Why you should consider OpenTofu instead of Terraform
Open Source Infrastructure as Code with OpenTofu and how to get started
Introduction
So, have you heard of OpenTofu, formerly known as OpenTF? It is a Terraform fork that operates under the Linux Foundation and is quite similar to Terraform, a popular Infrastructure as Code (IaC) tool. You might wonder why this development occurred. The answer is quite simple: HashiCorp, the owner of Terraform, moved its tool from the Mozilla Public License (MPL-2.0) to the Business Source License (BSL-1.1), and the latter is not accepted as an open-source license.
At the beginning of this year, the Linux Foundation announced the general availability of the tool as production-ready. Thus, it is usable as a drop-in replacement for Terraform and introduces new features, like new authentication methods for AWS S3 state backends. From this point onward, and for upcoming releases, the features of Terraform and OpenTofu will diverge, as already announced for OpenTofu 1.7.
The main drivers behind OpenTofu are companies using Terraform, such as Gruntwork and Harness, enabling some full-time development on the project for the next few years. Checking out the GitHub repository, we can see active development efforts and lots of contributors.
Does OpenTofu replace Terraform as an Infrastructure as Code tool?
The shift from Terraform towards the BSL raised some concerns in the community, resulting in companies drifting away and adopting OpenTofu, as it can ensure flexibility, innovation, and the interests of its users in the future. But to claim it as the replacement of a well-adopted tool is too early. Terraforms source code is still public, but modification for developing competing products is disallowed, while the exact definition of a “competing product” remains vague.
As to what happens in the future, we will see if OpenTofu can compete with Terraform and better adopt features requested from the community, if so the future can be bright.
Getting Started with OpenTofu
Well, if you are familiar with Terraform it is quite easy. First, you have to install the tool, on Mac you can use Homebrew:
brew update
brew install opentofuFor other operating systems check out the installation guide.
🚨 Costs
If you follow along this could introduce costs to your AWS bill, so act at your own risk.
Here is a very minimal example of how we can use the AWS provider with OpenTofu and create an S3 Bucket with it. We do not care about state management here, but it is also possible with S3 and DynamoDB for state locking.
provider "aws" {
region = "eu-central-1"
}
resource "aws_s3_bucket" "bucket" {
bucket = "my-opentofu-bucket"
}Now you have to run the following commands:
tofu init
Initializes the directory and downloads all the providers and modules needed. For the next step, you need your authentication for AWS in place, for this example, we have simply set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables.
tofu plan
Gives you an execution plan on what will be done if you apply your changes.
tofu apply
Creates, or updates by executing the plan we have previously inspected. Finally, we clean up by calling
tofu destroy
OpenTofu with Localstack
If you want to use OpenTofu with Localstack for your local development or test suite, you can easily do so by modifying the TF_CMD. By setting the following variable as an environment variable Localstack will use OpenTofu instead of Terraform:
TF_CMD=tofu tflocalMigrate from Terraform to OpenTofu
There is a whole migration guide that covers the process. So essentially you should backup your Terraform terraform.tfstate file or your remote backend. Afterward, you can initialize the migration with tofu init in the directory where you have your terraform code. Now, you should execute tofu plan and tofu apply on some noncritical resources. If you want to rollback you redo the process but use the terraform binary with init, plan and apply.
OpenTofu Registry
OpenTofu has built its registry for modules and providers. Each provider and module is uniquely identified by a standardized address format, supporting version control with Semantic Versioning. The OpenTofu CLI facilitates service discovery, allowing for the identification of compatible versions and the retrieval of necessary information, such as download URLs, checksums, and signing keys. This structured system enhances management and ensures efficient distribution, with detailed documentation available for specific use cases and examples. All the official providers of Terraform have been forked so it is an easy migration. If you do a tofu init the OpenTofu CLI sees the hashicorp/* provider and redirect to its build of that provider.
Conclusion
The first stable release is here and you can start migrating if you like the ideas behind OpenTofu. From a feature standpoint, they are currently equal, but this will change in the future and you have to decide at some point which tool you want to keep. We can only speculate which tool will supersede the other one, but I have a slight feeling that OpenTofu will stay. What do you think about OpenTofu and the open-source approach?
🔔 Connect with me on LinkedIn.
I've never been a huge fan of Terraform, so the move to the non-opensource license was for me what I needed to look for alternatives. Currently my preferred option is Crossplane and if I want the power of a proper programming language I'll choose Pulumi instead