<li>Prod breaks on a Tuesday</li>
<li>Can't reproduce the bug locally</li>
<li>Can't scale reliably</li>
<li>Can't onboard a new server without fear</li>
</ul>
<aside class="notes">
<ul>
<li>Define drift: state slowly diverging from intent, T0 → T2 in the diagram.</li>
<li>It's silent — no alarm goes off until prod breaks.</li>
<li>These four pains are why we need Configuration as Code.</li>
</ul>
</aside>
<svg width="750" height="220" style="margin-top:0.5em;" viewBox="0 0 750 220" xmlns="http://www.w3.org/2000/svg">
<line x1="60" y1="180" x2="700" y2="180" stroke="#666666" stroke-width="2.5"/>
<polygon points="700,174 720,180 700,186" fill="#666666"/>
@@ -483,12 +543,26 @@
<circle cx="652" cy="124" r="3" fill="#00a344"/>
</svg>
<small style="position:absolute; bottom:40px; right:0; color:var(--ods-neutral-600); font-size:0.45em;">*Like this presentation 🤖</small>
<aside class="notes">
<ul>
<li>The pitch: describe infra in files, deploy reproducibly.</li>
<li>Aside on AI: it can write the code, but you must understand what it deploys — own the result.</li>
<li>Fun fact: this deck itself was built with AI assistance.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 10 ────────────────────────────────────────────────── -->
<section>
<h2>Configuration as Code</h2>
<p>Machine-readable files. Version-controlled. Automated.</p>
<aside class="notes">
<ul>
<li>Three core benefits: reproducible, versionable, auditable.</li>
<li>Same input → same result. Git history = change log. Know who changed what & when.</li>
<li>This is the foundation all three tools share.</li>
</ul>
</aside>
<svg width="750" height="220" style="margin-top:0.5em;" viewBox="0 0 750 220" xmlns="http://www.w3.org/2000/svg">
<!-- Reproducible -->
<g transform="translate(125,80)">
@@ -531,17 +605,30 @@
<section style="text-align:center;">
<h2 style="text-align:center;">Meet the three musketeers of infrastructure.</h2>
<p style="font-size:1.2em; margin-top:1em;">
<img src="https://cdn.simpleicons.org/puppet/C17F00" alt="Puppet" style="height:0.9em; vertical-align:middle;"> <span class="puppet-col">Puppet</span> &nbsp;·&nbsp;
<img src="https://cdn.simpleicons.org/ansible" alt="Ansible" style="height:0.9em; vertical-align:middle;"> <span class="ansible-col">Ansible</span> &nbsp;·&nbsp;
<img src="https://cdn.simpleicons.org/terraform" alt="Terraform" style="height:0.9em; vertical-align:middle;"> <span class="tf-col">Terraform</span>
<img src="vendor/icons/puppet.svg" alt="Puppet" style="height:0.9em; vertical-align:middle;"> <span class="puppet-col">Puppet</span> &nbsp;·&nbsp;
<img src="vendor/icons/ansible.svg" alt="Ansible" style="height:0.9em; vertical-align:middle;"> <span class="ansible-col">Ansible</span> &nbsp;·&nbsp;
<img src="vendor/icons/terraform.svg" alt="Terraform" style="height:0.9em; vertical-align:middle;"> <span class="tf-col">Terraform</span>
</p>
<p><em>Each solves a different problem.</em></p>
<aside class="notes">
<ul>
<li>Introduce the three: Puppet, Ansible, Terraform.</li>
<li>Tease the punchline early: they're complementary, not rivals.</li>
<li>We'll go through them in deploy order: provision → configure → enforce.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 12 : Terraform intro ──────────────────────────────── -->
<section class="s-tf">
<h2><span class="tf-col">Terraform</span></h2>
<p>Start here. Before you configure a server, you need to have one.</p>
<aside class="notes">
<ul>
<li>First layer: provisioning. You can't configure what doesn't exist.</li>
<li>Terraform's job is creating the infrastructure itself.</li>
</ul>
</aside>
</section>
@@ -552,14 +639,34 @@
<li><strong>Infrastructure as Code</strong> tool for provisioning cloud resources</li>
<li>Created by <strong>HashiCorp</strong> in 2014</li>
<li>Written in <strong>Go</strong></li>
<li>BSL license since 2023 (was MPL)</li>
<li>BUSL 1.1 license since 2023 (was MPL)</li>
</ul>
<aside class="notes">
<ul>
<li>The IaC standard for cloud provisioning.</li>
<li>HashiCorp, 2014, Go. Flag the 2023 license change — we'll come back to it (OpenTofu).</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 14 : Terraform concepts ───────────────────────────── -->
<section class="s-tf">
<h2>HCL: HashiCorp Configuration Language</h2>
<p>Declarative, human-readable — pure JSON works too.</p>
<pre><code class="language-hcl" data-trim>
resource "openstack_compute_instance_v2" "web" {
name = "finistdevs-web"
flavor_name = "b3-8"
tags = ["web", "demo"]
}
</code></pre>
<aside class="notes">
<ul>
<li>Declarative: you describe the desired end state, not the steps.</li>
