- terraform
- opentofu
- admin
- knowledge-backup
I recently decided to migrate some of my services from Terraform to OpenTofu. This was driven by HashiCorp’s licensing decisions and by curiousity. Since this change currently only impacts my personal projects, the risk seems minimal, and tackling it now rather than later should be simpler.
The instruction provided by OpenTofu are straightfoward. I run PopOS so I used the instruction provided for Debian to install. Once that was done upgrading was mostly a non-event.
First, I ran a terraform plan to ensure there were no pending changes.
terraform plan
Next, I backed up the current state:
tofu state pull > backup-before-tofu.tfstate
I recommend a quick review of that file to ensure nothing looks odd.
Then run init to install the correct tofu providers.
tofu init
Once you have completed this, ideally you can create a plan and nothing will need to change
tofu plan
In my case, it turns out that the docker provider, kreuzwerker/terraform-provider-docker
had release a major version since I last upgraded providers. This added a little bit of fun. If you run into this the only thing I really had to change was removing the latest
data reference on your docker_image
migration guide. I initially used the suggestion of repo_digest
, but for some reason that meant it tried to replace my container on every run of tofu plan
. I ended up switching to id
for now. Not sure how that will impact upgrades, but I will deal with that when we get there.
The other issue I ran into is that the new version picked up a /etc/docker/daemon.json
change to push docker logs to loki. Since I did not have this in the container definitions, it was forcing a container replacement on every plan as well. I added the following to each container to prevent the replacements.
log_opts = {
"loki-batch-size" = "400",
"loki-url" = "http://localhost:3100/loki/api/v1/push"
}
Once you resolve any issues, making a small change to validate OpenTofu can make updates is a good idea. I just added a nonsense environment change to one of my containers.
I have a few other states to switch over, so I will update this post if I run into any more issues.