dev-resources.site
for different kinds of informations.
Adopting OpenTofu as an Alternative to Terraform
Infrastructure as code (IaC) is a concept for deploying infrastructure like a software application. Ongoing advancements in infrastructure virtualization have made this possible. The rise of cloud computing transformed physical servers, networks, and hardware infrastructure into virtualized services. Add assets like databases, domain name service (DNS) providers, and authentication systems, and you get infrastructure that can be deployed like software.
With a few lines of configuration script, you can deploy operating systems, networks, and storage to a remote data center with a single command. The system can be kept in sync with updates to the configuration, which makes changing or redeploying the infrastructure a breeze.
IaC should not be confused with configuration management. Tools in this category, such as Chef, Puppet, or Ansible, typically deploy and configure software components on existing infrastructure. Terraform, on the other hand, is a provisioning tool that specializes in setting up infrastructure components like operating systems, networks, databases, users, and permissions on bare server hardware. Terraform can play hand-in-hand with configuration management tools by providing the infrastructure necessary for deploying software components.
When Terraform's licensing changed, an open-source fork called OpenTofu was spun off. In this article, you'll learn about OpenTofu's features and how OpenTofu compares to Terraform.
The goal of this article is to help you make an informed decision about using OpenTofu to manage your infrastructure requirements as code.
What Is OpenTofu
OpenTofu provides a simple but powerful configuration language to describe the infrastructure that you want to deploy. You specify the number and size of virtual servers to deploy to, the operating system to use, the virtual network overlays, the DNS settings, and anything else your infrastructure needs.
Then you run a tool that reads configuration scripts written in a specialized configuration language and interacts with infrastructure resources called providers to build and deploy the required parts of the infrastructure.
If anything needs to be changed, you update the script and run the tool again. The tool then updates the actual state of your infrastructure to match the description.
OpenTofu and Terraform
You may have come across the name Terraform in the context of IaC. Terraform and OpenTofu are closely related: OpenTofu is a fork of Terraform 1.5.
Years ago, a company called HashiCorp created Terraform, among other DevOps tools like Vagrant, Packer, Nomad, Vault, and Consul. All these tools aim at automating software orchestration and infrastructure management.
Terraform's approach to provisioning infrastructure consists of a three-step workflow: write, plan, and apply. In the write step, you define the resources needed to run the infrastructure. In the plan step, Terraform compares the written infrastructure definition against the existing infrastructure and creates an execution plan for creating, updating, or destroying resources as needed. Finally, in the apply step, Terraform applies the planned changes to the target infrastructure.
To utilize as many infrastructure resources as possible, Terraform uses a plugin system that allows resource providers, such as DNS services, container orchestration systems, database services, or logging systems, to be included.
Terraform's License Change
Terraform had become a popular IaC tool when HashiCorp, its maker, decided to change the license for their tools from the Mozilla Public License (MPL) 2.0 to the Business Source License (BSL). This move aimed to protect HashiCorp from competitors who could set up hosted Terraform offers just like HashiCorp had and reap the benefits without contributing back.
HashiCorp is not the first company to make this move. Earlier, companies like MongoDB, Redis, and Cockroach Labs also decided to restrict the ability to resell their (otherwise open source) code for similar reasons.
Nevertheless, HashiCorp's announcement raised concerns among Terraform users about the possible legal implications of the license switch. It didn't take long until the latest MPL-licensed Terraform version got forked. The fork was originally named OpenTF but was later renamed to OpenTofu due to trademark concerns.
Because Terraform 1.6.x and beyond will be under the new BSL, the OpenTofu project cannot take over changes made to Terraform anymore. While OpenTofu aims to keep feature parity with Terraform, and both projects come with a backward compatibility promise (1) and (2), the two projects may slowly diverge.
Changes Introduced after the Fork
After the fork, the changelog for OpenTofu 1.6.0 lists several significant changes, including the following:
- Conditional GNU Privacy Guard (GPG) validation bypass for the default registry
- Changes to the
cloud
andremote
backends and thelogin
andlogout
commands that no longer default toapp.terraform.io
- A new
tofu test
command that significantly changes how tests are written and executed - Several enhancements and bug fixes
Additionally, the OpenTofu community continues to add changes to its roadmap.
Is OpenTofu a Viable Alternative to Terraform
If you're in search of an IaC tool, you'll need to decide between Terraform and OpenTofu. Existing Terraform users even have three options to consider: Whether to stay with Terraform, switch to OpenTofu now, or stick with Terraform 1.5.x for a while and watch future developments closely.
For both audiences, there are numerous reasons for choosing the free and open source (FOSS) alternative.
