HashiCorp Packaging is Here!
It’s been a long time coming but we finally have official Linux repositories for both our open source and enterprise offerings. This provides signed RPMs and DEB files along with automatic updates and simple rollbacks. This also both simplifies and deprecates quite a few of our Terraform examples and deployment strategies. It’s a good thing. Official release launch is at the end of July but early availability is public.
[Update] Repos are now public and contain all of Hashicorp’s products including newer Boundary and Waypoint. An interactive Instruqt track lets you simulate installation and upgrades here.
If you’ve used my COPR repos before for YUM/DNF based distributions I will keep maintaining those for the foreseeable future as they also include Terraform and Packer. They have been great for the open source binaries but I’ve been tracking the releases manually and the COPR system license doesn’t allow for ENT releases or anything that contains proprietary software. Our open source releases are packaged with the MPL or Mozilla Public License whereas the Enterprise releases contain our proprietary features under the HashiCorp license.
The great news is that these new official repositories were added into our build automation so you will have a consistent experience whether using Docker Hub, Brew, Yum/DNF, or APT. You will also get automatic updates on Enterprise which is a big deal. Even better these packages will be built with XZ compression that makes download and install about 30% faster than the standard zip archives we distribute today. Hopefully this will switch to Facebook’s even better Zstd compression once FPM adds support for it.
Another feature that engineering added to the RPMs was self-signed certificates as a post-install process. I’m not sure what I think about this feature yet as everybody should still generate valid TLS certs for all of our products but at least this will enable TLS right out of the box rather than use plain text which is the ultimate taboo. We will see after feedback if this feature stays or is dropped. If you have feedback please comment so we can get some information on user preference.
I strongly recommend you don’t use these repos to upgrade your production without testing them first. In the early stages, I noticed some of the configuration was not flagged with noreplace which meant that config was replaced without warning at every upgrade. Also some of the directories and permissions may not match your existing arrangement.
Packaging is signed with our new engineering key so there is no need to compare checksums during secure installation. This applies to both the enterprise and open source binaries which are both contained inside the same repositories.
$ yum install consul-enterprise vault-enterprise nomad-enterpriseIf you want to try these out asap I have a Packer manifest for our full stack on RHEL 7/8. This manifest has been updated to use our Enterprise packages and it updates them every night. Our repos don’t contain Packer and TFE base is still the Replicated platform.
The great news is that a wide version history is present on the repo so you can install or upgrade/downgrade to specific versions of our packages at any time. My COPR repos commonly only keep the latest release of each product which is a disadvantage.
Note that RPMs have a version and a release. The release is the version of the package itself. Sometimes it’s necessary to update packaging or config without a new product release. The “-1” at the end of a package version does not reflect the product version itself.
Remember that our products are all static Go binaries, so really there is no difference between EL7/8 or Fedora 32/33 releases for the same architecture. In fact if your EL release doesn’t show as supported in the listing try any one of the releases. As long as it’s running systemd it should be fine and worth a try. Good luck and we appreciate early testers and feedback.