<li>HCL is the common language across all HashiCorp tools.</li>
<li>Block anatomy: a block type (<code>resource</code>), two labels (provider type + local name), then <code>key = value</code> arguments — strings, lists, etc.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 15 : Terraform workflow ───────────────────────────── -->
@@ -571,6 +678,13 @@
<li><code>terraform apply</code> — create or update resources</li>
<li><code>terraform destroy</code> — tear everything down</li>
</ul>
<aside class="notes">
<ul>
<li>Key safety feature: plan lets you preview before anything changes.</li>
<li>Always review the plan — this is what makes Terraform safe in prod.</li>
<li>apply is idempotent; destroy cleanly removes everything it created.</li>
</ul>
</aside>
<svg width="900" height="150" style="margin-top:0.5em;" viewBox="0 0 900 150" xmlns="http://www.w3.org/2000/svg">
<defs>
<marker id="wf-arrow" viewBox="0 0 10 7" refX="10" refY="3.5" markerWidth="10" markerHeight="7" orient="auto-start-auto">
@@ -630,6 +744,13 @@
<li>May contain sensitive values: credentials, tokens, secrets</li>
</ul>
<p><em>Handle with care.</em></p>
<aside class="notes">
<ul>
<li>State is how Terraform knows what it already built — maps code to real resources.</li>
<li>Two big gotchas: store it remotely (team access + locking), never commit it (secrets inside).</li>
<li>Lost or corrupt state = Terraform loses track of reality.</li>
</ul>
</aside>
<svg width="750" height="220" style="margin-top:0.5em;" viewBox="0 0 750 220" xmlns="http://www.w3.org/2000/svg">
<defs>
<marker id="st-arrow" viewBox="0 0 8 6" refX="8" refY="3" markerWidth="8" markerHeight="6" orient="auto-start-auto">
@@ -696,10 +817,17 @@
<section class="s-tf">
<h2>One tool. Every API.</h2>
<ul>
<li><strong>1000+ providers</strong>AWS, GCP, Azure, Cloudflare, GitHub, Kubernetes…</li>
<li><strong>1000+ providers</strong>OVHcloud, Scaleway, Clever Cloud, AWS, Cloudflare, Kubernetes…</li>
<li>Not just cloud — DNS, monitoring, CI/CD, anything with an API</li>
</ul>
<p><em>If it has an API, there's a Terraform provider for it.</em></p>
<aside class="notes">
<ul>
<li>The real power: one workflow for everything, not just one cloud.</li>
<li>Examples beyond cloud: DNS records, GitHub repos, monitoring dashboards.</li>
<li>Providers are the plugin ecosystem that makes Terraform universal.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 18 : Terraform code ───────────────────────────────── -->
@@ -709,13 +837,13 @@
terraform {
required_providers {
openstack = { source = "terraform-provider-openstack/openstack", version = "~> 3.0" }
ovh = { source = "ovh/ovh", version = "~> 1.0" }
ovh = { source = "ovh/ovh", version = "~> 2.0" }
}
}
resource "openstack_compute_instance_v2" "web" {
name = "finistdevs-web"
image_name = "Debian 12"
image_name = "Debian 13"
flavor_name = "b3-8"
network { name = "Ext-Net" }
}
@@ -727,6 +855,14 @@ resource "ovh_domain_zone_record" "web" {
target = openstack_compute_instance_v2.web.access_ip_v4
}
</code></pre>
<aside class="notes">
<ul>
<li>Real OVHcloud example: spin up an instance, then point a DNS record at it.</li>
<li>Note the implicit dependency — the DNS record references the instance's IP, so Terraform orders them automatically.</li>
<li>Two different providers (OpenStack + OVH) working together in one file.</li>
<li>Version syntax: <code>~&gt;</code> is the pessimistic constraint operator. <code>~&gt; 2.0</code> allows any 2.x (&gt;= 2.0, &lt; 3.0) — patch and minor updates, but never a breaking major bump. <code>~&gt; 2.13.0</code> would pin tighter, allowing only 2.13.x.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 19 : Terraform CLI ────────────────────────────────── -->
@@ -736,16 +872,17 @@ resource "ovh_domain_zone_record" "web" {
$ terraform init
Initializing provider plugins...
- Finding terraform-provider-openstack/openstack versions matching "~> 3.0"...
- Finding ovh/ovh versions matching "~> 1.0"...
- Installing terraform-provider-openstack/openstack v3.0.0...
- Installing ovh/ovh v1.3.0...
- Finding ovh/ovh versions matching "~> 2.0"...
- Installing terraform-provider-openstack/openstack v3.4.0...
- Installing ovh/ovh v2.13.1...
Terraform has been successfully initialized!
$ terraform plan
openstack_compute_instance_v2.web: Refreshing state...
...
Plan: 2 to add, 0 to change, 0 to destroy.
$ terraform apply
...
openstack_compute_instance_v2.web: Creating...
openstack_compute_instance_v2.web: Creation complete after 45s [id=abc-123]
ovh_domain_zone_record.web: Creating...
