Introduction
HashiCorp shook things up by changing Terraform’s license to a Business Source License (BSL). How does this affect your Terraform projects? Are there other options besides Terraform? Let’s clear up these questions here.
Why is Terraform the cool kid on the IaC block?
Unlike the others, it doesn’t play favorites with clouds. While AWS CloudFormation, Azure Resource Manager, and Google Cloud Deployment Manager only play in their backyards, Terraform is the friendly neighbor kid who plays in everyone’s yard - be it AWS, Azure, Google Cloud, or even DigitalOcean and GitHub’s yards. It’s the buddy everyone wants because it shares its toys across all the cloud playgrounds!
Is Terraform still free like a bird?
Nope! It used to be under the Mozilla Public License. But on August 10, 2023, HashiCorp put a leash on it with the Business Source License. Before, you could play and share; now you can look, but you need to ask HashiCorp nicely (paying for it) to use their sandbox for business post-version 1.5.x!
After eventful weeks in the Terraform realm, this article will tackle common questions about Terraform, and OpenTofu, exploring what these mean for the future. Let’s dive in!
What is OpenTofu?
OpenTofu is a project acting as a substitute for Terraform. It’s open-source, hosted by The Linux Foundation, blending open-source freedom with organized governance.
Who is behind OpenTofu?
Open Tofu was born when some top industry folks united against Terraform’s license change from open to business-oriented. They made a group called OpenTF and shared a manifesto to keep Terraform freely open or create a new version for the community if needed. Many companies supported this, even hiring engineers for it. This led to Open Tofu, a project continuing the excellent work done by HashiCorp on Terraform, ensuring it remains an open-source tool for everyone.
Why did the Linux Foundation launch OpenTofu?
OpenTofu emerged when many shots in the industry joined against Terraform’s license change from open-source to more closed. They formed a squad called OpenTF to keep Terraform (or a version of it) open-source and community-driven, far from any single company’s commercial. They figured the best way to do this was to hand over the project to a trustworthy foundation, hence, OpenTofu was born under the Linux Foundation’s roof. The Linux Foundation is like the guardian angel of the open-source realm, with many projects we use daily under its wing, like the Linux kernel itself.
Is OpenTofu a Terraform doppleganger?
Absolutely! The first release of OpenTofu will be like Terraform’s twin, mirroring Terraform 1.5.5. So, swapping from Terraform to OpenTofu should be an easy-peasy process, with no code changes needed. OpenTofu plans to stick to a numbering system that ensures compatibility with older versions, making it a seamless replacement.
Some techinical question
Can OpenTofu read my old Terraform state files?
Yes, indeed! OpenTofu can read and write your existing Terraform state files just like Terraform would. They want to add cool features like end-to-end encryption without disturbing the state file reading.
Will my Terraform modules and providers work with OpenTofu?
You bet! Since OpenTofu is like Terraform’s twin, it’ll play nice with all the providers and modules you already use. No need to look for alternatives.
Is OpenTofu starting its registry?
Yep! OpenTofu plans to have its hangout for modules and providers, making it easy to mix and match, just like with Terraform.
How will OpenTofu decide on future changes?
OpenTofu was created by the community for the community, not a one-person show. Anyone can give ideas by opening a Request For Comments (RFC) against a project. Decisions will be collective, ensuring changes align with the community directives.
Why should I switch to OpenTofu?
If you’re all about that open-source life, OpenTofu is your new home. Unlike Terraform, which has gone a bit exclusive, OpenTofu promises to stay open-source, with features and changes driven by community vibes, not commercial.
Talk is cheap, show me the code
To run OpenTofu we have some basic requirements:
- Have Golang version 1.19 or newer.
- Clone the OpenTofu repository on OpenTofu GitHub Link since binaries are not available yet.
Steps:
- Install Golang.
- Clone the OpenTofu repository.
- Navigate to the downloaded directory.
- Navigate to “opentofu/cmd/tofu”
- Type “go build .” to install the necessary dependencies.
- Move the built file (tofu) using “sudo cp opentofu /usr/local/bin”
- Check installation by typing “tofu version”.
➜ Documents git clone https://github.com/opentofu/opentofu.git
Cloning into 'opentofu'...
remote: Enumerating objects: 261822, done.
remote: Counting objects: 100% (261822/261822), done.
remote: Compressing objects: 100% (93645/93645), done.
remote: Total 261822 (delta 162543), reused 261673 (delta 162507), pack-reused 0
Receiving objects: 100% (261822/261822), 265.00 MiB | 439.00 KiB/s, done.
Resolving deltas: 100% (162543/162543), done.
➜ Documents cd opentofu/cmd/tofu
➜ tofu git:(main) go build .
