SAN FRANCISCO — HashiCorp Terraform users were introduced to two significant new features that will broaden its role in infrastructure automation and bring unmanaged resources under centralized control.
Terraform actions, launched in public beta this week during HashiConf, is implemented as a new first-class block in HashiCorp configuration language (HCL). Where other top-level code blocks have focused on the initial deployment and final disposal of immutable infrastructure resources, Terraform actions codifies steps that occur between the two ends of the infrastructure management process.
"Terraform was born as a cloud-native tool with very strongly held views around immutability," said Armon Dadgar, co-founder and CTO at HashiCorp, during a keynote presentation on Thursday. "An area that was always trickier was, 'What happens if I need to touch a resource, but there's no change to the Terraform definition? That was always an area where people got creative."
One of the previous workarounds was using Terraform provisioners, which execute scripts and run commands on machines after Terraform creates or destroys resources. But using provisioners was often discouraged, according to one HashiCorp ambassador.
Terraform finally has something that still follows core principles but extends beyond day one. That's huge.
Ned BellavanceTechnical educator, Ned in the Cloud
"HashiCorp has said for years, don't use provisioners because they break the overall Terraform workflow," said Ned Bellavance, technical educator at Ned in the Cloud LLC, in an interview with Informa TechTarget. "Terraform finally has something that still follows core principles but extends beyond day one. That's huge."
The lack of support for 'Day 2' actions to support ongoing operations and configuration management "has been Terraform's biggest shortcoming," said Erik Grina Raassum, senior engineer at Sopra Steria, an IT consulting and digital services company headquartered in Paris.
However, another Terraform Community Edition user was concerned about potential disruption from such a major change to HCL's syntax.
"Just starting from the fact that it's a first-level block in the syntax itself, linters [and other workflows] might have to change," said Pato Arvizu, staff site reliability engineer at Asapp, Inc., an AI-native contact center software company in New York. "It seems like a net positive, but we'll see what else has to adjust."
Terraform actions could help link FinOps policies directly into the infrastructure provisioning workflow, for example, Arvizu said. IBM and HashiCorp will offer a packaged version of such a workflow under a new integration between IBM Cloudability Governance and Terraform run tasks rolled out this week.
Terraform actions builds new bridge to Ansible
Dadgar called Terraform actions "super-provisioners" that invoke actions throughout the lifecycle of a resource through third-party tools such as IBM Red Hat's Event-Driven Ansible tool. Terraform actions answers previous questions about how the declarative Terraform might more deeply integrate with the imperative Ansible now that both HashiCorp and Red Hat are part of IBM. Another point of overlap between the two tools, an official Ansible Terraform provider, also reached general availability this week.
"This is a totally new workflow that starts to enable Terraform to … deeply integrate with runbook systems like Ansible, [which can] be used for all sorts of things," Dadgar said. "Think about running a script on existing infrastructure. Think about upgrading firmware. Think about clearing log files. All of those things don't involve changing the underlying resources, so you had to manually set up imperative actions. There's a whole universe of things that we want to be able to support with this."
HashiCorp and Red Hat touted ties between Terraform and Ansible Automation Platform from the keynote stage, but any third-party Terraform provider will be able to expose platform-specific actions using the Terraform SDK, Dadgar said. Long-term, Terraform and Ansible will become part of a broader hybrid cloud automation platform that also ties in third-party tools such as Red Hat Developer Hub, ServiceNow and Jira.
"They're part of a bigger platform experience that we're trying to deliver," Dadgar said. "Which really says, 'How do we cater to these different personas and the different experiences they want, but underpin everything with infrastructure as code to deliver [resources] across the hybrid estate?"
HashiCorp Terraform search a coveted feature
Another feature launched in beta this week, Terraform search, represents a long-awaited update for Terraform users, Dadgar said.
"It might have been like the second ticket that was created on GitHub [for Terraform]" 10 years ago, he said. "The idea was basically, 'Can you just point me an environment, search the environment, find the things that are there, and then write the Terraform code for me?'”
Terraform search will do just that, addressing one of the major challenges to encouraging a focus on one centralized infrastructure-as-code approach within large organizations, Bellavance said.
"If you have a team that built out the infrastructure using some other tool and you want them to standardize on Terraform, you can now say, 'All right, just show me what you used, and now I'll use Terraform search to find all that stuff and get it under our standards and the modules that we want to use,'" he said.
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
Dig Deeper on Systems automation and orchestration
