olly - Fotolia

Compare Go vs. Python for infrastructure programming

Both code languages get the infrastructure-as-code job done, but each from a different angle. This comparison tutorial puts their similarities and differences center stage.

DevOps teams and advanced systems administrators can use Go or Python for infrastructure programming, wherein the IT deployment environment is managed as code.

IT administrators should evaluate Python vs. Go to write infrastructure as code. Python is an older programming language than Go, and far more IT professionals have experience with Python than with Google's creation, which began as an internal project in 2007 and later spread to the IT industry at large. But Go has caught the eye of many IT organizations for its performance and simplicity.

The best way to pit Python vs. Go is to try both of them. This article covers how to set up the Salt configuration management tool to work with Python and with Go.

Specs for the Go vs. Python tutorials

The code instructions for Go and Python work with SaltStack version 2018.3.2 (Salt users might know the 2018.3 release by its code name, Oxygen). Version 2018.3 has firmed up support for Tornado, a REST interface that is a suitable replacement for the original SaltStack web interface, CherryPy.

Salt has a Python API built into it, and while there are other APIs on the internet, they are neither necessary nor supported by SaltStack. There is no Go API supported by SaltStack. Instead, use the REST abilities built into Go.

Follow the two tutorials below for Python and Go on Salt to set up both languages to code infrastructure, and see which approach works best for your DevOps or IT team.

The Python SDK for Salt infrastructure programming

Python users should deploy virtual environments. This practice protects against the likelihood of breaking the Python system, which is an integral part of Linux, accidentally.

To try the Python software development kit (SDK) with Salt, install Salt, and then install the Conda or full Anaconda package and environment management system.

Python versions 2.7 and 3 are both in use in IT environments. Salt's documentation and release notes contradict each other, with one saying it supports Python 3 and another referring to Python 2.7 only. There is only an API for Python 2.7, so use this version, for now.

To start with Python on Salt, create a Python 2.7 virtual environment. You cannot use the Salt API in /usr/lib/python2.7/dist-packages/salt/ as it is not on the Python sys.path. Install the Salt API as shown:

conda create -n py27 python=2.7

source activate py27

conda install -c conda-forge salt

Run this example from the SaltStack documentation to print configuration information on the Salt installation:

import salt.config

master_opts = salt.config.client_config('/etc/salt/master')

Use Go REST with Salt

For the Go language, use the Salt rest_tornado built-in web server. Rest_tornado is a nonblocking REST API for Salt to communicate with the server. Treat it as a web server for the purposes of this tutorial, although it is actually more than that. The user must configure and start rest_tornado, and you need to generate a server certificate. Copy the certificate and key (in pink in the code lines) to the location shown below. Add the text below to the Salt Master config file at /etc/salt/master.

rest_tornado:
    # can be any port
    port: 8000
    # address to bind to (defaults to 0.0.0.0)
    address: 0.0.0.0
    # socket backlog
    backlog: 128
    ssl_crt: /etc/pki/api/certs/cert.pem
    # no need to specify ssl_key if cert and key
    # are in one single file
    ssl_key: /etc/pki/api/certs/key.pem
    debug: False
    disable_ssl: False
    webhook_disable_auth: False
    cors_origin: null

Copy the Secure Sockets Layer (SSL) key and certificate to the location shown above. If the certificate is self-signed, add it to the list of root certificate authorities.

Start the rest_tornado web server with sudo salt-apt -l debug.

Then, test that it works with a curl command:

curl -si localhost:8000/login \
>     -H "Accept: application/json" \
>     -d username='salt' \
>     -d password='salt' \
>     -d eauth='pam'

Once the rest_tornado web server is installed, configured and tested, you can feed code written in Go to Salt and have Salt perform the automated tasks to the target servers or cloud infrastructure.

The choice of Python vs. Go depends on operator skill set, familiarity with the languages, the capabilities each one brings and other factors. Try both languages in a configuration management tool to experience firsthand the advantages and disadvantages of each one.

Next Steps

Best practices and strategies for logging in Go

What Golang generics support means for code structure

Compare Go vs. Python: What are the differences?

Dig Deeper on Systems automation and orchestration