Terraform and The Art of Teaching Tech with Ned Bellavance

Episode Summary

Ned Bellavance worked in the world of tech for more than a decade before joining the family profession as an educator. He joins Corey on Screaming in the Cloud to discuss his shift from engineer to educator and content creator, the intricacies of Terraform, and how changes in licensing affect the ecosystem.

Episode Show Notes & Transcript

About Ned

Ned is an IT professional with more than 20 years of experience in the field. He has been a helpdesk operator, systems administrator, cloud architect, and product manager. In 2019, Ned founded Ned in the Cloud LLC to work as an independent educator, creator, and consultant. In this new role, he develops courses for Pluralsight, runs multiple podcasts, writes books, and creates original content for technology vendors.
Ned is a Microsoft MVP since 2017 and a HashiCorp Ambassador since 2020.
Ned has three guiding principles: embrace discomfort, fail often, and be kind.

Links Referenced:


Announcer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.

Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. My guest today is Ned Bellavance, who’s the founder and curious human over at Ned in the Cloud. Ned, thank you for joining me.

Ned: Yeah, it’s a pleasure to be here, Corey.

Corey: So, what is Ned in the Cloud? There are a bunch of easy answers that I feel don’t give the complete story like, “Oh, it’s a YouTube channel,” or, “Oh no, it’s the name that you wound up using because of, I don’t know, easier to spell the URL or something.” Where do you start? Where do you stop? What are you exactly?

Ned: What am I? Wow, I didn’t know we were going to get this deep into philosophical territory this early. I mean, you got to ease me in with something. But so, Ned in the Cloud is the name of my blog from back in the days when we all started up a blog and hosted on WordPress and had fun. And then I was also at the same time working for a value-added reseller as a consultant, so a lot of what went on my blog was stuff that happened to me in the world of consulting.

And you’re always dealing with different levels of brokenness when you go to clients, so you see some interesting things, and I blogged about them. At a certain point, I decided I want to go out and do my own thing, mostly focused on training and education and content creation and I was looking for a company name. And I went through—I had a list of about 40 different names. And I showed them to my wife, and she’s like, “Why don’t you go Ned in the Cloud? Why are you making this more complicated than it needs to be?”

And I said, “Well, I’m an engineer. That is my job, by definition, but you’re probably right. I should just go with Ned in the Cloud.” So, Ned in the Cloud now is a company, just me, focused on creating educational content for technical learners on a variety of different platforms. And if I’m delivering educational content, I am a happy human, and if I’m not doing that, I’m probably out running somewhere.

Corey: I like that, and I’d like to focus on education first. There are a number of reasons that people will go in that particular direction, but what was it for you?

Ned: I think it’s kind of in the heritage of my family. It’s in my blood to a certain degree because my dad is a teacher, my mom is a teacher-turned-librarian, my sister is a teacher, my wife is a teacher, her mother is a teacher. So, there was definitely something in the air, and I think at a certain point, I was the black sheep in the sense that I was the engineer. Look, this guy over here. And then I ended up deciding that I really liked training people and learning and teaching, and became a teacher of sorts, and then they all went, “Welcome to the fold.”

Corey: It’s fun when you get to talk to people about the things that they’re learning because when someone’s learning something I find that it’s the time when their mind is the most open. I don’t think that that’s something that you don’t get to see nearly as much once someone already, quote-unquote, “Knows a thing,” because once that happens, why would you go back and learn something new? I have always learned the most—even about things that I’ve built myself—by putting it in the hands of users and seeing how they honestly sometimes hold it wrong and make mistakes that don’t make sense to me, but absolutely make sense to them. Learning something—or rather, teaching something—versus building that thing is very much an orthogonal skill set, and I don’t think that there’s enough respect given to that understanding.

Ned: It’s an interesting sphere of people who can both build the thing and then teach somebody else to build the thing because you’re right, it’s very different skill sets. Being able to teach means that you have to empathize with the human being that you’re teaching and understand that their perspective is not yours necessarily. And one of the skills that you build up as an instructor is realizing when you’re making a whole bunch of assumptions because you know something really well, and that the person that you’re teaching is not going to have that context, they’re not going to have all those assumptions baked in, so you have to actually explain that stuff out. Some of my instruction has been purely online video courses through, like, Pluralsight; less of a feedback loop there. I have to publish the entire course, and then I started getting feedback, so I really enjoy doing live trainings as well because then I get the questions right away.