@@ -753,16 +890,34 @@ ovh_domain_zone_record.web: Creation complete after 3s [id=456]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
</code></pre>
<aside class="notes">
<ul>
<li>Walk the lifecycle: init (download providers) → plan → apply.</li>
<li>"2 added, 0 changed, 0 destroyed" — exactly the diff you reviewed, nothing more.</li>
<li>Re-running apply with no changes does nothing — that's idempotence.</li>
<li>Each <code>...</code> on the slide hides real output — call it out so nobody thinks Terraform is this terse.</li>
<li>The <code>...</code> after <code>plan</code>: a full per-resource <code>+</code>/<code>-</code> diff of every attribute Terraform will set — this is what you actually review.</li>
<li>The <code>...</code> after <code>apply</code>: Terraform replays that same plan, then pauses for an interactive "yes" prompt — skip it with <code>-auto-approve</code> in CI.</li>
<li>I also trimmed init: real output adds backend init, "Installed … (signed by …)" lines, and the <code>.terraform.lock.hcl</code> being written.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 20 : OpenTofu ─────────────────────────────────────── -->
<section class="s-tf">
<h2>HashiCorp changed Terraform's license.</h2>
<ul>
<li><strong>BSL</strong> instead of MPL — no longer truly open-source</li>
<li>The community responded: <strong>OpenTofu</strong>, by the OpenTF Foundation</li>
<li><strong>BUSL 1.1</strong> instead of MPL — no longer truly open-source</li>
<li>The community responded: <strong>OpenTofu</strong>, now a CNCF project</li>
</ul>
<p><em>Drop-in replacement. Fully compatible. Community-driven.</em></p>
<p><em>Drop-in for migration. Diverging features. Community-driven.</em></p>
<aside class="notes">
<ul>
<li>2023: HashiCorp moved to BUSL 1.1 — restricts commercial competitors, not truly open-source anymore.</li>
<li>Community forked it: OpenTofu, accepted into the Linux Foundation in 2023, a CNCF project since 2025.</li>
<li>Practical takeaway: drop-in compatible, swap the binary. Worth knowing for licensing-sensitive orgs.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 21 : Terraform platforms ──────────────────────────── -->
@@ -774,12 +929,25 @@ Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
<li><strong>Atlantis</strong> — open-source, plan &amp; apply from pull requests</li>
<li><strong>env0, Scalr</strong> — SaaS with policy &amp; cost management</li>
</ul>
<aside class="notes">
<ul>
<li>Running Terraform from a laptop doesn't scale to a team.</li>
<li>You need: shared/locked state, RBAC, audit, plan-on-PR, policy & cost guardrails.</li>
<li>Range from SaaS (HCP, Spacelift, env0, Scalr) to self-hosted open-source (Atlantis).</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 22 : Ansible intro ────────────────────────────────── -->
<section class="s-ansible">
<h2><span class="ansible-col">Ansible</span></h2>
<p>Your servers are provisioned. Now make them do something.</p>
<aside class="notes">
<ul>
<li>Second layer: configuration. The VMs exist — now install and set things up.</li>
<li>Transition: Terraform built the box, Ansible makes it useful.</li>
</ul>
</aside>
</section>
@@ -790,8 +958,14 @@ Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
<li><strong>Agentless automation</strong> tool for configuration and orchestration</li>
<li>Created by <strong>Michael DeHaan</strong> in 2012</li>
<li>Acquired by <strong>Red Hat</strong> in 2015</li>
<li>Written in <strong>Python</strong>Apache 2.0 license</li>
<li>Written in <strong>Python</strong>GPLv3 license</li>
</ul>
<aside class="notes">
<ul>
<li>Key differentiator: agentless — nothing to install on targets.</li>
<li>Red Hat backed, Python, genuinely open-source (GPLv3) — contrast with Terraform's BUSL.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 24 : Ansible concepts ─────────────────────────────── -->
@@ -802,6 +976,13 @@ Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
<li>Nothing to install on target servers — just <strong>Python + SSH</strong></li>
<li>Idempotent modules — same playbook runs safely again and again</li>
</ul>
<aside class="notes">
<ul>
<li>Push model: control node connects out over SSH and runs tasks — point at the diagram.</li>
<li>"Agentless" = just needs Python + SSH on the target, no daemon.</li>
<li>Idempotent modules: re-running is safe, only changes what's needed.</li>
</ul>
</aside>
<svg width="750" height="250" viewBox="0 0 750 250" xmlns="http://www.w3.org/2000/svg" style="margin-top:0.5em;">
<defs>
<marker id="a-push" viewBox="0 0 10 7" refX="9" refY="3.5" markerWidth="9" markerHeight="7" orient="auto">
@@ -865,9 +1046,58 @@ Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
name: nginx
state: restarted
</code></pre>
<aside class="notes">
<ul>
<li>Plain YAML — tasks run top to bottom against the "webservers" group.</li>
