-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OpenTofu (epic) #3741
Comments
This Ticket should be renamed to |
Should be just |
@nitrocode @chenrui333 @raynigon I would like to work on this issue, could you assign me? |
@sirvantedbrl feel free to kick off a PR and we can start from there. Thanks! |
@chenrui333 İ'm starting to work on sending a PR, thank you. |
The idea is that we will still support both Terraform and OpenTofu. There may be some hard-code references to Terraform. We want to abstract that so that we don't have to do this again for even another tool. Atlantis long-term should be vendor-agnostic. |
opentofu just GA today, https://github.com/opentofu/opentofu/releases/tag/v1.6.0 |
A workaround for users that want to go down the opentofu path before support is official could do the following.
|
Worked for me Installation with helm:
initConfig:
enabled: true
image: alpine:latest
imagePullPolicy: IfNotPresent
# sharedDir is set as env var INIT_SHARED_DIR
sharedDir: /plugins
workDir: /tmp
sizeLimit: 250Mi
# example of how the script can be configured to install tools/providers required by the atlantis pod
script: |
#!/bin/sh
set -eoux pipefail
# terragrunt
TG_VERSION="0.55.10"
TG_SHA256_SUM="1ad609399352348a41bb5ea96fdff5c7a18ac223742f60603a557a54fc8c6cff"
TG_FILE="${INIT_SHARED_DIR}/terragrunt"
wget https://github.com/gruntwork-io/terragrunt/releases/download/v${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
echo "${TG_SHA256_SUM} ${TG_FILE}" | sha256sum -c
chmod 755 "${TG_FILE}"
terragrunt -v
# OpenTofu
TF_VERSION="1.6.2"
TF_FILE="${INIT_SHARED_DIR}/tofu"
wget https://github.com/opentofu/opentofu/releases/download/v${TF_VERSION}/tofu_${TF_VERSION}_linux_amd64.zip
unzip tofu_${TF_VERSION}_linux_amd64.zip
mv tofu ${INIT_SHARED_DIR}
chmod 755 "${TF_FILE}"
tofu -v environment:
ATLANTIS_TF_DOWNLOAD: false
TERRAGRUNT_TFPATH: /plugins/tofu repoConfig: |
---
repos:
- id: /.*/
apply_requirements: [approved, mergeable]
allow_custom_workflows: true
allowed_overrides: [workflow, apply_requirements, delete_source_branch_on_merge]
version: 3
automerge: true
parallel_plan: true
parallel_apply: false
projects:
- name: terragrunt
dir: .
workspace: terragrunt
delete_source_branch_on_merge: true
autoplan:
enabled: false
apply_requirements: [mergeable, approved]
workflow: terragrunt
workflows:
terragrunt:
plan:
steps:
- env:
name: TF_IN_AUTOMATION
value: 'true'
- run: find . -name '.terragrunt-cache' | xargs rm -rf
- run: terragrunt init -reconfigure
- run:
command: terragrunt plan -input=false -out=$PLANFILE
output: strip_refreshing
apply:
steps:
- run: terragrunt apply $PLANFILE I hope it helps :) |
Nice work! I think the above is worth documenting on the site. The one suggestion I have would be to keep the version as a suffix in the binary name for consistency with how we currently use terraform. We'd also need to document without using a wrapper like terragrunt/atmos/terramate/etc Reading the description of this issue over and it's more targeting the auto download of opentofu than the usage of opentofu. Maybe we can document the above and re-title this issue as "Support autodownload of opentofu"? Your solution of installing opentofu manually and disabling auto download should work as expected. I also saw that the new aws 5.40 aws providers, which contain custom functions, are backwards compatible (but without custom function support) with older versions of terraform and current versions of opentofu. One less worry with switching from tf to opentofu. |
Perhaps since so many people have upvoted this issue, we should move the contents and title of this issue into its own issue for autodownloading opentofu Then this this issue can be (informally) an epic for full opentofu support so it can be broken up into smaller issues/subtasks |
This is my doc to deployment Atlantis with OpenTofu. https://medium.com/@contato.matthewd/deployment-atlantis-with-opentofu-85ca0fbe45e5 |
Trying to get this figured out; I'm running Atlantis in Nomad, and I can't get OpenTofu to be the tool being used. I have tried to install it as an artifact, but am met with "cannot parse terraform version" when running this way. I found #4341 which has me very confused - is the binary just floating in the image without any first party way to invoke it? All of this to say, I am not a DevOps or Terraform expert, so if there is something that I am missing, or can do to get this working in the mean time, please let me know. |
@ItsMeBrianD As the Atlantis still not have default support for opentofu, on this post, i make the deployment the atlantis use OpenTofu binary. How are your the deployment openTofu, now? |
I'm currently using a nomad job, I have tried with the noted Environment variables that you had listed in step 6 of your blog post, but it didn't make a difference. I also have not done any specific configuration in my repository, is the yaml that you've specified using terragrunt required? If so, is terragrunt also required or can I update it to refer to opentofu directly? This is a somewhat reduced version of the job file job "atlantis" {
group "atlantis" {
network {
port "ui" { to = 4141 }
}
task "atlantis" {
driver = "docker"
config {
image = "ghcr.io/runatlantis/atlantis"
entrypoint = ["atlantis"]
args = [
"server",
"--atlantis-url=$${URL}",
"--gh-user=$${USER}",
"--gh-token=$${TOKEN}",
"--gh-webhook-secret=$${SECRET}",
"--repo-allowlist=$${REPO_ALLOWLIST}",
"--tf-download=false"
]
ports = ["ui"]
volumes = [
"local/tofu/tofu:/usr/bin/tf"
]
}
artifact {
source = "https://github.com/opentofu/opentofu/releases/download/v1.8.1/tofu_1.8.1_linux_amd64.tar.gz"
destination = "local/tofu"
}
template {
destination = "secrets/.env"
env = true
data = <<EOF
{{ with secret "${secret-path}" }}
TOKEN="{{ .Data.data.gh_token }}"
USER="{{ .Data.data.gh_user }}"
SECRET="{{ .Data.data.hook_secret }}"
{{ end }}
URL="https://atlantis.${base-domain}"
REPO_ALLOWLIST="${repo}"
{{- range service "consul"}}
CONSUL_HTTP_ADDR="http://{{.Address}}:8500"
{{- end }}
EOF
}
}
}
} |
Why is this an example on how to use OpenTF with Atlantis? Maybe I am missing something, but that is using The issue that people is experiencing is while replacing Please, could you clarify? |
Yes, you can adapter for your scenario, instead of doing a the opentofu binary are available in container through the suggested installation configuration. |
Community Note
Describe the user story
Please support usage of opentofu
https://github.com/opentffoundation/opentf
Describe the solution you'd like
See above
Describe the drawbacks of your solution
N/A
Describe alternatives you've considered
N/A
The text was updated successfully, but these errors were encountered: