About

Terragrunt vs Terraform Workspaces

Posted on May 19, 2025 |

Both Terraform Workspaces and Terragrunt promise an easier way to manage multiple environments, but they solve different problems. This guide explains where workspaces stop being helpful and Terragrunt starts adding real value.

1. Where Workspaces Fall Short (and Terragrunt Shines)

Need	Why Workspaces Struggle	What Terragrunt Adds
Strong environment isolation(dev / stage / prod, multi-account)	All workspaces share one backend. HashiCorp themselves warn they’re “not a suitable isolation mechanism” for production-grade separation.	Each environment lives in its own folder with its own backend block, credentials, and state. Isolation is enforced by directory boundaries, not your memory of which workspace is active.
Don’t repeat yourself (DRY) across many stacks	You end up duplicating backend blocks and variable wiring in every root module.	`terragrunt.hcl` files can inherit settings (`include`, `locals`) so common config is written once and re-used everywhere.
Backend & state bootstrapping	Every module needs a handcrafted backend block plus `terraform init -reconfigure`.	`remote_state` and `generate` blocks write that backend config for you—complete with locking and versioning.
Cross-module dependencies & orchestration	Workspaces can’t express “run networking before databases.”	`dependency` blocks + `terragrunt run-all` build a DAG and apply modules in the right order (in parallel when safe).
Version pinning & promotion	One workspace can’t point the same module at two different git/S3 versions.	Each env sets its own module source (`?ref=v1.2.0`), enabling immutable, version-based promotions (dev → stage → prod).
Safety & discoverability	Forgetting `workspace select` can destroy the wrong env; workspaces are invisible in code review.	The folder path is the environment, so it’s obvious in PRs and CI can lint “no prod changes on feature branches.”
Hooks & glue logic	Terraform CLI has no pre/post hooks.	Terragrunt’s `before_hook` / `after_hook` run tests, notify Slack, rotate secrets, etc.

2. Quick Decision Matrix

Use Terraform Workspaces when…	Use Terragrunt when…
You’re a single team spinning up short-lived copies (e.g., PR previews) of one stack in the same backend.	You manage multiple long-lived environments or AWS accounts, need DRY config, or orchestrate dozens–hundreds of modules.

3. Caveats of Adopting Terragrunt

Extra layer & learning curve – Your team must grok both Terraform and Terragrunt HCL.
CI/CD integration – Terraform Cloud/Enterprise doesn’t natively run Terragrunt; you’ll need an agent or wrapper script.
Repo bloat – A folder-per-env layout grows quickly; good automation and code-owners keep it tidy.

4. Bottom Line

If you only juggle a handful of modules and environments, plain Terraform—possibly with separate directories—remains the simpler choice.

[Read More]

IBM Seagate Dell Disk Protection

Posted on May 1, 2025 |

What you are seeing

sd 1:0:8:0: [sda] tag#7835 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK
CDB: Write(32) …
Buffer I/O error on dev sda2 … lost async page write
DID_SOFT_ERROR = the drive rejected the command but the HBA thinks a retry might succeed.

Every failing CDB is a WRITE. Reads succeed, so the device can be probed (sg_scan, SMART, etc.) but nothing can be written, therefore mkfs.ext4 dies.

Linux marks the disk “rotational” because it never gets a valid cache-mode/rotation-rate page; that part is just cosmetic.

[Read More]

Creating a repeating end of month event in Google Calendar

Posted on October 30, 2024 |

Simply create an ICS file and import it into Google Calendar:

BEGIN:VCALENDAR  
VERSION:2.0  
BEGIN:VEVENT  
RRULE:FREQ=MONTHLY;INTERVAL=1;BYSETPOS=-1;BYDAY=SU,MO,TU,WE,TH,FR,SA  
SUMMARY:Timesheets  
DTSTART:20240930T110000Z  
DTEND:20240930T110000Z  
SEQUENCE:0  
DESCRIPTION:Timesheets and Invoices  
END:VEVENT  
END:VCALENDAR

Configuring Synology NAS to Access Another NUT Server for Power Management

Posted on September 11, 2024 |

If you’re using a Synology NAS in your home or business environment and you want it to access a Network UPS Tools (NUT) server for power management, there are some essential configuration steps to take. NUT is a popular tool used to manage and monitor uninterruptible power supplies (UPS), especially in networked environments where a single UPS is shared by multiple devices.