And I always insist, like, if I’m delivering a lecture, and you have a question, please don’t wait for the end. Please interrupt me immediately because you’re going to forget what that question is, you’re going to lose your train of thought, and then you’re not going to ask it. And the whole class benefits when someone asks a question, and I benefit too. I learn how to explain that concept better. So, I really enjoy the live setting, but making the video courses is kind of nice, too.

Corey: I learned to speak publicly and give conference talks as a traveling contract trainer for Puppet years ago, and that was an eye-opening experience, just because you don’t really understand something until you’re teaching other people how it works. It’s how I learned Git. I gave a conference talk that explained Git to people, and that was called a forcing function because I had four months to go to learn this thing I did not fully understand and welp, they’re not going to move the conference for me, so I guess I’d better hustle. I wouldn’t necessarily recommend that approach. These days, it seems like you have a, let’s say, disproportionate level of focus on the area of Infrastructure as Code, specifically you seem to be aiming at Terraform. Is that an accurate way of describing it?

Ned: That is a very accurate way of describing it. I discovered Terraform while I was doing my consulting back in 2016 era, so this was pretty early on in the product’s lifecycle. But I had been using CloudFormation, and at that time, CloudFormation only supported JSON, which meant it was extra punishing. And being able to describe something more succinctly and also have access to all these functions and loops and variables, I was like, “This is amazing. Where were you a year ago?” And so, I really just jumped in with both feet into Terraform.

And at a certain point, I was at a conference, and I went past the Pluralsight booth, and they mentioned that they were looking for instructors. And I thought to myself, well, I like talking about things, and I’m pretty excited about this Terraform thing. Why don’t I see if they’re looking for someone to do a Terraform course? And so, I went through their audition process and sure enough, that is exactly what they were looking for. They had no getting started course for Terraform at the time. I published the course in 2017, and it has been in the top 50 courses ever since on Pluralsight. So, that told me that there’s definitely an appetite and maybe this is an area I should focus on a little bit more.

Corey: It’s a difficult area to learn. About two months ago, I started using Terraform for the first time in anger in ages. I mean, I first discovered it when I was on my way back from one of those Puppet trainings, and the person next to me was really excited about this thing that we’re about to launch. Turns out that was Mitchell Hashimoto and Armon was sitting next to him on the other side. Why he had a middle seat, I’ll never know.

But it was a really fun conversation, just talking about how he saw the world and what he was planning on doing. And a lot of that vision was realized. What I figured out a couple months ago is both that first, I’m sort of sad that Terraform is as bad as it is, but it’s the best option we’ve got because everything else is so much worse. It is omnipresent, though. Effectively, every client I’ve ever dealt with on AWS billing who has a substantial estate is managing it via Terraform.

It is the lingua franca of cloud across the board. I just wish it didn’t require as much care and feeding, especially for the getting-started-with-a-boilerplate type of scenario. So, much of what you type feels like it's useless stuff that should be implicit. I understand why it’s not, but it feels that way. It’s hard to learn.

Ned: It certainly can be. And you’re right, there’s a certain amount of boilerplate and [sigh] code that you have to write that seems pointless. Like, do I have to actually spell this all out? And sometimes the answer is yes, and sometimes the answer is you should use a module for that. Why are you writing this entire VPC configuration out yourself? And that’s the sort of thing that you learn over time is that there are shortcuts, there are ways to make the code simpler and require less care and feeding.

But I think ultimately, your infrastructure, just like your software, evolves, changes has new requirements, and you need to manage it in the same way that you want to manage your software. And I wouldn’t tell a software developer, “Oh, you know, you could just write it once and never go back to it. I’m sure it’s fine.” And by the same token, I wouldn’t tell an infrastructure developer the same thing. Now, of course, people do that and never go back and touch it, and then somebody else inherits that infrastructure and goes, “Oh, God. Where’s the state data?” And no one knows, and then you’re starting from scratch. But hopefully, if you have someone who’s doing it responsibly, they’ll be setting up Terraform in such a way that it is maintainable by somebody else.