<li>become: true = run as root (sudo).</li>
<li>Handlers are the neat bit: restart nginx only if the config actually changed.</li>
<li>The <code>.j2</code> in <code>nginx.conf.j2</code> = Jinja2, Ansible's templating engine. The template module renders it on the control node — <code>{{ variables }}</code>, <code>{% if %}</code>/<code>{% for %}</code> logic, filters like <code>{{ value | default(...) }}</code> — then ships the result to <code>dest</code>.</li>
<li>That's how one template serves many hosts: same file, per-host values from inventory/group_vars.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 26 : Ansible CLI ──────────────────────────────────── -->
<!-- ─── SLIDE 26 : Ansible inventory ────────────────────────────── -->
<section class="s-ansible">
<h2>Who runs where? The inventory.</h2>
<ul>
<li><strong>Static</strong> — a hand-written INI/YAML file of hosts &amp; groups. Simple, versioned, ideal for stable fleets.</li>
<li><strong>Dynamic</strong> — a plugin builds the host list at runtime. Best source here: <strong>the Terraform state we just wrote</strong> — Ansible configures exactly what Terraform provisioned.</li>
</ul>
<div style="display:flex; gap:1.5em; margin-top:0.3em; text-align:left;">
<div style="flex:1;">
<p class="filename"># inventory.yml — static</p>
<pre><code class="language-yaml" data-trim>
webservers:
hosts:
web-01:
ansible_host: 10.0.0.11
web-02:
ansible_host: 10.0.0.12
</code></pre>
</div>
<div style="flex:1;">
<p class="filename"># terraform.yml — dynamic (from TF state)</p>
<pre><code class="language-yaml" data-trim>
plugin: cloud.terraform.terraform_state
backend_type: local
backend_config:
path: ../terraform/terraform.tfstate
</code></pre>
</div>
</div>
<aside class="notes">
<ul>
<li>The <code>-i</code> flag on the next slide points here — Ansible needs to know which hosts to target.</li>
<li><strong>Static</strong>: explicit list checked into Git. Predictable, but you maintain it by hand.</li>
<li><strong>This is the Terraform → Ansible handoff</strong>: Terraform creates the instance and records it in <code>.tfstate</code> (remember slide 16); the <code>cloud.terraform.terraform_state</code> plugin reads that same state and turns each resource into an Ansible host. One source of truth — no second host list to keep in sync.</li>
<li>Other dynamic sources exist too — cloud plugins like <code>openstack.cloud.openstack</code> or AWS/OVHcloud query the provider API directly. <code>keyed_groups</code> build groups from tags/metadata.</li>
<li>Provision with Terraform, then immediately configure with Ansible against the freshly-created hosts — that's the combined workflow we land on at the end.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 27 : Ansible CLI ──────────────────────────────────── -->
<section class="s-ansible">
<p class="filename">$ terminal</p>
<pre><code class="language-bash" data-trim data-noescape>
@@ -890,9 +1120,16 @@ changed: [finistdevs-web]
PLAY RECAP ********************************************************************
finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
</code></pre>
<aside class="notes">
<ul>
<li>"ok" vs "changed" — ok means already in desired state, changed means it acted. That's idempotence visible in the output.</li>
<li>The handler only fired because the config task reported "changed".</li>
<li>Run it again and everything would be "ok", changed=0.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 27 : Ansible operations ───────────────────────────── -->
<!-- ─── SLIDE 28 : Ansible operations ───────────────────────────── -->
<section class="s-ansible">
<h2>Not just configuration. Operations.</h2>
<ul>
@@ -901,19 +1138,37 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
<li>Run a compliance audit across your whole fleet</li>
</ul>
<p><em>The go-to tool for one-off tasks and recurring operations.</em></p>
<aside class="notes">
<ul>
<li>Ansible isn't only "set up a server once" — it shines for ad-hoc operations.</li>
<li>Imperative/orchestration angle: patching, rolling upgrades, canary, audits across the fleet.</li>
<li>This is where it differs most from Puppet's "always converge" model.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 28 : Ansible Galaxy ───────────────────────────────── -->
<!-- ─── SLIDE 29 : Ansible Galaxy ───────────────────────────────── -->
<section class="s-ansible">
<h2>The community does the heavy lifting.</h2>
<ul>
<li><strong>Ansible Galaxy</strong> — 10,000+ ready-made roles and collections</li>
<li>Don't write a playbook to install Docker from scratch — someone already did</li>
</ul>
<p><em>Just <code>ansible-galaxy install geerlingguy.docker</code>.</em></p>
<pre><code class="language-bash" data-trim>
$ ansible-galaxy install &lt;namespace&gt;.&lt;role&gt;
</code></pre>
