Thanks for the blog post, really nice. Three things:
- Procedural vs. Declarative: It seems like sequencing is described, where Chef and Ansible apply tasks in-order they are specified, and where Puppet and Terraform are more pure idempotent. On declarative, Ansible has a DSL wrapped in YAML form (and as such is declarative), which is similar to Terraform that has a DSL wrapped in either JSON or HCL.
- Change Config vs. Orchestration: Ansible is foremost an orchestration tool given its remote-execution orientation, but is also a light-weight change configuration tool. Terraform is also a change configuration tool for RESTful resources, which when used to manage resources for IaaS application, it is indirectly doing orchestration.
- Mutable vs Immutable: How it is presented, any tool can be immutable if it deploys containers (or system images). Managing cloud resources (aka IaaS that exposes RESTful API for configuring resources) is by nature mutable at this layer. How the systems themselves (running on the IaaS platform) are managed are another story, usually Terraform hands off to another system, and that other system is either immutable or mutable, depending if immutable is applied to container level (docker, rkt) or systems level (AMI, other), or if a state is maintained. For example, Terraform can hand off to Chef or indirectly use Cloud-Init if launch config used for ASG.