In this guide, we’ll walk you through configuring your NUT server to allow access from your Synology NAS.

[Read More]

Pushing config to an Ubuntu 24.04 LTS Machine in Azure Using Terraform

Posted on June 6, 2024 |

Managing infrastructure as code is a crucial practice in modern IT operations, and Terraform is a powerful tool to achieve this. In this blog post, we will walk through the process of pushing user data cloud config to an Ubuntu 24.04 LTS machine in Azure using Terraform. We’ll highlight the key components of the Terraform code and explain the templating mechanism used to inject user data.

Setting Up the Virtual Machine

We start by defining our Azure virtual machine using the azurerm_linux_virtual_machine resource. This resource is configured to deploy an Ubuntu 24.04 LTS machine.

[Read More]

azure devops docker terraform ubuntu

Kubernetes is not the only choice

Posted on May 24, 2024 |

Standalone Container Runtimes

Virtual Machine (VM)

Virtual Machines offer the greatest flexibility for running Docker containers, with many combinations of CPU and RAM configurations available. Both Windows and Linux VMs can host Docker, but VMs require significant maintenance and configuration. They are best suited for Dev/Test workloads due to their operational overhead.

Azure Container Instance (ACI)

Azure Container Instances provide a serverless container runtime where you simply provide the container and Azure runs it. ACI can handle both single and multiple instances, charging based on the number of vCPUs and GBs of memory used per second. This option is ideal for unpredictable burst workloads but can be challenging for cost prediction. ACI can also be integrated with Azure Kubernetes Service for hybrid workloads.

[Read More]

aks azure cloud devops kubernetes

Making a Dell T630 quiet

Posted on April 11, 2024 |

By default the fans run at relatively high speed in comparison to desktop systems. If you are running one of these servers in an office environment then you may want it to run a little quieter. What follows are the impitool command to bring the Dell T630 (should work on other Dell Servers) fans down to 20%:

ipmitool -I lanplus -H 192.168.0.152 -U root -P calvin raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x01 0x00 0x00  
ipmitool -I lanplus -H 192.168.0.152 -U root -P calvin raw 0x30 0x30 0x01 0x00  
ipmitool -I lanplus -H 192.168.0.152 -U root -P calvin raw 0x30 0x30 0x02 0xff 0x14

Benchmarking development systems

Posted on April 3, 2024 |

I quite like performant systems - lots of CPU, memory and storage. When I want to compare overall performance between systems then I usually run a build of the raspberrypi4_64 image when using buildroot

Today I am comparing three systems. One is an AMD 5950X with 128GB RAM and 2TB Samsung 980 Pro, the next an older Corsair One with an Intel i7-8700K, 32GB RAM and a 512GB PCIe v3.0 NVMe and finally an Azure VM, Standard D2s v3 (2 vcpus, 8 GiB memory) with 64GB of Standard SSD.

[Read More]

Automatically updating SSL certificate on a HP M283fdw

Posted on March 6, 2024 |

I use Home Assistant to generate a wildcard certificate for my lab using the Hurricane Electric DNS challenge. This puts the fullchain certificate and private key file into the /ssl path of Home Assistant. You have to make sure you are using the supported RSA type by the printer. I then have a cron job which pulls these files and creates a PFX file suitable for the printer:

scp root@ha:/ssl/*.pem .  
openssl pkcs12 -export -out wildcard.cert.pfx -inkey privkey.pem -in fullchain.pem

Make sure you set a password. The next step is then to upload the certificate to your printer. In my cases it is a HP M283fdw.

[Read More]

YouTube channel launch

Posted on December 2, 2023 |

Today I’ve starting creating YouTube Shorts. Very short ones at under 20 seconds to deliver a brief DevOps or tech message. Check out my channel here:
https://youtube.com/@alwe_st