HashiCorp's open-source exodus
Ep #8: Hashicorp is redefining DevOps by moving away from open-source.
HashiCorp adopts Business Source License also known as BSL or BUSL for all its products moving away from the open-source license Mozilla Public License v2.0 (MPL 2.0).
What impact does the license change have on the DevOps world?
Can I still use, as an end user, any of their products?
Should I keep using Terraform or move away from it to one of the alternatives?
Meaning of the photo
In a not-so-distant future humans might land on Mars to make it habitable or to "Terraform" it.
From dictionary.com the definition of the verb Terraform is:
to alter the environment of (a celestial body) in order to make it capable of supporting terrestrial life forms.
Until then, the more common result (at least in my results) of the word Terraform lands you on the Terraform tool by Hashicorp.
Introduction
I'm sure that if you have been working in tech for longer than a couple of years, you might have heard of HashiCorp and probably also used one of the many tools they developed in the last 10 years. Here it is some of them:
Terraform
Vagrant
Packer
Consul
Vault
I'm a huge fan of HashiCorp's work. Before Docker and containers became mainstream, Vagrant was my default choice for local development to create virtual machines and I was investigating Packer to create Cloud images for local development. More recently I have used Terraform to deploy my application infrastructure either on Amazon or Google Cloud. I have never used Consul and Vault professionally but I am fully aware of their widespread use and I have read many articles about both of them.
What's the impact of the license change on the end users? Are companies building on top of those products affected?
In this article, I'm going to briefly discuss the new BSL license, then provide my take on what that means, and finally provide some alternatives to Terraform since that's the tool I have used the most recently from that list.
BSL license
I'm not an expert in open-source licenses, so please forgive me if I might misunderstand some of the nuances of this license. For this reason, here I am reporting some useful extracts from the official announcement so that you can make your own opinion:
BSL 1.1 is a source-available license that allows copying, modification, redistribution, non-commercial use, and commercial use under specific conditions.
End users can continue to copy, modify, and redistribute the code for all non-commercial and commercial use, except where providing a competitive offering to HashiCorp. Partners can continue to build integrations for our joint customers. We will continue to work closely with the cloud service providers to ensure deep support for our mutual technologies. Customers of enterprise and cloud-managed HashiCorp products will see no change as well.
Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.
So this is my take, the only people affected might be people building commercial products that compete with HashiCorp and their users. It's a pity that HashiCorp's competitors didn't play nice and pushed HashiCorp to change their licenses.
I'm a big supporter of open-source but at the same time, I understand they might not have had any other choice. Competition with cloud providers might be fierce at times and you need to protect your business.
Other companies that made a similar move
HashiCorp is definitively not the first to have become famous with open-source software but that had to move away from such permissive licenses.
Something similar happened with Elasticsearch as well. More information here.
Many other companies before Elastic, like MongoDB and Confluent (the company behind Apache Kafka) had to do the same for similar reasons.
Here you can find a brief history of the license war.
Alternatives to Terraform
The product that I used most recently from HashiCorp is Terraform, but in the last year, I realised that I am not a huge fan of its language called HCL.
I am grateful to Terraform for having popularised the concept of Infrastructure as Code, but I believe in 2023 we have better alternatives like Pulumi or Crossplane.
As I understand, both those tools depend indirectly on Terraform but neither were affected by the license change.
An extract from the official Crossplane announcement
As Upbound is a maintainer of Crossplane and manages the open source project's use of Terraform, this licensing change also does not impact the project's use of Terraform.
And here is the official Pulumi announcement
Pulumi is true open source, uses the Apache 2.0 license, and does not and never will depend on BSL-licensed software in any way, HashiCorp owned or otherwise.
Since those tools are competing with each other, which one should you choose?
To be honest I haven't used those tools a lot and I am not even sure which one I prefer the most.
On one side Pulumi is the oldest and more stable option, on the other side Crossplane uses Kubernetes Custom Resources and it would make deploying applications on Kubernetes similar to deploying infrastructure on Cloud providers. The only problem with Crossplane is that you need to write YAML files. Since I am not a huge fan of YAML, I've already found an alternative called CDK8s developed by AWS that would allow me to write Crossplane resources (or any other Kubernetes resources) in code similar to Pulumi. The only problem with this project is that it is still quite a new project with "only" 3.8k stars on GitHub at the time of writing so the documentation might feel like it is still lacking in places.
Only time will tell which one of those will succeed. My bet is on Crossplane since I am already a heavy user of Kubernetes.
Another side effect of this licence change is the newly founded OpenTF, an open-source fork of Terraform that is trending today 8th September on GitHub with 4299 stars and 95 forks at the time of writing. More resources about this are the OpenTF manifesto and their OpenTF GitHub repo.
Conclusion
I hope with this article I have provided a better understanding of what is currently happening with HashiCorp and its license.
Only time will tell what is the future open-source license.
Are you still going to use Terraform in the future? Are you going to use its open-source version OpenTF or drop it entirely for one of those alternatives introduced here?
Personally, I am going to invest more of my time in learning about Pulumi and Crossplane instead of using Terraform.
Please let me what you think in the comments below.