<aside class="notes">
<ul>
<li>Galaxy = the package registry for reusable roles/collections.</li>
<li>Don't reinvent common setups — pull a battle-tested role (geerlingguy is the famous example).</li>
<li>Huge productivity multiplier — but it's a supply chain: roles run with privilege on your hosts.</li>
<li>Prefer trusted sources: Red Hat <strong>Certified</strong> collections and verified publishers (Automation Hub), or well-known community authors like geerlingguy. Be wary of unmaintained, low-download, single-author roles.</li>
<li>Pin versions in <code>requirements.yml</code> and skim the code before importing — treat it like any other dependency.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 29 : Ansible platforms ────────────────────────────── -->
<!-- ─── SLIDE 30 : Ansible platforms ────────────────────────────── -->
<section class="s-ansible">
<h2>Ansible at scale: open-source vs enterprise.</h2>
<ul>
@@ -921,17 +1176,30 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
<li><strong>Ansible Automation Platform</strong> (Red Hat) — enterprise AWX with support</li>
<li><strong>Semaphore</strong> — lightweight open-source alternative</li>
</ul>
<p><em>Core engine remains Apache 2.0 — truly open-source.</em></p>
<p><em>Core engine remains GPLv3 — truly open-source.</em></p>
<aside class="notes">
<ul>
<li>At scale you want a UI/scheduler/RBAC layer on top of the CLI.</li>
<li>AWX (free) → Ansible Automation Platform (Red Hat, supported) is the main path; Semaphore is a lighter option.</li>
<li>Reassure: the core stays GPLv3 — no license rug-pull like Terraform.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 30 : Puppet intro ─────────────────────────────────── -->
<!-- ─── SLIDE 31 : Puppet intro ─────────────────────────────────── -->
<section class="s-puppet">
<h2><span class="puppet-col">Puppet</span></h2>
<p>Your servers are configured. Now keep them that way.</p>
<aside class="notes">
<ul>
<li>Third layer: enforcement. Configured once isn't enough — drift creeps back.</li>
<li>Puppet's job: keep state correct continuously, forever.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 31 : What is Puppet ───────────────────────────────── -->
<!-- ─── SLIDE 32 : What is Puppet ───────────────────────────────── -->
<section class="s-puppet">
<h2>What is Puppet?</h2>
<ul>
@@ -940,9 +1208,15 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
<li>Puppet Inc. acquired by <strong>Perforce</strong> in 2022</li>
<li>Written in <strong>Ruby</strong> and <strong>Clojure</strong></li>
</ul>
<aside class="notes">
<ul>
<li>The oldest of the three (2005) — pioneered config management.</li>
<li>Now owned by Perforce. We'll touch on what that means for the community later.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 32 : Puppet concepts ──────────────────────────────── -->
<!-- ─── SLIDE 33 : Puppet concepts ──────────────────────────────── -->
<section class="s-puppet">
<h2>Pull, not push. Agents, not SSH.</h2>
<ul>
@@ -950,6 +1224,18 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
<li>Compiles a catalog and enforces it locally</li>
</ul>
<p><em>Drift is corrected automatically.</em></p>
<aside class="notes">
<ul>
<li>Opposite model to Ansible: pull, not push — agents reach out to the server.</li>
<li>Every ~30 min the agent fetches a catalog and converges the node — point at the diagram.</li>
<li>This is the key idea: enforcement runs on a loop, not just at deploy.</li>
<li><strong>Authentication: mutual TLS, not SSH keys or passwords.</strong> The Puppet Server runs its own built-in Certificate Authority (CA). Every agent and the server are identified by an X.509 certificate the CA signs.</li>
<li>First contact: a new agent generates a keypair and sends a Certificate Signing Request (CSR) to the CA, keyed on its <code>certname</code> (usually the FQDN). The cert is <em>pending</em> until signed.</li>
<li>Signing gate: an admin runs <code>puppetserver ca sign --certname &lt;node&gt;</code> (or autosign for trusted ranges/policies). Until signed, the agent gets no catalog — so signing is the enrollment/trust decision.</li>
<li>Steady state: every run is mutual TLS — the agent verifies the server's cert, the server verifies the agent's. Same CA signs both sides, so identity is cryptographic, not network-trust.</li>
<li>Lifecycle: revoke a decommissioned node with <code>puppetserver ca revoke</code> (lands in the CRL); <code>ca clean</code> removes the cert so a rebuilt host can re-enroll. Watch for clock skew and cert expiry — classic agent-checkin failures.</li>
</ul>
</aside>
<svg width="750" height="250" viewBox="0 0 750 250" xmlns="http://www.w3.org/2000/svg" style="margin-top:0.5em;">
<defs>
<marker id="a-pull" viewBox="0 0 10 7" refX="9" refY="3.5" markerWidth="9" markerHeight="7" orient="auto">