➜ tofu git:(main) ✗ ls
commands.go experiments.go help.go main.go main_test.go plugins.go provider_source.go signal_unix.go signal_windows.go telemetry.go tofu version.go working_dir.go
➜ tofu git:(main) ✗ sudo cp tofu /usr/local/bin
Password:
➜ tofu git:(main) ✗ tofu version
OpenTofu v1.6.0-dev
on darwin_arm64
Working with OpenTofu:
- Create a .tf file for your resource.
➜ tofu-poc git:(main) ✗ touch main.tf
➜ tofu-poc git:(main) ✗ vim main.tf
provider "azurerm" {
features {}
}
terraform {
backend "azurerm" {
resource_group_name = "rg-tofu"
storage_account_name = "tofu-rg"
container_name = "tfstate"
key = "tf.state"
}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.67.0"
}
}
}
resource "azurerm_resource_group" "tofu-rg" {
name = "tofu-rg"
location = "East US"
}
~
:wq
- In this case the remote state was used, storing the state file on Azure Blob Storage, login using az login and select your subscription
➜ tofu-poc git:(main) ✗ az login
A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "<your-tenant-id>",
"id": "<your-subscription-id>",
"isDefault": false,
"managedByTenants": [],
"name": "<your-subscription-name>",
"state": "Enabled",
"tenantId": "<your-tenant-id>",
"user": {
"name": "<your-subscription-username>",
"type": "user"
}
}
➜ tofu-poc git:(main) ✗ az account set -s "<your-subscription-id>"
- Run ’tofu init’ to set up provider dependencies.
➜ tofu-poc git:(main) ✗ tofu init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/azurerm...
- Installing hashicorp/azurerm v3.75.0...
- Installed hashicorp/azurerm v3.75.0 (signed, key ID <key>)
Providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.placeholderplaceholderplaceholder.io/docs/cli/plugins/signing.html
OpenTofu has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that OpenTofu can guarantee to make the same selections by default when
you run "tofu init" in the future.
OpenTofu has been successfully initialized!
You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.
If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
- Run ’tofu plan’ to check your setup.
➜ tofu-poc git:(main) ✗ tofu plan
Acquiring state lock. This may take a few moments...
OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
OpenTofu will perform the following actions:
# azurerm_resource_group.tofu-rg will be created
+ resource "azurerm_resource_group" "tofu-rg" {
+ id = (known after apply)
+ location = "eastus"
+ name = "tofu-rg"
}
Plan: 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so OpenTofu can't guarantee to take exactly these actions if you run "tofu apply" now.
Releasing state lock. This may take a few moments...
- Run ’tofu apply’ to create your resources.
➜ tofu-poc git:(main) ✗ tofu apply --auto-approve
Acquiring state lock. This may take a few moments...
OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
OpenTofu will perform the following actions:
# azurerm_resource_group.tofu-rg will be created
+ resource "azurerm_resource_group" "tofu-rg" {
+ id = (known after apply)
+ location = "eastus"
+ name = "tofu-rg"
}
Plan: 1 to add, 0 to change, 0 to destroy.
azurerm_resource_group.tofu-rg: Creating...
azurerm_resource_group.tofu-rg: Creation complete after 2s [id=/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg]
Releasing state lock. This may take a few moments...
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
- Test deletion with ’tofu destroy'.
➜ tofu-poc git:(main) ✗ tofu destroy --auto-approve
Acquiring state lock. This may take a few moments...
azurerm_resource_group.tofu-rg: Refreshing state... [id=/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg]
OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy
OpenTofu will perform the following actions:
# azurerm_resource_group.tofu-rg will be destroyed
- resource "azurerm_resource_group" "tofu-rg" {
- id = "/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg" -> null
- location = "eastus" -> null
- name = "tofu-rg" -> null
- tags = {} -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
azurerm_resource_group.tofu-rg: Destroying... [id=/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg]
azurerm_resource_group.tofu-rg: Still destroying... [id=/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg, 10s elapsed]
azurerm_resource_group.tofu-rg: Still destroying... [id=/subscriptions/<your-subscription-id>/resourceGroups/tofu-rg, 20s elapsed]
azurerm_resource_group.tofu-rg: Destruction complete after 20s
Releasing state lock. This may take a few moments...
Destroy complete! Resources: 1 destroyed
Conclusion
With HashiCorp slapping a price tag on Terraform for business use, it felt like being told our favorite playground now had an entry fee! But fear not, OpenTofu swooped in like a superhero, with the Linux Foundation as its sidekick. Now we can continue building our cloud castles across different cloud kingdoms, without burning our pockets!