Corey: I’d sure like to hope so. I have encountered so many horrible examples of code and wondering what malicious person wrote this. And of course, it was me, 6 or 12 months ago.

Ned: Always [laugh].

Corey: I get to play architect around a lot of these things. In fact, that’s one of the problems that I’ve had historically with an awful lot of different things that I’ve basically built, called it feature complete, let it sit for a while using the CDK or whatnot, and then oh, I want to make a small change to it. Well, first, I got to spend half a day during the entire line dependency updates and seeing what’s broken and how all of that works. It feels like for better or worse, Terraform is a lot more stable than that, as in, old versions of Terraform code from blog posts from 2016 will still effectively work. Is that accurate? I haven’t done enough exploring in that direction to be certain.

Ned: The good thing about Terraform is you can pin the version of various things that you’re using. So, if you’re using a particular version of the AWS provider, you can pin it to that specific version, and it won’t automatically upgrade you to the latest and greatest. If you didn’t do that, then you’ll get bit by the update bug, which certainly happens to some folks when they changed the provider from version 3 to version 4 and completely changed how the S3 bucket object was created. A lot of people’s scripts broke that day, so I think that was the time for everyone to learn what the version argument is and how it works. But yeah, as long as you follow that general convention of pinning versions of your modules and of your resource provider, you should be in a pretty stable place when you want to update it.

Corey: Well, here’s the $64,000 question for you, then. Does Dependabot on your GitHub repo begin screaming at you as soon as you’ve done that because in one of its dependencies in some particular weird edge cases when they’re dealing with unsanitized, internet-based input could wind up taking up too many system resources, for example? Which is, I guess, in an ideal world, it wouldn’t be an issue, but in practice, my infrastructure team is probably not trying to attack the company from the inside. They have better paths to get there, to be very blunt.

Ned: [laugh].

Corey: Turns out giving someone access to a thing just directly is way easier than making them find it. But that’s been one of the frustrating parts where, especially when it encounters things like, I don’t know, corporate security policies of, “Oh, you must clear all of these warnings,” which well-intentioned, poorly executed seems to be the takeaway there.

Ned: Yeah, I’ve certainly seen some implementations of tools that do static scanning of Terraform code and will come up with vulnerabilities or violations of best practice, then you have to put exceptions in there. And sometimes it’ll be something like, “You shouldn’t have your S3 bucket public,” which in most cases, you shouldn’t, but then there’s the one team that’s actually publishing a front-facing static website in the S3 bucket, and then they have to get, you know, special permission from on high to ignore that warning. So, a lot of those best practices that are in the scanning tools are there for very good reasons and when you onboard them, you should be ready to see a sea of red in your scan the first time and then look through that and kind of pick through what’s actually real, and we should improve in our code, and what’s something that we can safely ignore because we are intentionally doing it that way.

Corey: I feel like there’s an awful lot of… how to put this politely… implicit dependencies that are built into things. I’ll wind up figuring out how to do something by implementing it and that means I will stitch together an awful lot of blog posts, things I found on Stack Overflow, et cetera, just like a senior engineer and also Chat-Gippity will go ahead and do those things. And then the reason—like, someone asks me four years later, “Why is that thing there?” And… “Well, I don’t know, but if I remove it, it might stop working, so…” there was almost a cargo-culting style of, well, it’s always been there. So, is that necessary? Is it not?

I’m ashamed by how often I learned something very fundamental in a system that I’ve been using for 20 years—namely, the command line—just by reading the man page for a command that I already, quote-unquote, “Already know how to use perfectly well.” Yeah, there’s a lot of hidden gems buried in those things.

Ned: Oh, my goodness, I learned something about the Terraform CLI last week that I wish I’d known two years ago. And it’s been there for a long time. It’s like, when you want to validate your code with the terraform validate, you can initialize without initializing the back-end, and for those who are steeped in Terraform, that means something and for everybody else, I’m sorry [laugh]. But I discovered that was an option, and I was like, “Ahhh, this is amazing.” But to get back to the sort of dependency problems and understanding your infrastructure better—because I think that’s ultimately what’s happening when you have to describe something using Infrastructure as Code—is you discover how the infrastructure actually works versus how you thought it worked.