@@ -957,23 +1243,23 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
</marker>
</defs>
<!-- Puppet Server -->
<rect x="290" y="10" width="170" height="60" rx="8" fill="#fdf4e8" stroke="#A06010" stroke-width="2"/>
<rect x="300" y="22" width="36" height="36" rx="4" fill="#f5e6d0" stroke="#A06010"/>
<line x1="306" y1="32" x2="324" y2="32" stroke="#c08030"/><line x1="306" y1="39" x2="324" y2="39" stroke="#c08030"/><line x1="306" y1="46" x2="324" y2="46" stroke="#c08030"/>
<rect x="346" y="24" width="24" height="30" rx="2" fill="#fff" stroke="#A06010"/>
<text x="380" y="35" fill="#A06010" font-size="9" font-family="sans-serif">catalog</text>
<text x="375" y="88" text-anchor="middle" fill="#4d5592" font-size="13" font-weight="bold" font-family="sans-serif">Puppet Server</text>
<rect x="290" y="28" width="170" height="60" rx="8" fill="#fdf4e8" stroke="#A06010" stroke-width="2"/>
<rect x="300" y="40" width="36" height="36" rx="4" fill="#f5e6d0" stroke="#A06010"/>
<line x1="306" y1="50" x2="324" y2="50" stroke="#c08030"/><line x1="306" y1="57" x2="324" y2="57" stroke="#c08030"/><line x1="306" y1="64" x2="324" y2="64" stroke="#c08030"/>
<rect x="346" y="42" width="24" height="30" rx="2" fill="#fff" stroke="#A06010"/>
<text x="380" y="53" fill="#A06010" font-size="9" font-family="sans-serif">catalog</text>
<text x="375" y="20" text-anchor="middle" fill="#4d5592" font-size="13" font-weight="bold" font-family="sans-serif">Puppet Server</text>
<!-- Clock -->
<circle cx="540" cy="40" r="18" fill="none" stroke="#A06010" stroke-width="1.5"/>
<line x1="540" y1="40" x2="540" y2="28" stroke="#A06010" stroke-width="1.5"/>
<line x1="540" y1="40" x2="550" y2="40" stroke="#A06010" stroke-width="1.5"/>
<text x="540" y="72" text-anchor="middle" fill="#A06010" font-size="10" font-family="sans-serif">every 30 min</text>
<!-- Pull arrows -->
<line x1="95" y1="160" x2="330" y2="74" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="225" y1="160" x2="350" y2="74" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="375" y1="160" x2="375" y2="74" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="525" y1="160" x2="400" y2="74" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="655" y1="160" x2="420" y2="74" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="95" y1="160" x2="330" y2="92" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="225" y1="160" x2="350" y2="92" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="375" y1="160" x2="375" y2="92" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="525" y1="160" x2="400" y2="92" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<line x1="655" y1="160" x2="420" y2="92" stroke="#A06010" stroke-width="1.8" stroke-dasharray="6,4" marker-end="url(#a-pull)"/>
<rect x="420" y="112" width="38" height="17" rx="3" fill="#fff" fill-opacity="0.9"/>
<text x="439" y="124" text-anchor="middle" fill="#A06010" font-size="11" font-weight="bold" font-style="italic" font-family="sans-serif">pull</text>
<!-- Agent nodes -->
@@ -986,7 +1272,7 @@ finistdevs-web : ok=4 changed=3 unreachable=0 failed=0 skipped=0
</svg>
</section>
<!-- ─── SLIDE 33 : Puppet code ──────────────────────────────────── -->
<!-- ─── SLIDE 34 : Puppet code ──────────────────────────────────── -->
<section class="s-puppet">
<p class="filename"># manifests/webserver.pp</p>
<pre><code class="language-puppet" data-trim>
@@ -1007,9 +1293,16 @@ class webserver {
}
}
</code></pre>
<aside class="notes">
<ul>
<li>Same nginx example as Ansible — compare the styles side by side.</li>
<li>Pure declarative: describe resources (package, file, service) and desired state, not steps.</li>
<li>notify chains the dependency: config change → restart service.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 34 : Puppet CLI ───────────────────────────────────── -->
<!-- ─── SLIDE 35 : Puppet CLI ───────────────────────────────────── -->
<section class="s-puppet">
<p class="filename">$ terminal</p>
<pre><code class="language-bash" data-trim data-noescape>
@@ -1027,9 +1320,16 @@ Notice: /Stage[main]/Webserver/Service[nginx]/ensure: started
Notice: Applied catalog in 12.34 seconds
</code></pre>
<aside class="notes">
<ul>
<li>Agent run: fetch catalog → compare to actual → apply only the diffs.</li>
<li>This normally runs automatically every 30 min; -t is a manual trigger for demo.</li>
<li>Next run with no drift would report no changes.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 35 : Puppet drift detection ───────────────────────── -->
<!-- ─── SLIDE 36 : Puppet drift detection ───────────────────────── -->
<section class="s-puppet">
<h2>Someone SSH'd in and changed something.</h2>
<ul>
@@ -1037,6 +1337,13 @@ Notice: Applied catalog in 12.34 seconds
<li>Continuous compliance — not just at deploy time. <strong>Every. 30. Minutes.</strong></li>
