kran77 - Fotolia

HashiCorp Consul Terraform Sync creates coveted connection

HashiCorp Consul and Terraform can now sync for network infrastructure automation, a sought-after connection some users had previously tried to cobble together themselves.

HashiCorp users have welcomed a new utility that could replace manual methods -- and associated errors -- in network infrastructure management.

The tool, HashiCorp Consul Terraform Sync, became available in tech preview on GitHub this month. It uses changes to Consul service discovery data to trigger Terraform workflows for network infrastructure devices.

"You don't need to submit a ticket or wait to manually update something like the nodes in a load balancer" using Consul Terraform Sync, said Mitchell Hashimoto, co-founder and CTO of HashiCorp, in a keynote presentation at HashiConf this month. "Now you can just use the API that Consul provides and the real-time updates that it has, and dynamically update that load balancer configuration."

Other workflows may include adding or removing service instances on a network device node, changing port or IP address information, and updates to metadata such as service tags.

These functions are performed through new Terraform modules, or automation runbooks, built by network device-makers A10 Networks, Check Point Software, Cisco, F5 and Palo Alto Networks to work with Consul Terraform Sync. HashiCorp also added a new Task construct to Consul that keeps Terraform state data consistent in Consul's data store for this release.

Some IT pros had already been trying to create a similar link between Terraform and network devices on their own.

HashiCorp Consul network infrastructure automation
HashiCorp CTO Mitchell Hashimoto presented Consul's network infrastructure automation capabilities at HashiConf this month.

"If Terraform can create the service, then Terraform should be able to notify the F5 [load balancer] that it's up -- [but] at this point it's [been] all conceptual, a really small-scale proof of concept," said Phil Fenstermacher, a systems engineer at William & Mary, a university in Williamsburg, Va. "It was exciting to see a more polished, delivered way of doing something like that."

This connection would ideally reduce the human error that can come with the manual configuration currently required to add new VMs to on-premises load balancer pools, Fenstermacher said. For containers, Fenstermacher's team uses Traefik's dynamic load balancing features but hasn't been able to replicate similar automation for non-containerized workloads.

Terraform Sync, Consul Cloud shore up HashiCorp ops

Consul Terraform Sync may also give HashiCorp an entrée into new areas within large enterprise shops, such as network operations teams that may not be as familiar as sysadmins with its tools, said John Mitchell, an independent digital transformation consultant in San Francisco.

The link between Consul as a networking tool with Terraform for infrastructure automation could potentially address a longstanding consistency problem for such teams when they rely on manual configuration updates, said Mitchell, who also used HashiCorp products in his previous role as chief platform architect at SAP Ariba.

The config problems Terraform Sync is trying to address … may seem trivial, but you have so many layers all interacting with each other, and manual workarounds, and it can take days to figure out [what happened] if there is a problem.
John MitchellIndependent digital transformation consultant

"The config problems Terraform Sync is trying to address … may seem trivial, but you have so many layers all interacting with each other, and manual workarounds, and it can take days to figure out [what happened] if there is a problem," he said. "Without this very precise kind of understanding, it's hard to connect these dots, and it can have a huge impact."

Consul Terraform Sync coincides nicely with the promotion of the HashiCorp Consul service promotion from private to public beta on the HashiCorp Cloud Platform this month, which newbies can use to test out the tool, Mitchell said.

"Being able to play with these tools in the cloud and learn best practices is something I've been pushing on them for a long time," Mitchell said. "It'll show developers actual best practices according to actual details of specific environments, for non-trivial things."

Overall, these additions will strengthen users' trust in HashiCorp for the so-called 'Day 2' ongoing infrastructure ops that follow initial DevOps deployments, according to Mitchell. It will also keep up with other infrastructure automation vendors such as Red Hat, which added similar integrations between OpenShift and Ansible for network infrastructure automation this month.

"Historically, HashiCorp has been very good at the introductory demo, but not so good with [demonstrating] best practices after that," Mitchell said. "They've hired a lot more people in the last year, focusing on customer support, technical support, education, and that all kind of goes together."

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center