My Experience Migrating from Terraform to OpenTofu

My Experience Migrating from Terraform to OpenTofu

Starting Point

If you haven't heard, Hashicorp has changed the license for their Terraform repo, from the Mozilla Public License (MPL) to the Business Source License. That's bad for end users because it adds a legal risk to continued use of Terraform. You can read more about what that means here.

Fortunately, some really smart people moved fast and forked the last MPL version of the Terraform repo, and used it to create OpenTofu (previously named OpenTF). It has been adopted by the Linux Foundation as a permanent open source project, which was very nice of them to do.

Since OpenTofu advertises itself as a drop-in replacement for Terraform 1.5, I thought I'd give it a shot over coffee this morning and see if it lives up to the promise.

Getting started, here was the Terraform provider list in one of the repos:

terraform {
  required_version = "~> 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.31.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.23.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.3"
    }
    null = {
      source  = "hashicorp/null"
      version = "3.1.1"
    }
    mongodbatlas = {
      source = "mongodb/mongodbatlas"
      version = "1.10.0"
    }
  }
  # ...
}

Installation of OpenTofu on Mac was easy, as one would expect:

$ brew install opentofu

This will install the tofu CLI, which you can test with a quick:

$ tofu -h

The output looks a whole lot like the terraform -h, as you'd expect.

Provider Compatibility

First things first. OpenTofu's initial release is considered to be version 1.6 of the previous repo, so before I could initialize, I had to update my required_version field:

terraform {
  required_version = "1.6.0"
  # ...
}

To play it safe with third-party providers compatability, I decided I would do a fresh tofu init --upgrade. That's where I hit a snag. Most of the providers installed with no problem, but arguably the most important one for this repo didn't go well.

An error with the AWS provider version 4.31.0

Well, that's a bummer. And I had run this repo about 2 weeks ago, so I knew that worked on Terraform 1.5.7.

Not to worry. I opened the provider docs and saw that (as of the time I'm writing this) it listed version 5.25.0 as the latest, so I tried that.

An error with the AWS provider version 5.25.0

Interesting.

Debugging Provider Installation

You can set the TF_LOG=trace env var to help debug anything that goes wrong in an OpenTofu command.

$ TF_LOG=trace tofu init --upgrade

This lists all of the URLs from which OpenTofu checks for available versions, just as Terraform did before it. That's how I found the published AWS provider versions:

A list of provider URLs, including the version URL

Reading through some JSON, I found version 5.16.0 was listed, and decided to give that a go.

Screenshot depicting a successful OpenTofu initialization

Booyah.

Final Result

While I have other former-Terraform repos that I'll have to migrate, it's nice to know that - at least in this first try with an existing, in-use production repo - I did manage to pull it off before finishing my coffee. Here's the final provider list:

terraform {
  required_version = "1.6.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.16.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.23.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.3"
    }
    null = {
      source  = "hashicorp/null"
      version = "3.1.1"
    }
    mongodbatlas = {
      source = "mongodb/mongodbatlas"
      version = "1.10.0"
    }
  }
  # ...
}