If you look at how—and I’m going to go into Azure-land here, so try to follow along with me—if you go into Azure-land and you look at how they construct a load balancer, the load balancer is not a single resource. It’s about eight different resources that are all tied together. And AWS has something similar with how you have target groups, and you have the load balancer component and the listener and the health check and all that. Azure has the same thing. There’s no actual load balancer object, per se.

There’s a bunch of different components that get slammed together to form that load balancer. When you look in the portal, you don’t see any of that. You just see a load balancer, and you might think this is a very simple resource to configure. When it actually comes time to break it out into code, you realize, oh, this is eight different components, each of which has its own options and arguments that I need to understand. So, one of the great things that I have seen a lot of tooling up here around is doing the import of existing infrastructure into Terraform by pointing the tool at a collection of resources—whatever they are—and saying, “Go create the Terraform code that matches that thing.” And it’s not going to be the most elegant code out there, but it will give you a baseline for what all the settings actually are, and other resource types are, and then you can tweak it as needed to add in input variables or remove some arguments that you’re not using.

Corey: Yeah, I remember when they first announced the importing of existing state. It’s wow, there’s an awful lot of stuff that it can be aware of that I will absolutely need to control unless I want it to start blowing stuff away every time I run the—[unintelligible 00:15:51] supposedly [unintelligible 00:15:52] thing against it. And that wasn’t a lot of fun. But yeah, this is the common experience of it. I only recently was reminded of the fact that I once knew, and I’d forgotten that a public versus private subnet in AWS is a human-based abstraction, not something that is implicit to the API or the way they envision subnets existing. Kind of nice, but also weird when you have to unlearn things that you’ve thought you’d learned.

Ned: That’s a really interesting example of we think of them as very different things, and when we draw nice architecture diagrams there—these are the private subnets and these are the public ones. And when you actually go to create one using Terraform—or really another tool—there’s no box that says ‘private’ or ‘make this public.’ It’s just what does your route table look like? Are you sending that traffic out the internet gateway or are you sending it to some sort of NAT device? And how does traffic come back into that subnet? That’s it. That’s what makes it private versus public versus a database subnet versus any other subnet type you want to logically assign within AWS.

Corey: Yeah. It’s kind of fun when that stuff hits.

Ned: [laugh].

Corey: I am curious, as you look across the ecosystem, do you still see that learning Terraform is a primary pain point for, I guess, the modern era of cloud engineer, or has that sunk below the surface level of awareness in some ways?

Ned: I think it’s taken as a given to a certain degree that if you’re a cloud engineer or an aspiring cloud engineer today, one of the things you’re going to learn is Infrastructure as Code, and that Infrastructure as Code is probably going to be Terraform. You can still learn—there’s a bunch of other tools out there; I’m not going to pretend like Terraform is the end-all be-all, right? We’ve got—if you want to use a general purpose programming language, you have something like Pulumi out there that will allow you to do that. If you want to use one of the cloud-native tools, you’ve got something like CloudFormation or Azure has Bicep. Please don’t use ARM templates because they hurt. They’re still JSON only, so at least CloudFormation added YAML support in there. And while I don’t really like YAML, at least it’s not 10,000 lines of code to spin up, like, two domain controllers in a subnet.

Corey: I personally wind up resolving the dichotomy between oh, should we go with JSON or should we go with YAML by picking the third option everyone hates more. That’s why I’m a staunch advocate for XML.

Ned: [laugh]. I was going to say XML. Yeah oh, as someone who dealt with SOAP stuff for a while, yeah, XML was particularly painful, so I’m not sad that went away. JSON for me, I work with it better, but YAML is more readable. So, it’s like it’s, pick your poison on that. But yeah, there’s a ton of infrastructure tools out there.

They all have basically the same concepts behind them, the same core concepts because they’re all deploying the same thing at the end of the day and there’s only so many ways you can express that concept. So, once you learn one—say you learned CloudFormation first—then Terraform is not as big of a leap. You’re still declaring stuff within a file and then having it go and make those things exist. It’s just nuances between the implementation of Terraform versus CloudFormation versus Bicep.

Corey: I wish that there were more straightforward abstractions, but I think that as soon as you get those, that inherently limits what you’re able to do, so I don’t know how you square that circle.

