HashiConf 2018 Notes

---

Overview

For the general gist of the major announcements you can refer to the HashiConf 2018 product announcment.

Terraform

Terraform Version 0.12.0

Updates announced during the presentations and delving into Terraform 0.12.0.

• Better error handling, shows line number and resource where things go wrong.
• count is now a reserved word, so variables cannot be named count anymore.
• Ability to output the entire module with all of its attributes as a single value.
• HCL config is easier to read and comprehend and updates allow for consistent, predictable behavior in complex functions
• Improved support for loosely-coupled modules
• First Class Expressions
• Operations can be used outside of interpolation
• Removal of “${}” makes a lot of HCL easier on the eyes
• List comprehensions (var.security_group_id != "" ? [var.sg.id] : [])
• Rich Value Types
• Enhances simple type system by adding support for complex values
• Map of list
• Map of map
• Modules and resources as value
• For expressions
• Allows list and map transformations
• for_each: dynamic nested blocks

Dynamic Blocks

So…. dynamic blocks are a thing. For a resource you are going to configure several of, like tags or subnets you can specify the contents of what is being specified in the block and then interate on top of that to create multiple blocks of that type.

dynamic "tag" {
  for each local.standard_tags

	content {
		key
		value
		propgate_at_lanch
	}
}

What’s the upgrade process?

Providers it’s just a matter of recompiling the provider with the a new version of the terraform binary. A terraform upgrade tool will be released to the general public which will assist with converting HCL to HCL2.

Future additions

• To be released in in later versions of Terraform 0.12.x
• Support for using the count reserved word in modules
• Support for_each at the module level
• Implement depends_on for modules
• Vault

Companies I spoke with

Atlantis

Talked with lkysow, mechastorm and mendel, we discussed the future direction of Atlantis and found out that the direction is currently unclear, nothing concrete at the moment since the deal happened 3 weeks before the convention.

PagerDuty

PagerDuty ops team does some cool stuff with Atlantis like manages the creation of the Atlantis webhook via Terraform. So each time they create a new terraform repo, they add a PR to their Atlantis repo that creates the required resources and then redeploys Atlantis with the new configuration. Their developers developers are slowly starting to learn and love what Atlantis is/does.

Samsung

Samsung is requesting more in-depth server side configuration (moving some of the functionality of atlantis.yaml there).

1Password

• 1password CLI exists, could be useful for IT or Ops if we want to interface with 1PW instead of logging into the browser. (Really just seems to be more of the same at the moment)
• 1password X is great (no app needed)
• 1password is reviewing deploying onto an entirely a GCP infra and migrating away from AWS (similar to us), this is currently how they deploy to test to try out new features for their web based client.
• 1password may have a Terraform provider for managing Vaults and Users in the future.

Autodesk

• Terraform to manage production environment, the guys I talked with were not fully in control of the infrastructure they were deploying to. Seemed to be a release engineering team for one facet of the AutoDesk BIM app.
• Mostly learned how their infra uses Terraform, nothing super special - relied heavily on Lambda within AWS to deploy for log forwarding. Seemed very similar to how cleaner works, but instead of deleting them it passed it to Splunk.

Anaconda

Just chatted they are working on setting up Terraform by importing all of their legacy systems into a Infrastruture as Code spec.

JumpCloud

• Disccused and provided feedback on v1 / v2 API’ regarding feature parity in the previous deployment of the API. Talked about their setup of Terraform, it’s a relatively small footprint that is growing. Mostly things are being run as virtual machines, however they are heavily invested in setting up some sort of container orchestration system. Nomad is a huge plus for them, they are trying to get into the ecosystem.

Walmart Labs

Mostly me just checking in on them, I have several connections in the OpenStack world who work at Walmart and I chatted with the representative about the state of OpenStack and some of our mutual colleagues.

Linode

Talked about potentially setting up a nomad cluster using their free credits out of curiosity. They were unsure if you can virtualize on top of their virtualization layer. However they are running KVM so it’s totally possible. This vendor seems very similar to Digital Ocean, selling fixed size virtual machines for very cheap. I don’t see any practical use for them.

Google Cloud Platform

Asked to see how far along getting the remaining stackdriver and AppEngine features present on GCP into their Terraform provider. There was no direct ETA as she could not speak to them, but suggested to open an issue or bump an existing issue. Additionally, spoke with Emily Ye and learned about autogeneration and management of GCP Service Accounts and OAuth tokens that can be created via Vault. https://www.youtube.com/watch?v=TEPuFFZdmfA

DataDog

Reach out to DataDog support rep and include the Solutions Engineer name for the following:

• Getting additional support with the beta percentiles solution.
• Getting DataDog Agent v6 help, it appears we can still use Python although the backend code is written in Go. Python is still used for interfacing with dogstatsd.

HashiCorp Booths

Each booth told me it’s highly unlikely Sentinel will be separated from the enterprise version of that specific product. For example Vault and Terraform implementations of Sentinel both work very differently. Sentinel is available in the ‘Premium’ tier of Terraform Enterprise which is the most expensive. HashiCorp strives to ease “workflows as a process” not a prescriptive technology that users are forced to use.

??Future Projects??

• Rebase code to Terraform 0.12.0 syntax
• Create a Terraform Provider (wrapped around some internal API?)
• Create a private Terraform Registry
• This will allow use to visible see module history and the versioning process we will eventually implement
• Try out a new Terraform module structure (module with modules as dependencies)
• Implement terratest
• Move away from a monorepo, at the same time don’t have 1000’s of repos. (nanorepos) - (2020 edit: this actually is back to a monorepo ha)
• Deploy a nomad cluster via Terraform
• Complete deployment of Atlantis via Terraform
• GitHub webhooks and other providers that need to managed.

Misc quotes, thoughts or links

• 3 C’s of Terraform provider development
• comprehensive (allow all features practically when they are released)
• consistency (should look and act the same, docs up to date, examples up to date)
• cohesive (generate or write a resoure by hand it should all be bound together)
• “Containers aren’t real.” (Used as an emphasis of the pets vs. cattle argument)
• HashiCorp is supporting Kubernetes and is not trying to directly compete with it. HashiCorp realizes there are valid use cases for each orchestration software. They are more concerned about creating the right workflow for a user rather then pushing their own products.
• “Kubernetes isn’t the thing, it’s the thing that gets us to the thing.”
• Paxos vs. RAFT for delegation of authority
• First Class Support for Kubernetes
• Recap of HashiConf 2018 by errygg

Also a great thing to hear about their partnership with potentially ‘competitors’ to a portion of tooling, they have seen the waves Kubernetes to the container orchestration world and have decided to support it across all of their tooling:

Attended Talks

List

A Fully Containerized Platform Based on Infrastructure as Code

Rick Rackow, eBay

How Terraform Will Impact the 2018 US Elections

Nicholas Klick, ActBlue and Dan Catlin, ActBlue Technical Services

Day Two Kubernetes: Tools for Operability

Bridget Kromhout, Microsoft and Zachary Deptawa, Microsoft

Creating a Terraform Provider for Just About Anything

Eddie Zaneski, DigitalOcean

Ansible and HashiCorp: Better Together

Dylan Silva, Red Hat

A Tour of Terraform 0.12

Kristin Laemmert, HashiCorp

Winning with Terraform Enterprise - How Ellie Mae Delivers “Everything as Code” Using Terraform Enterprise

10 Lessons Learned From Writing Over 300,000 Lines of Infrastructure Code Yevgeniy Brikman, Gruntwork

The Magic of Friendship: The Google Provider’s New Approach to Terraform

Dana Hoffman, Google and Paddy Carver, HashiCorp Closing Keynote