Closed ColinHebert closed 7 years ago
Hey @ColinHebert
Thank you for opening an issue. You might not recognize my name, since I'm not involved in the day-to-day workings of Terraform. One of my responsibilities is to manage the HashiCorp releases service, and Paul asked me to take a look at this issue.
In short, we intentionally do not provide a pointer to the "latest" version of any of our software downloads. This was a very intentional and very deliberate choice, and I'd would like to explain the reasoning. As part of the Tao of HashiCorp, we believe in Versioning through Codification and Automation through Codification. These two concepts are key in building a successful and sustainable platform. It is highly discouraged that you "ride the latest version" of any software package, not just HashiCorp. It is important to note that this is not a reflection of the quality of the software or release; it is a property of a well-built system. At any point in time, you should be able to reproduce a build. Using a remote URL whose target changes voids the possibility of having a reproducible build. We do not advocate downloading the latest version of Terraform (or any HashiCorp software), and encourage users to pick a version and then coordinate an upgrade effectively.
In case you are unaware, the HashiCorp Releases Service features a full JSON API which provides machine-parsable version information. Here is a quick jq
that would let you download the latest version of Terraform, but you should be strongly advised that we do not recommend this.
echo "https://releases.hashicorp.com/terraform/$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')/terraform_$(curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version')_darwin_amd64.zip"
Right now, that will return "0.7.8".
I agree with the sentiment of avoiding blind upgrades. In this case the process we're following is this one:
The build process is executed automatically on a regular basis. Any upgrade of the "latest" version of anything we use ends up in an expected build failure. This ensures that we're keeping our everything up to date (security updates, bugfixes, etc.). Each update is notifying us automatically (as our build breaks, on purpose) which avoids having to keep track of multiple projects moving at different speed (push vs poll). In case of unacceptable release (bugged release, etc.) it is possible to pin temporarily to a version of our choice.
Obviously the entire process relies on being able to easily access the latest version of any software.
By the way, while we're on the subject of preaching best practices to your customers; when is HashiCorp going to provide a unit testing framework for Terraform?
Hi @alexharv074
Thank you for your feedback. I replied on the Packer issue to your first comment. We do not have plans to provide a unit test framework for Terraform at this time.
Also, is there a reason not to provide real yum/apt packages? I would like to understand the design decision behind it.
For those that are interested, I created a simple bash script that attempts to be a HashiCorp package manager called hashipm. hashipm automatically determines your operating system and architecture and downloads and installs the latest version of nearly all HashiCorp packages (Consul, Nomad, Packer, Terraform, Vault) into /usr/local/bin
or /usr/bin
.
An example using hashipm to install Terraform:
➜ hashipm get terraform
Downloading terraform (0.11.7) from https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_darwin_amd64.zip...
Installed terraform (0.11.7) into /usr/local/bin
See the GitHub repo at https://github.com/elasticbyte/hashipm
That's not doing any kind of GPG or checksum validation. I'd recommend just using something simple like I did in this gist instead...
@sethvargo I have an open issue to do checksum validation if you'd like to contribute 😃 Your gist script is nice, but does not automagically handle detecting the latest version, operating system, and architecture like hashipm. Also, I believe the mv
into /usr/local/bin
will require sudo
typically.
Thanks for that link https://checkpoint-api.hashicorp.com/v1/check/terraform
to get the latest version id.
My ansible role to get latest terraform if anyone come here from google.
- name: get latest terraform version id
uri:
url: 'https://checkpoint-api.hashicorp.com/v1/check/terraform'
method: GET
status_code: 200
timeout: 10
register: release
- set_fact:
version: "{{ release.json | json_query('current_version') }}"
- name: terraform is present
get_url:
url: 'https://releases.hashicorp.com/terraform/{{ version }}/terraform_{{ version }}_linux_amd64.zip'
dest: '/tmp/terraform.zip'
Thanks for that link
https://checkpoint-api.hashicorp.com/v1/check/terraform
to get the latest version id.My ansible role to get latest terraform if anyone come here from google.
- name: get latest terraform version id uri: url: 'https://checkpoint-api.hashicorp.com/v1/check/terraform' method: GET status_code: 200 timeout: 10 register: release - set_fact: version: "{{ release.json | json_query('current_version') }}" - name: terraform is present get_url: url: 'https://releases.hashicorp.com/terraform/{{ version }}/terraform_{{ version }}_linux_amd64.zip' dest: '/tmp/terraform.zip'
@hoto can you please share how to use such ansible piece?
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Currently https://releases.hashicorp.com/terraform/ presents a list of every version of terraform ever released.
It would be nice to be able to get the latest version available (released) from https://releases.hashicorp.com/terraform/latest/ with a full link such as https://releases.hashicorp.com/terraform/latest/ terraform_latest_freebsd_amd64.zip
I know not everyone wants to rely on this behaviour, but it helps to be able to point to the latest version and leave the responsibility of making sure the version is the expected one to the user.