Ned: That’s been a real difficult thing is, people want some sort of universal cloud or infrastructure language and abstraction. I just want a virtual machine. I don’t care what kind of platform I’m on. Just give me a VM. But then you end up very much caring [laugh] what kind of VM, what operating system, what the underlying hardware is when you get to a certain level.

So, there are some workloads where you’re like, I just needed to run somewhere in a container and I really don’t care about any of the underlying stuff. And that’s great. That’s what Platform as a Service is for. If that’s your end goal, go use that. But if you’re actually standing up infrastructure for any sort of enterprise company, then you need an abstraction that gives you access to all the underlying bits when you want them.

So, if I want to specify different placement groups about my VM, I need access to that setting to create a placement group. And if I have this high-level of abstraction of a virtual machine, it doesn’t know what a placement group is, and now I’m stuck at that level of abstraction instead of getting down to the guts, or I’m going into the portal or the CLI and modifying it outside of the tool that I’m supposed to be using.

Corey: I want to change gears slightly here. One thing that has really been roiling some very particular people with very specific perspectives has been the BSL license change that Terraform has wound up rolling out. So far, the people that I’ve heard who have the strongest opinions on it tend to fall into one of three categories: either they work at HashiCorp—fair enough, they work at one of HashiCorp’s direct competitors—which yeah, okay, sure, or they tend to be—how to put this delicately—open-source evangelists, of which I freely admit I used to be one and then had other challenges I needed to chase down in other ways. So, I’m curious as to where you, who are not really on the vendor side of this at all, how do you see it shaking out?

Ned: Well, I mean, just for some context, essentially what HashiCorp decided to do was to change the licensing from Mozilla Public licensing to BSL for, I think eight of their products and Terraform was amongst those. And really, this sort of tells you where people are. The only one that anybody really made any noise about was Terraform. There’s plenty of people that use Vault, but I didn’t see a big brouhaha over the fact that Vault changed its licensing. It’s really just about Terraform. Which tells you how important it is to the ecosystem.

And if I look at the folks that are making the most noise about it, it’s like you said, they basically fall into one of two camps: it’s the open-source code purists who believe everything should be licensed in completely open-source ways, or at least if you start out with an open-source license, you can’t convert to something else later. And then there is a smaller subset of folks who work for HashiCorp competitors, and they really don’t like the idea of having to pay HashiCorp a regular fee for what used to be ostensibly free to them to use. And so, what they ended up doing was creating a fork of Terraform, just before the licensing change happened and that fork of Terraform was originally called OpenTF, and they had an OpenTF manifesto. And I don’t know about you, when I see the word ‘manifesto,’ I back away slowly and try not to make any sudden moves.

Corey: You really get the sense there’s going to be a body count tied to this. And people are like, “What about the Agile Manifesto?” “Yeah, what about it?”

Ned: [laugh]. Yeah, I’m just—when I see ‘manifesto,’ I get a little bit nervous because either someone is so incredibly passionate about something that they’ve kind of gone off the deep end a little bit, or they’re being somewhat duplicitous, and they have ulterior motives, let’s say. Now, I’m not trying to cast aspersions on anybody. I can’t read anybody’s mind and tell you exactly what their intention was behind it. I just know that the manifesto reads a little bit like an open-source purist and a little bit like someone having a temper tantrum, and vacillating between the two.

But cooler heads prevailed a little bit, and now they have changed the name to OpenTofu, and it has been accepted by the Linux Foundation as a project. So, it’s now a member of the Linux Foundation, with all the gravitas that that comes with. And some people at HashiCorp aren’t necessarily happy about the Linux Foundation choosing to pull that in.

Corey: Yeah, I saw a whole screed, effectively, that their CEO wound up brain-dumping on that frankly, from a messaging perspective, he would have been better served as not to say anything at all, to be very honest with you.

Ned: Yeah, that was a bit of a yikes moment for me.

Corey: It’s very rare that you will listen yourself into trouble as opposed to opening your mouth and getting yourself into trouble.

Ned: Exactly.

Corey: You wouldn’t think I would be one of those—of all people who would have made that observation, you wouldn’t think I would be on that list, yet here I am.

Ned: Yeah. And I don’t think either side is entirely blameless. I understand the motivations behind HashiCorp wanting to make the change. I mean, they’re a publicly traded company now and ostensibly that means that they should be making some amount of money for their investors, so they do have to bear that in mind. I don’t necessarily think that changing the licensing of Terraform is the way to make that money.

