
Terraform Module Registry - ApsOps
https://registry.terraform.io/
======
atonse
Very excited to see this (if it is what I think it is...). Still reading about
it.

I really like Terraform but haven't been a fan of the existing way of bringing
external code into my terraform scripts, via some strange go-like "refer to
this github" repo mechanism.

Hopefully this makes them package able artifacts. Looking forward to watching
the keynote and other videos from Hashiconf.

~~~
jfroma
I'd really love to be able to build modules in some other language like
python, ruby or even javascript just because I am not very fluent yet in Go
and its tooling.

~~~
charlieegan3
The modules are written in HashiCorp configuration language.

~~~
lmickh
You can use json as well, but it is pretty unfriendly for the human users and
you lose some of the interpolation.

~~~
meddlepal
However, very useful if you're code generating Terraform config because there
are not a lot of HCL serializer/deserializer libs in existence.

------
zimbatm
Interesting, they are adopting the same pattern that I had discovered for AWS
modules:

* all modules take in a var.name and var.tags variables.

* if the resource has a unique identifier, use var.name as a prefix (eg: "${var.name}-elb")

* all resources are tagged with the Name merged into var.tags

This allows to (1) avoid name clashes with the name prefix and (2) make sure
everything is tagged and easier to filter by on AWS, while deferring most of
the tagging decision to the user.

See [https://github.com/terraform-aws-modules/terraform-aws-
vpc/b...](https://github.com/terraform-aws-modules/terraform-aws-
vpc/blob/master/main.tf#L10)

EDIT: there is still an issue with autoscaling groups who take a list of tags
instead of a map. [https://github.com/terraform-aws-modules/terraform-aws-
autos...](https://github.com/terraform-aws-modules/terraform-aws-
autoscaling/blob/master/modules/autoscaling_group/main.tf#L30-L33)

------
crummy_bum
This looks like a pretty frontend for the terraform-community-modules github
org - [https://github.com/terraform-community-
modules](https://github.com/terraform-community-modules)

The main problem with these off the shelf modules is the lack of standards
around state management and reuse.

------
sandstrom
hashicorp-people: do you have any plans to open-source sentinel?

It seems like something that could have broader use, outside the hashicorp-
suite.

For example, many SaaS-applications (say, a system used by some bank) usually
end up writing their home-grown DSL for auth or use a language library. IAM
also has something similar, with JSON payloads (but that's not code).

Would be interesting to know more about how sentinel is implemented under the
hood.

------
odammit
This is absolutely useful. I keep a bunch of half-assed modules in a repo that
I find common across projects. Love the idea of being able to find modules to
kickstart common infrastructure.

Also Terraform is a great tool and the maintainers and contributors have done
a fantastic job putting in useful features in the last few versions.

Thanks!

------
nvivo
What is terraform? Read the page, but didn't get exactly what it does.

~~~
ellius
Imagine you want to create some new machines. Maybe you need four servers: 2
running Ubuntu operating systems and 2 running Centos.

Traditinally, you would get four physical servers together and then manually
load an operating system onto each one.

With the advent of cloud technology, you can simply go to Amazon or
DigitalOcean or whoever and just "create" these resources by paying for space
in their data centers. You get four "virtual servers" instead of physical
boxes you have to configure yourself.

Terraform essentially lets you "code" and automate the cloud provisioning.
Instead of going to a dashboard and ordering four servers, you run a script
that describes all of the servers you need as well as their operating system /
networking / etc. needs. This scales very well (once you have a config you can
replicate it to whatever quantity you require) and also provides consistency
and reliability, as well as documentation, of your infrastructure.

------
Tehchops
I find this pretty exciting. I imagine the most compelling use case for most
orgs will be hosting their own private registry using Terraform Enterprise.

------
tjbiddle
I'm getting an error stating `error reading user information` upon
authentication with Github.

------
eropple
We already see with other "use this as a building block" public registries
like Docker's where people blithely pull this stuff in and don't pay attention
to whether or not it actually works according to even some semblance of best
practices. So what's the handler for the "hey, this is broken/insecure, this
needs to be fixed or taken down" case? How does this alert users whose
infrastructure pulls this in?

HashiCorp, as some of the leaders of the Make Decisions On Five Minute Demos
#squad, usually doesn't answer even half the questions for their Bright Ideas
before people adopt them and find all the rakes on the lawn. This feels even
worse than usual.

Building strong foundations matters. This doesn't help somebody who knows what
they're doing do it better/faster--because of the inevitable impedance
mismatches, in part because folks do this stuff differently and in part
because Terraform is not particularly expressive and workarounds will involve
destructive manipulation of modules--and it harms people who don't.

~~~
DandyDev
How is this any different from the various packaging mechanisms that exist for
all the different programming languages out there? You make it sound like this
is a new kind of problem that started with Docker.

When I add some dependency to the Maven pom of my legacy Java EE app, I'm
exposed to exactly the same kind of risk.

In short: research any dependency you pull in, whether it is a library for
your favorite language or a module for your infrastructure automation tool of
choice.

~~~
secstate
Whether it's true or not, I think there's a perception of a more cavalier
attitude around Docker that things will "just work" if I make my whole build
system and production deployment depend on a random lady's docker file.

Also, a lot of developers don't spend the time they ought to learning (or hire
the people who already know) how a proper tech stack works to be resilient.

Tools like Docker and Terraform make it seem magic, which it's not. PyPI, Gems
and NPM don't make Python, Ruby and Javascript seem like magic, as most devs
are deep enough in the code to see a terrible library before building their
app around it.

~~~
eropple
Agreed, and the perception here matters. The cult of the five minute demo is
_real_ and people pick tools outside of their areas of expertise based on
"well, it looked okay and there are blogs about it". The likelihood of bad
stuff (whether bad through ignorance, malice, or lack of maintenance) is much,
much higher when using these artifacts that are opaque not (just) in terms of
source--because, yeah, most people won't audit it--but in terms of
functionality (because the adoptee _doesn 't know the topic well enough to
know what's going on_).

You solve infrastructure problems _with_ code, but infrastructure is not code
and infrastructure requires a depth of understanding nobody's going to make
disappear based on "magic." As you go downstack, the damage you can do
increases. Depending on J. Random Dockerfile is problematic, as you're
exposing your compute surface to the predations of a malicious update.
Depending on J. Random Terraform Module opens you up to way deeper issues.
These issues can only be solved by really understanding your stack, and five-
minute-demo culture does not value understanding.

~~~
dasil003
> _The cult of the five minute demo is real_

This is unfortunately necessary as code eats the world, and the number of
programmers, tools and ecosystems proliferates. Popularity is necessary for
infrastructure tools to get enough eyeballs and resources to achieve
stability. It's not enough for experts with decades of experience to design
really solid but arcane tools, because the flood of new startups with young
engineers coming in saying "do we really need that?" will overwhelm than
faster than all the failures can be pointed out.

Ultimately, the quality of the tools is orthogonal to the presentation. My
perception is Hashicorp has done much better in this regard than Docker, so
there's that at least. Only time will tell how it really shapes up over time,
but I believe Hashicorp tools are seeing massive uptake for more reasons than
just good marketing.

