Installing HashiCorp tools in Alpine Linux containers

Learn the installation and verification workflow for any Linux distribution that does not include HashiCorp software in its package repository.

Feb 12 2024Rosemary Wang

Many container images use Alpine Linux as their base operating system. When you build your own container image, you include the installation of packages in a Dockerfile (Containerfile). While you can use the official container images for HashiCorp tools, you may need to build your own container image with additional dependencies to apply HashiCorp Terraform in a CI/CD pipeline, run HashiCorp Vault or Consul on a workload orchestrator, or deploy HashiCorp Boundary in containers.

This post demonstrates how to install the official release binaries for HashiCorp tools on Alpine Linux for container images. We’re sharing these instructions because although HashiCorp supports official repositories for many operating systems and distributions, including various Linux distributions, Alpine Linux users must download the tools from precompiled binaries on the HashiCorp release site. The binaries are not available through Alpine Package Keeper.

»Build a container image

You can download the binary for any HashiCorp tool on the HashiCorp release site. Use the release site to download a specific product and its version for a given operating system and architecture. For Alpine Linux, use the product binary compiled for Linux AMD64:

FROM alpine:latest ARG PRODUCTARG VERSION RUN apk add --update --virtual .deps --no-cache gnupg && \    cd /tmp && \    wget https://releases.hashicorp.com/${PRODUCT}/${VERSION}/${PRODUCT}_${VERSION}_linux_amd64.zip && \    wget https://releases.hashicorp.com/${PRODUCT}/${VERSION}/${PRODUCT}_${VERSION}_SHA256SUMS && \    wget https://releases.hashicorp.com/${PRODUCT}/${VERSION}/${PRODUCT}_${VERSION}_SHA256SUMS.sig && \    wget -qO- https://www.hashicorp.com/.well-known/pgp-key.txt | gpg --import && \    gpg --verify ${PRODUCT}_${VERSION}_SHA256SUMS.sig ${PRODUCT}_${VERSION}_SHA256SUMS && \    grep ${PRODUCT}_${VERSION}_linux_amd64.zip ${PRODUCT}_${VERSION}_SHA256SUMS | sha256sum -c && \    unzip /tmp/${PRODUCT}_${VERSION}_linux_amd64.zip -d /tmp && \    mv /tmp/${PRODUCT} /usr/local/bin/${PRODUCT} && \    rm -f /tmp/${PRODUCT}_${VERSION}_linux_amd64.zip ${PRODUCT}_${VERSION}_SHA256SUMS ${VERSION}/${PRODUCT}_${VERSION}_SHA256SUMS.sig && \    apk del .deps

The example Dockerfile includes build arguments for the product and version. Use these arguments to install the HashiCorp tool of your choice. For example, you can use this Dockerfile to create an Alpine Linux base image with Terraform version 1.7.2:

docker build --build-arg PRODUCT=terraform \--build-arg VERSION=1.7.2 \-t joatmon08/terraform:test .

You can run a container with the new Terraform base image and issue Terraform commands:

$ docker run -it joatmon08/terraform:test terraform -help Usage: terraform [global options] <subcommand> [args] The available commands for execution are listed below.The primary workflow commands are given first, followed byless common or more advanced commands. Main commands:  init          Prepare your working directory for other commands  validate      Check whether the configuration is valid  plan          Show changes required by the current configuration  apply         Create or update infrastructure  destroy       Destroy previously-created infrastructure ## omitted for clarity

The example Dockerfile includes commands to download the release’s checksum and signature. Use the signature to verify the checksum and the checksum to validate the archive file. This workflow requires the gnupg package to verify HashiCorp’s signature on the checksum. The Dockerfile installs gnupg and deletes it after installing the release.

While the example Dockerfile verifies and installs a product’s official release binary, it does not include dependencies to run the binary. For example, HashiCorp Nomad requires additional packages such as gcompat. Be sure to install any additional dependencies that your tools require in your container image before running a container for it.

»Learn more

If you need to use a HashiCorp tool in your own container, download and unarchive the appropriate release binaries from our release site. Include verification of the signature and a checksum for the download to ensure its integrity. This installation and verification workflow applies to any Linux distribution that does not include HashiCorp software in its package repository.

Refer to Verify HashiCorp binary downloads to learn more about downloading and verifying HashiCorp release binaries and building container images with HashiCorp tools.

Review our official release channels to download and install HashiCorp products on other platforms and architectures. We release official container images for each product in DockerHub under the HashiCorp namespace.

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

ServiceNow Catalog for Terraform adds no-code integration
April 25 2024 | Products & Technology
ServiceNow Catalog for Terraform adds no-code integration

ServiceNow Service Catalog for Terraform now lets users provision infrastructure powered by no-code modules published in their organization’s private registry.

HCP Packer improves metadata visibility for artifact creation
April 23 2024 | Products & Technology
HCP Packer improves metadata visibility for artifact creation

You can now see the Packer Community Edition version and plugin versions associated with each artifact in HCP Packer.

HCP Terraform bridges the skills gap, adds no-code module version upgrades
April 23 2024 | Products & Technology
HCP Terraform bridges the skills gap, adds no-code module version upgrades

No-code provisioning module version upgrades are now GA in HCP Terraform, providing validated self-service infrastructure to reduce toil and lower cloud spend.