I think in the long-term, it’s not going—it may not hurt them a lot, but I don’t think it’s going to help them out a lot, and it’s tainted the goodwill of the community to a certain degree. On the other hand, I don’t entirely trust what the other businesses are saying as well in their stead. So, there’s nobody in this that comes out a hundred percent clean [laugh] on the whole process.

Corey: Yeah, I feel like, to be direct, the direct competitors to HashiCorp along its various axes are not the best actors necessarily to complain about what is their largest competitor no longer giving them access to continue to compete against them with their own product. I understand the nuances there, but it also doesn’t feel like they are the best ambassadors for that. I also definitely understand where HashiCorp is coming from where, why are we investing all this time, energy, and effort for people to basically take revenue away from us? But there’s also the bigger problem, which is, by and large, compared to how many sites are running Terraform and the revenues that HashiCorp puts up for it, they’re clearly failing to capture the value they have delivered in a massive way. But counterpoint, if they hadn’t been open-source for their life until this point, would they have ever captured that market share? Probably not.

Ned: Yeah, I think ultimately, the biggest competitor to their paid offering of Terraform is their free version of Terraform. It literally has enough bells and whistles already included and plenty of options for automating those things and solving the problems that their enterprise product solves that their biggest problem is not other competitors in the Terraform landscape; it’s the, “Well, we already have something, and it’s good enough.” And I’m not sure how you sell to that person, that’s why I’m not in marketing, but I think that is their biggest competitor is the people who already have a solution and are like, “Why do I need to pay for your thing when my thing works well enough?”

Corey: That’s part of the strange thing that I’m seeing as I look across this entire landscape is it feels like this is not something that is directly going to impact almost anyone out there who’s just using this stuff, either the open-source version as a paying customer of any of these things, but it is going to kick up a bunch of dust. And speaking of poor messaging, HashiCorp is not really killing it this quarter, where the initial announcement led to so many questions that were unclear, such as—like, they fixed this later in the frequently asked questions list, but okay, “I’m using Terraform right now and that’s fine. I’m building something else completely different. Am I going to lose my access to Terraform if you decide to launch a feature that does what my company does?” And after a couple of days, they put up an indemnity against that. Okay, fine.

Like, when Mongo did this, there was a similar type of dynamic that was emerging, but a lot fewer people are writing their own database engine to then sell onward to customers that are provisioning infrastructure on behalf of their customers. And where the boundaries lay for who was considered a direct Terraform competitor was unclear. I’m still not convinced that it is clear enough to bet the business on for a lot of these folks. It comes down to say what you mean, not—instead of hedging, you’re not helping your cause any.

Ned: Yeah, I think out of the different products that they have, some are very clear-cut. Like, Vault is a server that runs as a service, and so that’s very clear what that product is and where the lines of delineation are around Vault. If I go stand up a bunch of Vault servers and offer them as a service, then that is clearly a competitor. But if I have an automation pipeline service and people can technically automate Terraform deployments with my service, even if that’s not the core thing that I’m looking to do, am I now a competitor? Like, it’s such a fuzzy line because Terraform isn’t an application, it’s not a server that runs somewhere, it’s a CLI tool and a programming language. So yeah, those lines are very, very fuzzy. And I… like I said, it would be better if they say what they meant, as opposed to sort of the mealy-mouthed language that they ended up using and the need to publish multiple revisions of that FAQ to clarify their position on very specific niche use cases.

Corey: Yeah, I’m not trying to be difficult or insulting or anything like that. These are hard problems that everyone involved is wrestling with. It just felt a little off, and I think the messaging did them no favors when that wound up hitting. And now, everyone is sort of trying to read the tea leaves and figure out what does this mean because in isolation, it doesn’t mean anything. It is a forward-looking thing.

Whatever it is you’re doing today, no changes are needed for you, until the next version comes out, in which case, okay, now do we incorporate the new thing or don’t we? Today, to my understanding, whether I’m running Terraform or OpenTofu entirely comes down to which binary am I invoking to do the apply? There is no difference of which I am aware. That will, of course, change, but today, I don’t have to think about that.