<li>No manual remediation</li>
</ul>
<aside class="notes">
<ul>
<li>The killer feature: self-healing. Someone hand-edits a file → Puppet reverts it next run.</li>
<li>Walk the loop in the diagram: drift detected → agent applies → compliant → repeat.</li>
<li>This is what "continuous compliance" means in practice.</li>
</ul>
</aside>
<svg width="750" height="200" viewBox="0 0 750 200" xmlns="http://www.w3.org/2000/svg" style="margin-top:0.5em;">
<defs>
<marker id="a-cycle" viewBox="0 0 10 7" refX="9" refY="3.5" markerWidth="9" markerHeight="7" orient="auto">
@@ -1066,11 +1373,11 @@ Notice: Applied catalog in 12.34 seconds
<path d="M 220,72 C 330,20 420,20 518,72" fill="none" stroke="#4d5592" stroke-width="2" marker-end="url(#a-cycle)"/>
<path d="M 600,132 C 580,155 530,168 477,165" fill="none" stroke="#4d5592" stroke-width="2" marker-end="url(#a-cycle)"/>
<path d="M 275,165 C 210,168 140,155 120,132" fill="none" stroke="#4d5592" stroke-width="2" marker-end="url(#a-cycle)"/>
<text x="375" y="42" text-anchor="middle" fill="#4d5592" font-size="10" font-family="sans-serif">continuous enforcement loop</text>
<text x="375" y="22" text-anchor="middle" fill="#4d5592" font-size="10" font-family="sans-serif">continuous enforcement loop</text>
</svg>
</section>
<!-- ─── SLIDE 36 : Puppet platforms ─────────────────────────────── -->
<!-- ─── SLIDE 37 : Puppet platforms ─────────────────────────────── -->
<section class="s-puppet">
<h2>Puppet: large fleets, zero drift.</h2>
<ul>
@@ -1079,9 +1386,16 @@ Notice: Applied catalog in 12.34 seconds
<li>Fewer SaaS options than Terraform or Ansible</li>
</ul>
<p><em>Puppet Enterprise and Foreman are self-hosted. No managed cloud offering.</em></p>
<aside class="notes">
<ul>
<li>Sweet spot: large fleets of long-lived servers where drift control matters.</li>
<li>Trade-off vs the others: fewer SaaS options, more setup — it's self-hosted.</li>
<li>Honest framing: overkill for a handful of ephemeral cloud VMs.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 37 : Puppet community ─────────────────────────────── -->
<!-- ─── SLIDE 38 : Puppet community ─────────────────────────────── -->
<section class="s-puppet">
<h2>The ecosystem outlives the company.</h2>
<ul>
@@ -1089,16 +1403,33 @@ Notice: Applied catalog in 12.34 seconds
<li><strong>OpenVox</strong> — an emerging open-source fork of the Puppet core</li>
</ul>
<p><em>The community is strong, with or without Puppet Inc.</em></p>
<aside class="notes">
<ul>
<li>Addresses the "is Puppet dying?" worry after the Perforce acquisition.</li>
<li>The Perforce shift: in Nov 2024 Perforce announced it would stop shipping public open-source Puppet binaries. From early 2025, official packages move to a private location — access needs a developer license (capped at 25 nodes) or a commercial license, and ongoing development moved to internal/private repos.</li>
<li>Vox Pupuli couldn't accept the Puppet Core Developer EULA — its restrictions block testing and redistribution of the community modules.</li>
<li>So they forked: OpenVox started as a community package mirror (Overlook InfraTech), and Vox Pupuli shipped the first release on Jan 21, 2025 — OpenVox 8.11 is functionally equivalent to Puppet 8.11, fully open, no EULA. (Same playbook as Terraform → OpenTofu.)</li>
<li>Reassurance: the open ecosystem outlives any single vendor.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 38 : They're complementary ────────────────────────── -->
<!-- ─── SLIDE 39 : They're complementary ────────────────────────── -->
<section>
<h2>They're not competing. They're complementary.</h2>
<p>Each solves a different layer of the same problem.</p>
<aside class="notes">
<ul>
<li>The payoff slide — the "vs" framing was a trap. They stack.</li>
<li>Terraform provisions → Ansible configures → Puppet enforces. Three layers.</li>
<li>Ansible also covers one-off ops — push a single patch across the fleet on demand (the push model). Puppet handles the continuous side; Ansible the punctual side.</li>
<li>"Which should I use?" → depends which layer of the problem you have.</li>
</ul>
</aside>
<svg width="800" height="280" viewBox="0 0 800 280" xmlns="http://www.w3.org/2000/svg" style="margin-top:0.5em;">
<defs>
<marker id="a-down" viewBox="0 0 10 10" refX="5" refY="10" markerWidth="10" markerHeight="10" orient="auto">
<polygon points="0 0,10 0,5 10" fill="#4d5592"/>
<marker id="a-down" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="9" markerHeight="9" orient="auto">
<polygon points="0 0,10 5,0 10" fill="#4d5592"/>
</marker>
</defs>
<!-- Terraform layer -->
@@ -1112,7 +1443,7 @@ Notice: Applied catalog in 12.34 seconds
<rect x="120" y="104" width="560" height="64" rx="10" fill="#CC0000" fill-opacity="0.1" stroke="#CC0000" stroke-width="2"/>
