Consul-Terraform-Sync Now Generally Available

We are pleased to announce that Consul-Terraform-Sync (CTS) is now generally available. This release marks the continued maturity of a larger solution we are calling “Network Infrastructure Automation” (NIA). Its focus is on automating day-2 networking tasks and reducing the burden on operators caused by manual ticketing systems.

We introduced CTS last October at HashiConf and have been working closely with partners and customers to develop a robust solution that leverages both the power of Terraform’s provider ecosystem and Consul’s service networking capabilities. Operators define a set of tasks for CTS to execute whenever a new service is registered or deregistered with Consul.

These tasks consist of common networking practices including applying firewall policies, updating load balancer member pools, and more. The task functionality also allows users to build and execute custom configuration whenever a new service is registered or deregistered with Consul. CTS then uses the specified Terraform provider to execute these tasks without any additional operator intervention. In this GA release of CTS we are introducing additional enhancements for a better operator experience.

»Task Lifecycle

The core of CTS is built around the task functionality. This is how CTS is able to provide Terraform with the necessary configurations to execute the updates whenever a new service is registered or deregistered with Consul. But the task function itself is a separate process from service registration and something that users may want to have control over. The GA release has added the ability to start/stop tasks as part of any ongoing changes or maintenance to the environment along with capabilities to get the task status and the overall CTS status for smoother operations. Enabling this richer management and operations of tasks opens the door for future enhancements and more complex automation of the network.

»CTS Scalability and Security

Our goal with CTS is to enable organizations to manage their entire network infrastructure footprint with Consul and Terraform. To achieve this, we understand that many enterprises have very expansive network architectures and will require a tool that can scale to the size of their deployments. We are gathering information from partners and customers in order to test CTS at larger scales to determine the number of simultaneous devices and service requests that CTS can support. The goal is to ensure that CTS is able to support not just individual operators, but entire teams and enterprises as well. Any system that utilizes credentials to manage network infrastructure devices, has to do so in a secure fashion. CTS supports securely passing sensitive information including TLS certificates, passwords, tokens from a secret management solution, HashiCorp Vault, for the supported configuration.

»CTS GA Launch Partners

We’ve worked closely with a number of partners to bring Consul-Terraform-Sync to GA. These partners have helped us create modules for their individual Terraform providers, enabling users to start automating common tasks today. We’ll continue working with these partners to grow our CTS module library and provide additional capabilities. A special thank you to our launch partners: A10 Networks, AVI Networks, AWS, Check Point, Cisco, F5, NS1, Palo Alto Networks, and VMware. We plan to grow our ecosystem of partners for CTS, so please check the Terraform registry for new and existing modules. Here are some of the things our partners have had to say about this collaboration:

A10 Networks

“Our customers are constantly looking at ways to optimize and increase efficiency with their existing and new networking infrastructure,“ said Rishi Sampat, senior principal architect at A10 Networks. “A10 and HashiCorp are working together on network infrastructure automation using Consul-Terraform-Sync, which alleviates customer challenges and automates many Day-2 operations in a way that is both declarative and repeatable across their organizations and across multiple network infrastructure devices.”

Check Point Software Technologies

“Ticketing systems and manual workflows across multiple security infrastructure devices are not allowing teams to move as fast as developers want. This increases the likelihood of non-compliant solutions being developed. “ said Check Point Itai Greenberg, VP of Product Management, Check Point Software Technologies. “Teaming with HashiCorp to support Network Infrastructure Automation using Consul-Terraform-Sync addresses many of these challenges by enabling dynamic service-driven network automation to quickly deploy applications, which cuts down on security operation overhead and protects against misconfigurations.”

Cisco

"HashiCorp Consul and Cisco ACI provide a consistent, automated workflow for gathering application information and network health data,” said Srinivas Kotamraju, Sr. Director of Product Management, Data Center Networking Business Unit, Cisco. “The new integrated solution with Consul-Terraform-Sync (CTS) optimizes application delivery in multi-cloud environments by providing comprehensive visibility across the infrastructure and reducing operational complexities. Through this automation, CTS generates network and security policies based on dynamic changes in application services. This helps drive application agility by automating the provisioning of the network infrastructure lifecycle and reduce risk of misconfigurations.”

F5

*“The development of Consul-Terraform-Sync is an exciting step forward in helping network teams overcome the complexities of implementing dynamic automation, further enabling customers to manage F5 BIG-IP environments as code,” says Phil de la Motte, VP of Business Development, F5. "We look forward to continuing our partnership and enhancing solutions that let customers evolve and expand their automation journeys.” *

NS1

The world is moving faster, and in order to ensure optimized performance, there is a requirement for automating the provisioning, updating, and scaling of infrastructure.” said David Coffey, chief product officer for NS1. “The integration of NS1 into HashiCorp Consul using Consul Terraform-Sync will help meet the need for automation through the discovery of services over our advanced DNS network for our mutual customers”

Avi Networks

"Network automation is one of the most common challenges we hear from our customers,” said Gaurav Rastogi, Director, R&D, VMware. "Consul-Terraform-Sync helps solve this problem. Together with VMware NSX Advanced Load Balancer, customers can improve visibility and business agility. We are excited to partner with HashiCorp to enable this deep automation for our mutual customers."

For more information about our CTS integrations, read these blogs by F5, Cisco, and Check Point Software or join the upcoming A10 Networks webinar.

»Conclusion

Consul-Terraform-Sync works with both Consul OSS and Consul Enterprise and is now available for organizations to download. One quick note, at launch Consul-Terraform-Sync only works with Terraform OSS. We will continue to explore future integrations with Terraform Enterprise and Terraform Cloud. To get started, please refer to our documentation or HashiCorp Learn guides. Feel free to try out the CTS GA and give us feedback in the issue tracker. You can also stay up to date on CTS by checking the changelog. For more information about Consul, please visit our product page.