Compatibility
As of this writing, OpenTofu is fully compatible with Terraform 1.5.x, but the list of features will increasingly diverge in the future. The OpenTofu FAQ has a clear statement about a community-driven approach shaping OpenTofu's future: "The community will decide what features OpenTofu will have."
However, OpenTofu will remain backward-compatible so that existing Terraform configurations (made with Terraform up to 1.5.x) continue to work with future versions of OpenTofu (per the OpenTofu Manifesto).
Additionally, the OpenTofu core team confidently predicts that "the large number of developers pledging their resources to help develop OpenTofu will accelerate the development of features and enable faster releases than Terraform managed previously." In other words, features that Terraform users have been anticipating for some time may come to life faster with OpenTofu than with Terraform.
A Free and Open License
The compatibility question may fade in the future when OpenTofu and Terraform are established as two independent projects and interested parties have a decent list of features to compare before settling on one of the tools. Switching between the two will become less frequent.
What will remain is the question of the license under which each of the projects is offered. Terraform's BSL is a source-available license that does not guarantee that users can use the code in their preferred manner. Notably, users may not include Terraform in offerings to third parties that compete with HashiCorp's offerings. (See the "Additional Use Grant" in the HashiCorp BSL.)
In contrast, OpenTofu is licensed under the MPL 2.0, a true FOSS license that grants users the right to use the code as they wish. Having a true FOSS license means that development is driven by the community that was built around OpenTofu, which is large and thriving. The list of supporters includes more than 150 companies and more than 780 individuals.
Additionally, OpenTofu has been adopted by the Linux Foundation, a step that guarantees vendor-neutral governance of the project. The Linux Foundation maintains several projects that are used worldwide, including Linux, Kubernetes, and Node.js.
When to Choose OpenTofu over Terraform
Reasons for choosing OpenTofu vary based on the user.
Companies may have the largest incentive to choose OpenTofu. Use cases for an IaC tool are constantly at risk of conflicting with the BSL. Moreover, the Terraform project changed its license unexpectedly, and it may do so again. With a true open source license and under the umbrella of a nonprofit foundation, OpenTofu provides a far more predictable future.
Digital agencies and consultants should strive to offer their clients a solution whose legal basis is predictably stable and immune to the opaque decisions of a single company. OpenTofu is not only that. It's also backed by a large list of supporters who joined forces to enhance and extend OpenTofu based on the wishes of the community.
Individual users may feel unaffected by Terraform's switch to the BSL. But then there is little that speaks against using OpenTofu instead, which comes under a more open license. While the BSL might have little effect on individual, noncommercial users, nobody knows what possible future changes to the Terraform license will bring. Choosing an open source project now, when switching costs are low, is the sensible choice.
Can Terraform Still Be a Good Choice?
With all the obvious advantages of truly open-source projects, it would seem that no one would choose to use Terraform. Don't judge too quickly, though. It's not all black and white.
For instance, Terraform’s availability as a cloud service when paired with Hashicorp’s enterprise-level support, could be a combo that's difficult for other competitors to match.
Moreover, some customers might conclude that their Terraform use cases are not negatively affected by Terraform's switch from an open-source license to a source-available license.
Granted, these advantages are rather specific to particular customers and use cases. OpenTofu might catch up on these aspects quickly—never underestimate the power of open source.
OpenTofu Continues to Evolve
As mentioned previously, OpenTofu and Terraform are likely to take different paths in the future. With hundreds of supporters committed to shaping the future of OpenTofu, the open source path is likely the one that leads to a more feature-rich and mature product than Terraform.
For example, in August 2023, OpenTofu announced an experimental implementation of end-to-end encryption for state files, a feature that Terraform users have been waiting for since 2014.
Chances are that there will be more of these initiatives to implement long-awaited features soon.
The Future of IaC Tools Is Open Source
The power of open source should not be underestimated. For any company, consultant, or developer whose business model might be threatened by the sudden license change of Terraform, the OpenTofu project provides a solid open source alternative.
OpenTofu is compatible with Terraform and aims to stay that way. It's a Linux Foundation project free of business tactics and legal insecurity. And it's backed by a large and active community.
While the BSL forbids certain kinds of uses of Terraform, the MPL 2.0 grants users complete freedom in using OpenTofu. The Linux Foundation has a track record of widely successful open source projects, and OpenTofu is a worthy addition.
Existing Terraform users may envision a few risks when making the switch to OpenTofu, but those risks are more than mitigated by the stability that an open source, foundation-led project provides. The best time for making the switch is now, while the two projects are still similar enough to enable a smooth transition.
Featured ones: