Red Hat, HashiCorp reveal Ansible, Terraform and Vault plans
Red Hat Ansible and HashiCorp reps filled in the blanks about how infrastructure automation tools will more deeply integrate, news welcomed by financial services customers.
BOSTON -- Now that Red Hat and HashiCorp both reside under the IBM roof, Ansible, Terraform, and HashiCorp Vault will get cozier, according to executives speaking publicly this week.
Ansible's configuration-as-code and HashiCorp Terraform infrastructure-as-code (IaC) tools were commonly used together before IBM agreed to buy HashiCorp last year for $6.5 billion, a deal that closed following regulatory review in late February. Red Hat acquired Ansible in 2015. HashiCorp co-founder and CTO Armon Dadgar discussed potential opportunities for integration between Ansible and Terraform during a presentation at HashiConf in October without going into specifics.
This week, Dadgar and Red Hat Ansible vice president and general manager Sathish Balakrishnan filled in a few more details during a joint keynote presentation at AnsibleFest on Tuesday.
"Terraform was born as a provisioning tool, and had deep integration to do configuration management," Dadgar said. "I might be provisioning something day one with Terraform, but could there be a tighter integration with AAP [Ansible Automation Platform]? Could there be a tighter integration with Event-Driven Ansible [EDA]? And then when I get to day two and I need to do drift management, patch management, all these things, they're not well integrated today and [have] different approaches in state and inventory management."
Terraform Enterprise will add a post-provisioning hook to invoke AAP configuration workflows after resources are created using IaC, Dadgar said. Ansible plans to link workflow job templates to Terraform Enterprise and provide Ansible Automation Platform configuration-as-code support for Terraform and Vault infrastructure. The two will also tie in Ansible with HashiCorp Vault secrets management so that Ansible can handle the delivery of Vault credentials to applications.
Terraform Enterprise and Event-Driven Ansible will be "going one level deeper" to tighten integrations beyond initial provisioning to add support for later stages of the infrastructure lifecycle, such as creating, modifying and deleting infrastructure resources, according to Dadgar. The two will also share officially supported Terraform providers and modules, he said. Terraform providers supply the resources used in Terraform configuration files and modules are collections of Terraform resources.
EDA, core Ansible and an upstream version of AAP called AWX are available as open source projects under Apache 2.0 licenses. In 2023, HashiCorp switched its community edition projects to a business-source license, prompting controversy in the open source community.
During the presentation, Dadgar referred only to HashiCorp and Ansible commercial products while discussing integration plans. For now, the planned integrations focus on linking Terraform providers and Ansible collections, which are available separately upstream. Red Hat did not comment on how it might approach further collaboration upstream as of press time for this story.
Ansible Automation Platform users eye tie-ins
The current Ansible Terraform provider needs improvement, according to a director for Visa during a breakout session presentation this week.
"It's very old … [and] very static," said Benazir Begum in a Q&A during the presentation. "You can send only one template or one credential [at a time] -- it's not dynamic. Our team is working on enhancing that provider, along with IBM and Red Hat."
In Visa's environment, Ansible can also invoke actions in Terraform by calling an API, Begum said.
Like Visa, Wells Fargo is a joint customer of Red Hat, Ansible and HashiCorp. A breakout session presenter from the financial services company said Terraform Enterprise is mainly used in its public cloud environment, while he primarily works with AAP in a separate, private cloud environment.
However, in response to a question from Informa TechTarget during the breakout session's Q&A, he didn't rule out using the tools together in the future.
"I see opportunities [to] stand up more ephemeral infrastructure … where we [could] take advantage of Terraform more," said Andrea Fallucca, principal engineer in platform integration software engineering at Wells Fargo. "If I were looking for an experience between Ansible and Terraform, I don't want to go interact with two different platforms. I want a more cohesive experience when I develop a provider and a module, and I can have my Ansible playbook side by side, and I go to one [interface]."
Credit union plans Ansible Lightspeed rollout
Amid a bevy of Red Hat product updates this week, Ansible officials previewed a customizable on-premises automation dashboard for AAP designed to measure the business impact of IT automation. They also touted Ansible Lightspeed, the generative AI assistant that has been generally available for about 18 months, as Red Hat shipped OpenShift and Red Hat Enterprise Linux versions for the first time on Tuesday.
No official percentages are available for the number of AAP customers with Lightspeed in production, but in contrast to last year's AnsibleFest, this year, at least one enterprise user said he plans to put the tool into production soon.
"We started using GitHub Copilot [for] generating Ansible playbooks and documentation, [but] what we found was that some of the training on Copilot wasn't specific enough to Ansible to generate something immediately useful," said Craig Mitchell, platform engineering manager at Navy Federal Credit Union, in response to an Informa TechTarget question during a panel breakout presentation on Wednesday.
"We saw some very, very positive results from [our proof of concept], and we're looking to [use this] as a developer tool within the next quarter or so," Mitchell said.
Mitchell added that the ability to build Ansible content using natural language could also potentially expand the number of teams that can use AAP at the company.
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