Ned: Right. OpenTofu is a literal fork of Terraform, and they haven’t really added much in the way of features, so it should be completely compatible with Terraform. The two will diverge in the future as feature as new features get added to each one. But yeah, for folks who are using it today, they might just decide to stay on the version pre-fork and stay on that for years. I think HashiCorp has pledged 18 months of support for any minor version of Terraform, so you’ve got at least a year-and-a-half to decide. And we were kind of talking before the recording, 99% of people using Terraform do not care about this. It does not impact their daily workflow.

Corey: No. I don’t see customers caring at all. And also, “Oh, we’re only going to use the pre-fork version of Terraform,” they’re like, “Thanks for the air cover because we haven’t updated any of that stuff in five years, so tha”—

Ned: [laugh].

Corey: “Oh yeah, we’re doing it out of license concern. That’s it. That’s the reason we haven’t done anything recent with it.” Because once it’s working, changes are scary.

Ned: Yeah.

Corey: Terraform is one of those scary things, right next to databases, that if I make a change that I don’t fully understand—and no one understands everything, as we’ve covered—then this could really ruin my week. So, I’m going to be very cautious around that.

Ned: Yeah, if metrics are to be believed across the automation platforms, once an infrastructure rollout happens with a particular version of Terraform, that version does not get updated. For years. So, I have it on good authority that there’s still Terraform version 0.10 and 0.11 running on these automation platforms for really old builds where people are too scared to upgrade to, like, post 0.12 where everything changed in the language.

I believe that. People don’t want to change it, especially if it’s working. And so, for most people, this licensing chain doesn’t matter. And all the constant back and forth and bickering just makes people feel a little nervous, and it might end up pushing people away from Terraform as a platform entirely, as opposed to picking a side.

Corey: Yeah, and I think that that is probably the fair way to view it at this point where right now—please, friends at HashiCorp and HashiCorp competitors don’t yell at me for this—it’s basically a nerd slap-fight at the moment.

Ned: [laugh].

Corey: And of one of the big reasons that I also stay out of these debates almost entirely is that I married a corporate attorney who used to be a litigator and I get frustrated whenever it comes down to license arguments because you see suddenly a bunch of engineers who get to cosplay as lawyers, and reading the comments is infuriating once you realize how a little bit of this stuff works, which I’ve had 15 years of osmotic learning on this stuff. Whenever I want to upset my wife, I just read some of these comments aloud and then our dinner conversation becomes screaming. It’s wonderful.

Ned: Bad legal takes? Yeah, before—

Corey: Exactly.

Ned: Before my father became a social studies teacher, he was a lawyer for 20 years, and so I got to absorb some of the thought process of the lawyer. And yeah, I read some of these takes, and I’m like, “That doesn’t sound right. I don’t think that would hold up in any court of law.” Though a lot of the open-source licensing I don’t think has been tested in any sort of court of law. It’s just kind of like, “Well, we hope this stands up,” but nobody really has the money to check.

Corey: Yeah. This is the problem with these open-source licenses as well. Very few have never been tested in any meaningful way because I don’t know about you, but I don’t have a few million dollars in legal fees lying around to prove the point.

Ned: Yeah.

Corey: So, it’s one of those we think this is sustainable, and Lord knows the number of companies that have taken reliances on these licenses, they’re probably right. I’m certainly not going to disprove the fact—please don’t sue me—but yeah, this is one of those things that we’re sort of assuming is the case, even if it’s potentially not. I really want to thank you for taking the time to discuss how it is you view these things and talk about what it is you’re up to. If people want to learn more, where’s the best place for them to find you?

Ned: Honestly, just go to my website. It’s nedinthecloud.com. And you can also find me on LinkedIn. I don’t really go for Twitter anymore.

Corey: I envy you. I wish I could wean myself off of it. But we will, of course, include a link to that in the show notes. Thank you so much for being so generous with your time. It’s appreciated.

Ned: It’s been a pleasure. Thanks, Corey.

Corey: Net Bellavance, founder and curious human at Ned in the Cloud. I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that I will then fork under a different license and claim as my own.

Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.

Newsletter Footer

Get the Newsletter

Reach over 30,000 discerning engineers, managers, enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor an Episode

Get your message in front of people who care enough to keep current about the cloud phenomenon and its business impacts.