The specific habits of IAC model managers is sort of essential. It’s particularly crucial within the realm of Terraform and OpenTofu as a result of software upgrades would possibly destroy or corrupt all managed infrastructure. To guard customers from surprising updates, all model managers need to work clearly and with none inner wizardry that can’t be defined with out a deep dive into the sources.
Tenv is a flexible model supervisor for OpenTofu, Terraform, Terragrunt, and Atmos, written in Go and developed by tofuutils staff. This software simplifies the complexity of dealing with completely different variations of those highly effective instruments, making certain builders and DevOps professionals can concentrate on what issues most — constructing and deploying effectively. Tenv is a successor of tofuenv and tfenv.
Within the technique of tenv growth, our staff found fairly an disagreeable shock with Terragrunt and tenv, which can have created critical points. On a contemporary set up of the Linux system, when considered one of our customers tried to run Terragrunt, the execution ended up using OpenTofu as an alternative of Terraform, with no warnings upfront. Within the manufacturing surroundings, it’d trigger critical Terraform state corruption, however fortunately it was a testing surroundings. Earlier than we take a look at the basis explanation for this difficulty, I want to elucidate how the tenv works.
Tenv manages all instruments by wrapping them in a further binary that serves as a proxy for the unique software. It means you may’t set up Terraform or OpenTofu on an strange Linux machine alongside tenv (besides NixOS case). At our software, we provide a binary with the identical title because the software (Terraform / OpenTofu / Terragrunt / Atmos), inside which we implement the proxy sample. It was required because it simplifies model administration and permits us so as to add new capabilities to computerized model discovery and set up dealing with.
So, realizing that tenv is predicated on a downstream proxy structure, we’re able to return to the issue. Why was our consumer’s execution carried out utilizing OpenTofu moderately than Terraform? The reply has two components:
- Terragrunt began to make use of OpenTofu because the default IAC software, nevertheless, this was not a significant launch; as an alternative, it was offered as a patch and customers did not anticipate to have any variations within the habits. The unique drawback could also be discovered right here.
- When Terragrunt known as OpenTofu within the new default habits, it used tenv’s proxy to verify the required model of OpenTofu and set up it mechanically.
Though the TERRAGRUNT_TFPATH
setting would possibly management the habits, customers have been unaware of the Terragrunt breaking change and have been shocked to see OpenTotu on the finish of execution. However why did OpenTofu execute if customers didn’t have it of their system? Right here we’re coping with the second difficulty that has arisen. In the beginning of tenv growth, we replicated many options from the tfenv software. Considered one of these options was computerized software set up, which is managed by the TFENV_AUTO_INSTALL
surroundings variable and is enabled by default. Tenv additionally has the TENV_AUTO_INSTALL
variable, which can be was true by default except the talked about case hasn’t been found.
Customers who used Terraform / OpenTofu with out Terragrunt through tenv might have encountered the auto-install when, for instance, switching the model of the software with the next command:
tenv tf use 1.5.3
tenv tofu use 1.6.1
The use
command put in the required model even when it wasn’t current within the operation system domestically.
After a quick GitHub dialogue, our staff determined to disable auto-install by default and launch this minor change as a brand new, main model of tenv. We made no main adjustments to this system, didn’t replace the framework of the language model, and solely up to date the default variable, deciding that customers ought to perceive that one of the vital usually utilized and essential behaviors had modified.
It is attention-grabbing that throughout the dialogue, we disagreed on whether or not customers ought to learn the README.md
or documentation, however whether or not you prefer it or not, it is true that individuals do not learn the docs except they’re in problem. Because the tofuutils staff, we can not settle for the chance {that a} consumer will mistakenly make the most of OpenTofu in a real-world manufacturing surroundings and break the state or the cloud surroundings.
Lastly, I would like to focus on just a few factors as soon as extra:
- Implement intuitive habits in your software.
- Take into account consumer expertise and be mindful that many individuals do not learn manuals.
- Don’t worry about releasing a significant model should you made the breaking change.
- In programming, specific is preferable to implicit, particularly when coping with state-sensitive instruments.