oTF
An open source alternative to terraform enterprise.
Functionality is currently limited:
- Remote execution mode (plans and applies run remotely)
- State backend (state stored in postgresql)
- Workspace management (supports
terraform workspace
commands) - No web frontend; CLI/API support only.
Getting Started
These steps will get you started with running everything on your local system. You'll setup the server, configure SSL so that terraform trusts the server, and then configure terraform. You'll then be able to run terraform commands using the server as a remote backend.
-
Download a release. The zip file contains two binaries: a daemon and a client,
otfd
andotf
. Extract them to a directory in yourPATH
, e.g./usr/local/bin
. -
Generate SSL cert and key. For example, to generate a self-signed cert and key for localhost using
openssl
:openssl req -x509 -newkey rsa:4096 -sha256 -keyout key.pem -out cert.crt -days 365 -nodes -subj '/CN=localhost' -addext 'subjectAltName=DNS:localhost'
-
Ensure your system trusts the generated cert. For example, on Linux:
sudo cp cert.crt /usr/local/share/ca-certificates sudo update-ca-certificates
-
Ensure you have access to a postgresql server. oTF assumes it's running locally on a unix domain socket in
/var/run/postgresql
. Create a database namedotf
:createdb otfd
-
Run the oTF daemon:
otfd --ssl --cert-file=cert.crt --key-file=key.pem
The daemon runs in the foreground and can be left to run.
Note: you can customise the postgres connection string by passing it via the flag
--database
. -
In another terminal, login to your OTF server (this merely adds some dummy credentials to
~/.terraform.d/credentials.tfrc.json
):otf login
-
Configure the terraform backend and define a resource:
cat > main.tf <<EOF terraform { backend "remote" { hostname = "localhost:8080" organization = "default" workspaces { name = "dev" } } } resource "null_resource" "e2e" {} EOF
-
Run terraform!:
terraform init terraform plan terraform apply
Next Steps
oTF is a mere prototype but a roadmap of further features is planned:
- User AuthN/Z
- Agents
- Terminal application
- Github integration
- Policies (OPA?)
- Web frontend
Building
You'll need Go installed.
Clone the repo, and then build and install the binary using the make task:
git clone https://github.com/leg100/otf
cd otf
make install
That'll create a binary inside your go bins directory (defaults to $HOME/go/bin
).