<text x="220" y="132" fill="#CC0000" font-size="18" font-weight="bold" font-family="sans-serif">Ansible</text>
<text x="306" y="132" fill="#a00" font-size="16" font-family="sans-serif">— Configure</text>
<text x="220" y="150" fill="#cc3333" font-size="11" font-style="italic" font-family="sans-serif">packages, services, app deployment</text>
<text x="220" y="150" fill="#cc3333" font-size="11" font-style="italic" font-family="sans-serif">packages, services, deploys, on-demand patching</text>
<!-- Arrow between Ansible and Puppet -->
<line x1="400" y1="172" x2="400" y2="194" stroke="#4d5592" stroke-width="2.5" marker-end="url(#a-down)"/>
<!-- Puppet layer -->
@@ -1123,17 +1454,25 @@ Notice: Applied catalog in 12.34 seconds
</svg>
</section>
<!-- ─── SLIDE 39 : Real-world stack ─────────────────────────────── -->
<!-- ─── SLIDE 40 : Real-world stack ─────────────────────────────── -->
<section>
<h2>A common production setup:</h2>
<ol>
<li><span class="tf-col">Terraform</span> provisions the VM</li>
<li><span class="ansible-col">Ansible</span> configures it and deploys the app</li>
<li><span class="ansible-col">Ansible</span> configures it, deploys the app, and pushes one-off patches</li>
<li><span class="puppet-col">Puppet</span> continuously enforces compliance</li>
</ol>
<aside class="notes">
<ul>
<li>Concrete recap of how they fit together end to end.</li>
<li>You don't have to use all three — but they layer cleanly when you do.</li>
<li>Ansible's role isn't only first-time setup — it's also the tool for punctual ops, like pushing a single patch across the fleet on demand (slide on Operations). Puppet then keeps that state from drifting.</li>
<li>Pick by your actual need: just provisioning? Terraform. Ad-hoc ops / one-off patch? Ansible. Drift control? Puppet.</li>
</ul>
</aside>
</section>
<!-- ─── SLIDE 40 : Closing ──────────────────────────────────────── -->
<!-- ─── SLIDE 41 : Closing ──────────────────────────────────────── -->
<section class="title-slide">
<h1>Questions?</h1>
<p class="subtitle">Thank you!</p>
@@ -1141,7 +1480,14 @@ Notice: Applied catalog in 12.34 seconds
Arnaud Prémel-Cabic &nbsp;·&nbsp; arnaud.premel-cabic@ovhcloud.com<br>
Slides: <a href="https://ministicraft.pages.git.cloud.arnaud-pc.fr/finistdev-configuration-as-code/" target="_blank">ministicraft.pages.git.cloud.arnaud-pc.fr/finistdev-configuration-as-code/</a>
</p>
<p class="meta" style="margin-top:1.5em; font-size:0.45em; color:var(--ods-neutral-600);">🤖 Made with Claude &amp; GitHub Copilot</p>
<p class="meta" style="margin-top:1.5em; font-size:0.45em; color:var(--ods-neutral-600);">🤖 Made with the help of Claude</p>
<aside class="notes">
<ul>
<li>Thank the audience, point to the slides URL.</li>
<li>Open the floor for questions.</li>
<li>Backup topics if quiet: Kubernetes operators, Pulumi, secrets management.</li>
</ul>
</aside>
</section>
@@ -1153,9 +1499,9 @@ Notice: Applied catalog in 12.34 seconds
<script src="vendor/reveal.js/plugin/highlight/highlight.js"></script>
<script>
const toolLogos = {
's-tf': 'https://cdn.simpleicons.org/terraform',
's-ansible': 'https://cdn.simpleicons.org/ansible',
's-puppet': 'https://cdn.simpleicons.org/puppet/C17F00'
's-tf': 'vendor/icons/terraform.svg',
's-ansible': 'vendor/icons/ansible.svg',
's-puppet': 'vendor/icons/puppet.svg'
};
const altNames = {'s-tf': 'Terraform', 's-ansible': 'Ansible', 's-puppet': 'Puppet'};

1
vendor/icons/ansible.svg vendored Normal file
View File

@@ -0,0 +1 @@
<svg fill="#EE0000" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Ansible</title><path d="M10.617 11.473l4.686 3.695-3.102-7.662zM12 0C5.371 0 0 5.371 0 12s5.371 12 12 12 12-5.371 12-12S18.629 0 12 0zm5.797 17.305c-.011.471-.403.842-.875.83-.236 0-.416-.09-.664-.293l-6.19-5-2.079 5.203H6.191L11.438 5.44c.124-.314.427-.52.764-.506.326-.014.63.189.742.506l4.774 11.494c.045.111.08.234.08.348-.001.009-.001.009-.001.023z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 455 B

1
vendor/icons/puppet.svg vendored Normal file
View File

@@ -0,0 +1 @@
<svg fill="#C17F00" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Puppet</title><path d="M8.984 21.611H6.595v-2.388h2.39zM6.595 2.39h2.39v2.388h-2.39zm13.198 6.028h-5.48l.001-.002-2.941-2.941V0H4.207v7.166h5.48l2.938 2.938.002-.001v3.794l-.003-.003-2.94 2.94H4.207V24h7.166v-5.477l2.94-2.94h5.48V8.417"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 337 B

1
vendor/icons/terraform.svg vendored Normal file
View File

@@ -0,0 +1 @@
<svg fill="#844FBA" role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Terraform</title><path d="M1.44 0v7.575l6.561 3.79V3.787zm21.12 4.227l-6.561 3.791v7.574l6.56-3.787zM8.72 4.23v7.575l6.561 3.787V8.018zm0 8.405v7.575L15.28 24v-7.578z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 268 B

BIN
vendor/img/this-is-fine.gif vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB