SBN

Open-Source Software: No Free Lunch

By Jason Turim, CTO and Co-Founder of OpsCanvas

Open-source software offerings and the communities that have evolved in support of them have enabled much positive growth in IT, generally, and in software development in particular. However, as Hashicorp and other providers of those offerings seek more reliable revenue streams, many are replacing their open-source licenses with alternatives that impose higher costs and more restrictions on users. SaaS companies and their DevOps teams must carefully consider and track licensing developments and decisions made by suppliers of their tools and solutions and either abandon open-source offerings or plan for their availability and licensing to change.

Open-Source Software: It’s Everywhere

Since Linus Torvalds invented Linux and Red Hat and other pioneers built businesses around open-source software, multiple open-source offerings have made life easier for many DevOps teams and their companies. From Chef, Elasticsearch, and Puppet to Git, Docker, and Kubernetes, open-source tools support every major DevOps task, from container orchestration and version control to Infrastructure as Code (IaC), logging, and monitoring.

The GitHub platform claims more than 100,000 users. In 2022, GitHub reported that 90 percent of companies use open-source software, and developers made more than 413 million contributions to open-source projects and communities. 

HashiCorp Changes the Rules

Hashicorp is one of the most popular open-source tools among DevOps engineers and teams. In 2022, Amazon Web Services (AWS) Chief Evangelist Jeff Barr tweeted that Hashicorp’s AWS Provider plug-in had been downloaded some 1.3 billion times, with half of those downloads taking place in that same year.

However, recent developments have cast a shadow of uncertainty over the open-source DevOps market. Hashicorp, makers of Terraform, a popular IaC tool, has announced that after more than a decade of licensing its products under the Mozilla Public License (MPL), it is moving to the Business Source License (BSL) created by the original developer of MySQL.

The BSL limits what those companies can do with Terraform source code and is almost guaranteed to lead to higher Terraform-related costs and other challenges for those companies. Because while the MPL allows unrestricted modification, redistribution, and use of software licensed under it, the BSL imposes restrictions on source-code sharing, redistribution, and use.

Hashicorp has publicly promised its users will not be affected as long as they don’t compete with Hashicorp. However, under its implementation of the BSL, Hashicorp itself is the sole arbiter of whether a particular use of Terraform violates the company’s licensing. 

The Open-Source Community Responds: OpenTofu

As has happened with open-source software for other uses, members of the Terraform community have responded by collaboratively developing an alternative to Terraform, freely available as open-source software, known as OpenTofu. Previously named OpenTF, OpenTofu is an open-source, community-driven fork of Terraform managed by the Linux Foundation. The OpenTofu Manifesto was published four days after Hashicorp adopted the BSL. Within a few short weeks after that, the first version of OpenTofu had been released, OpenTofu joined the Linux Foundation, and more than 35,000 people publicly expressed support for it. Its developers have said publicly that their goal is to make OpenTofu a drop-in replacement for Terraform.

Unfortunately, Hashicorp has chosen not to help make this easier for open-source supporters. Hashicorp has announced that the Terraform Registry can only be used with Terraform. This means the OpenTofu community must develop a functionally comparable registry. Fortunately, there are already nearly 100 OpenTofu repositories available on GitHub. The OpenTofu community is growing rapidly and clearly committed to delivering a solution that matches or exceeds the functionality of Terraform – functionality that was largely achieved thanks to contributions from the open-source community.

Terraform or OpenTofu? What You Should Do Now

If your company’s DevOps engineering teams are using Terraform now, your technology and business leaders have new choices to make. Your primary options are sticking with Hashicorp and moving to the BSL or to OpenTofu. And, of course, there are challenges to both.

The latest version of Terraform available under the MPL is version 1.5.7. However, the latest release is version 1.6.0. That version includes two major changes – the release of the “Terraform test” and the change to the BSL. And moving to OpenTofu now isn’t really an option, as the software is not yet ready for production deployment. So your immediate decision is to upgrade to Terraform 1.6.0 and face its uncertainties or to stay on Terraform 1.5.7 and wait to see how long it takes OpenTofu to become production-ready. The good news here is that you can do more than wait and see. You can contribute to the development of OpenTofu – the beauty and strength of open-source software.

Sticking with Hashicorp may seem to be the path of least resistance. However, it places your company’s DevOps effort at the mercy of any future licensing changes Hashicorp chooses to make. Moving to OpenTofu will likely offer more freedom of choice. But there are no guarantees that the OpenTofu community can fulfill its commitment to deliver a drop-in replacement for Terraform, how long that will take, or how consistently compatibility will be sustained.

I may be biased, but a more practical alternative is to work with intermediary companies that shield DevOps teams from dealing with such licensing challenges. OpsCanvas, for example, takes an approach to IaC creation that replaces manual coding with “Draw and Deploy” technologies that abstract, automate, and manage underlying technologies such as Terraform. 

With OpsCanvas, DevOps engineers can deploy environments more easily and rapidly without worrying about details such as the particular IaC technologies they’re using or how they are licensed. As you’re considering how best to move your DevOps efforts forward, you may find it less disruptive and expensive to focus on solutions that insulate your company from further perturbations in the open-source world.

OpsCanvas’ vision is to enable all businesses to leverage the scalability and potential of the cloud without the complexities of deployment or over-reliance on specialized engineers. We aim to democratize the cloud and allow all companies to harness its power, keeping them competitive in today’s fast-paced digital world. The OpsCanvas platform engineering platform streamlines cloud deployment for startups and established enterprises, eliminating the need for expensive resources or specialized technical knowledge. By using OpsCanvas, businesses can simplify cloud deployment, making it a straightforward and seamless process that no longer requires navigating complexity. For more information on OpsCanvas, please click here. We are pleased that our Public Beta is now available here.

The post Open-Source Software: No Free Lunch appeared first on OpsCanvas.

*** This is a Security Bloggers Network syndicated blog from Blogs - OpsCanvas authored by Jason Turim. Read the original post at: https://www.opscanvas.com/open-source-software-no-free-lunch/