Ansible vs Terraform
Ansible and Terraform are both infrastructure as code, but they do different jobs. Terraform provisions infrastructure: it creates the servers, networks, and DNS. Ansible configures it: it installs packages, edits files, and runs services. They are more complementary than competing. The real question is which one you reach for first, and for what, and the honest answer is often both.
Updated 2026-06-01 · by Jonathan Caruso
Side by side
| Ansible | Terraform | |
|---|---|---|
| Primary job | Configuration management | Provisioning infrastructure |
| Model | Procedural (tasks in order) | Declarative (desired end state) |
| State | Stateless, idempotent tasks | State file tracks real resources |
| Agentless | Yes (SSH) | Yes (provider APIs) |
| Language | YAML playbooks | HCL |
| Best at | Configuring servers, app deploys | Standing up cloud/VM resources |
| Cloud provisioning | Possible but clunky | Core strength |
| Safety | Re-run playbook | Plan/apply, state-aware |
They solve different halves of the same problem
Terraform's job is to create infrastructure and track it. You declare the end state you want, a set of VMs, a network, DNS records, a load balancer, and Terraform figures out the API calls to make it real. It keeps a state file that maps your code to the actual resources, so it knows what to change or destroy on the next run.
Ansible's job is to configure machines that exist. You write playbooks of tasks, install these packages, drop these config files, start these services, and Ansible runs them over SSH. There is no central state file. Tasks are written to be idempotent, so re-running a playbook converges the machine to the desired configuration.
Declarative state vs procedural tasks
The mental models differ. Terraform is declarative and state-aware. You describe what should exist, run plan to preview the changes, and apply to make them. That plan-then-apply safety is a big reason teams trust it for provisioning real cloud resources where a mistake is expensive.
Ansible is procedural. You describe the steps in order, and it runs them top to bottom on each host. It is approachable, reads almost like documentation, and does not require you to think about state files. For configuring servers and deploying applications, that directness is a strength.
The common pattern: use both
In practice, a lot of teams run them together. Terraform provisions the boxes and the surrounding cloud resources, then hands the IP addresses to Ansible, which configures the operating system and deploys the apps. Each tool does the half it is best at, and the seam between them is clean.
For a homelab, the calculus is simpler. If your machines already exist, physical hosts and VMs you created in Proxmox, you may never need Terraform's provisioning, and Ansible alone covers configuring and maintaining them. If you spin up and tear down cloud resources regularly, Terraform earns its place fast.
A realistic homelab workflow
Here is how this plays out on a typical homelab. You create a few VMs on Proxmox, by hand or with a template. Then you point Ansible at them with a simple inventory file and run playbooks that install Docker, set up users and SSH keys, harden the firewall, and deploy your apps. When you rebuild a VM, you re-run the playbook and it comes back configured exactly the same way. That repeatability is the whole point.
Terraform enters the picture when your provisioning itself becomes code. Proxmox has a Terraform provider, so you can declare VMs in HCL and have Terraform create them, then hand off to Ansible to configure. That is a clean, professional setup, and it is also more than many homelabs need on day one.
The pragmatic path: start with Ansible because it pays off immediately on the machines you already have, and it builds a skill that transfers straight to work. Add Terraform once you are creating and destroying infrastructure often enough that doing it by hand becomes the bottleneck. If licensing matters to you, OpenTofu is a compatible open-source drop-in for Terraform.
Where Ansible wins
- Great for configuring servers that already exist: packages, files, services, deploys.
- Agentless over SSH, with a huge module library.
- Simple YAML. Quick to start on a homelab of existing machines.
Where Terraform wins
- The standard for provisioning cloud and VM resources.
- Declarative with a real state file and plan/apply safety before changes.
- Strong multi-provider support for managing many resource types.
Which to pick, by situation
| Your situation | Pick | Why |
|---|---|---|
| Configuring existing homelab servers | Ansible | Agentless over SSH, simple YAML, no cloud provisioning needed. |
| Spinning up cloud or VM resources | Terraform | Declarative state and plan/apply safety are built for this. |
| Full pipeline from nothing to running app | Both | Terraform provisions, Ansible configures and deploys. |
| Learning one IaC tool first for a homelab | Ansible | If your machines exist, Ansible covers the day-to-day with less to learn. |
The verdict
Use Terraform to create infrastructure and Ansible to configure it. If you spin up VMs, cloud resources, DNS, and load balancers, Terraform's declarative state model is the right tool. If you configure servers that already exist, Ansible is simpler and faster to start. Many teams run both: Terraform provisions the boxes, then hands off to Ansible to set them up. If you only learn one first and you run a homelab of existing machines, start with Ansible.
Choose Ansible if you are configuring servers that exist: packages, files, services, and app deploys.
Choose Terraform if you are provisioning infrastructure: cloud resources, VMs, DNS, and networks.
Official links
Ansible
Terraform
FAQ
Can Terraform do configuration management?
It can run provisioners, but it is clunky and not what it is built for. Use Terraform to create resources and hand off to Ansible (or cloud-init) for configuration. Mixing the two jobs in Terraform tends to age badly.
Can Ansible provision cloud resources?
Yes, Ansible has cloud modules, but it lacks Terraform's state tracking and plan/apply safety, so managing the full lifecycle of cloud resources is harder. For provisioning, Terraform is the better fit.
Do I need both for a homelab?
Usually not at first. If your servers already exist, Ansible alone configures and maintains them. Add Terraform when you start creating and destroying cloud or VM resources often enough that tracking them by hand hurts.
Is OpenTofu a drop-in for Terraform?
OpenTofu is an open-source fork of Terraform created after the license change, and it stays largely compatible with Terraform configurations. If the licensing matters to you, OpenTofu is a reasonable swap for most setups.
Should I learn Terraform or Ansible first?
If you run a homelab of machines that already exist, learn Ansible first, because it pays off immediately on configuring and maintaining them. If your work is creating cloud infrastructure, learn Terraform first. Many people end up using both.
Is Ansible still relevant in 2026?
Yes. Ansible remains the standard for agentless configuration management and app deployment, used widely in homelabs and enterprises. It pairs with Terraform rather than competing with it.
What is replacing Terraform?
Nothing has replaced it, but OpenTofu, the open-source fork created after Terraform's license change, is the main alternative and stays largely compatible. Pulumi is another option if you prefer real programming languages over HCL.