HashiCorp
HashiCorp is a software company that provides modular DevOps infrastructure provisioning and management products. HashiCorp software tools were originally sold as a bundled software suite under the product name Atlas, but today HashiCorp modules are sold separately.
HashiCorp products can be implemented separately or together and alongside other technologies. Many offerings have Open Source or paid variants, wherein paid options especially are targeted towards enterprise users. For example, Nomad is open source; however, the paid Enterprise version from HashiCorp adds operational and collaboration features designed to make Nomad scale for enterprise audiences.
Hashicorp products enable collaboration and automation in IT. They enable users to define infrastructure as code, from development, test and security through to deployment logic and infrastructure configurations for operations. The products support numerous cloud and private infrastructure types. Typically, Hashicorp products support third-party services through plugin architectures.
The company was founded in 2012 by Mitchell Hashimoto and Armon Dadgar, and is headquartered in San Francisco. A sampling of HashiCorp users includes Conde Nast, Mozzilla, ClassPass, Cisco, Capgemini and OpenAI.
HashiCorp products
The HashiCorp product suite includes Nomad, Vagrant, Packer, Terraform, Vault, Consul, Sentinel and Serf.
Nomad. Nomad is a cluster manager and scheduler for application deployment across an IT infrastructure. Nomad schedules applications and other services for deployment on Windows, Linux, and Mac OSes. Support is also included for containerized and virtualized applications. HashiCorp Nomad features the ability to declare jobs, plan changes, run applications and monitor applications. Users submit declarative job files to Nomad, which handles automatically scheduling and upgrading applications. This tool replaces manual steps, which can save time with large deployments of identical systems. Support for multiple deployment strategies is included, such as rolling or blue/green deployments.
Vagrant. Vagrant is a tool to create and manage development environments for virtual software. Vagrant supports creation and management of environments for VirtualBox, VMware, Microsoft Hyper-V, AWS and Docker containers. This tool's aim is to simplify configuration management of virtual environments by automating configurations.
Vagrant works via provisioners and providers. Providers are services that create virtual environments, while provisioners, such as Chef, Ansible and Puppet, enable users to control the configuration of those virtual environments. Vagrant acts as a wrapper to automate configuration of the virtual environment through the provisioner.
Packer. Packer is a tool that automates the creation of images for platforms including AWS, Docker, OpenStack, VMware, and VirtualBox. Plugins provide support for other platforms. Packer users can create multiple identical images from a single source configuration to live on multiple platforms. Packer does not replace configuration management tools; instead, it uses configuration management tools such as Chef. For example, Packer can utilize Chef to install and configure software in images.
Packer can install and configure software when the image is built, which makes for a faster infrastructure deployment than with manual processes.
Terraform. Terraform is an infrastructure as code tool that automates infrastructure provisioning on cloud platforms, including AWS, Google Compute Engine, OpenStack and Azure.
Terraform enables users to collaborate and share configurations and modules, monitor infrastructure history and reuse configurations. Configurations are stored in Version control, or can be packaged as a module where it can be shared and collaborated on. The same configurations can be used in multiple environments, such as for staging and production.
Terraform enables users to define a data center infrastructure in a configuration language to then create an execution model for a cloud-based infrastructure. Users can convert APIs to declarative files to share amongst a team.
Vault. Vault is a tool to manage keys and secrets in distributed systems. Vault enables IT teams to control access to tokens, passwords, encryption keys, and certificates to protect any potentially sensitive data.
Vault includes features such as storage backends for encrypted data, isolated Namespaces, secure plugins, detailed audit logs, lease and revoking of secrets, and more. Detailed audit logs allow users to access a history of client interactions including authentication, token creation and more. Leasing and revoking of secrets can limit how long certain credentials are valid through time-based tokens.
Vault provides a master key and generates encryption keys to protect data. The master key is split into five shares. Any three of the five shares are required to reconstruct the master key.
Vault is available in open source, Enterprise Pro, and Enterprise Premium editions. Enterprise Pro adds collaboration features for using Vault in separate teams, and Premium adds governance features for organizations.
Consul. Consul is a tool for the deployment, configuration and maintenance of service-oriented architectures (SOA). This HashiCorp tool is a distributed service mesh, which will connect, secure, and configure runtimes in public and private cloud platforms. For example, Consul can be supported via plugins in AWS, Azure, and vShpere cloud services. Consul provides key-value storage, RPC, service discovery based on DNS, and more. Event, membership and failure detection mechanisms come from companion technology Serf.
Instead of using load balancers as other service mesh products do, Consul boots instances and registers them as part of the central registry. This way, services can directly communicate with each other without having to go through other services beforehand. Similar to load balancers, which route traffic around failures, Consul can use the registry to detect and avoid services experiencing health issues.
Sentinel. Sentinel is a policy as code embeddable framework. IT organizations use policies to dictate the circumstances in which a behavior or action is allowed in software. Policy as code, much like infrastructure as code, refers to managing policies that apply to IT infrastructures with code-based instructions.
Sentinel is used to make logic-based decisions regarding policies in HashiCorp's enterprise versions of Consul, Nomad, Terraform and Vault. Sentinel offers users a fine-grain policy where a user can disallow or override behaviors, such as specific API calls, unsafe deployment configurations in Nomad, or secrets access by time in Vault. Sentinel can also enforce policies such as key formats in Counsel. This control policy can be utilized to allow specific actions on specified days or times as well. Policy decisions can be sourced with information from other applications such as from Consul. Support frameworks for both automation and developer-built plugins can be used by Sentinel as well. Enforcement levels will dictate the pass or fail behavior of a policy, meaning mandatory policies must pass in all scenarios, while soft mandatory policies can have a failure overridden.
In Terraform, policies are enabled to validate information for plan, state, and configurations. Policies in Nomad are enforced in trusted artifacts, applications which are allowed to run, or in Nomad's access control list (ACL) system, but only before accepting or updating new and existing jobs. Vault policies are enforced with all Vault API's and in Vault's ACL system. Consul's policies are enforced in Consul's ACL system, K/V, and API's.
Serf. Serf is a tool for cluster membership, failure detection, and orchestration. Serf provides features such as group membership and event broadcasts. However, Serf does not, include features such as service discovery, key storage, or advanced health checking; which are all provided by provided by Consul.
Serf acts as a limited version of Consul. For example, Serf acts only at a node level, where Consul provides both service and node level abstractions. Additionally, health checking in Serf is limited to only ensuring an agent is still operational. Although limited, Serf is focused on availability and partition tolerance; as opposed to Consul, which focuses on consistency and partition tolerance. Consul will require central servers to operate; however, Serf does not require centralized servers and can run consistently.