Declarative SEMP and Terraform: 5 Tips
I wanted to share some insights into using Terraform with Solace's Declarative SEMP (dSEMP) for managing PubSub+ event broker configurations in all form factors: Software, Hardware, and Cloud-managed PubSub+ deployments
Quick Rundown
For starters, here's a quick overview:
Terraform: Infrastructure as Code (IaC) tool that applies declarative configurations to create or update resources via pluggable providers. In the context of Solace, SEMP objects correspond to resources in Terraform
Declarative SEMP: this feature allows you to configure your PubSub+ event broker by declaring the desired state of multiple configuration objects, leaving the state synchronization to the system. Declarative APIs mean that you specify the what (target configuration) rather than the how (steps to achieve it)
Tips to using dSEMP effectively1. Understand the declarative approach
With Declarative SEMP, you define the end state you want, not the steps to get there. This means that the underlying tool (i.e. Terraform) takes care of converting the current state to the desired state. Just focus on the desired configuration in your IaC files 👀
2. Use the Appropriate Provider and SEMPv2 Versions
Make sure you are using the correct PubSub+ event broker provider and SEMPv2 versions that correspond to your specific event broker release. Using mismatched versions can lead to configurations that fail or unexpected behavior. And for that, refer to the Version Compatibility section in the documentation
3. Terraform is not atomic
terraform apply is not atomic; i.e. its not an all-or-nothing operation. Terraform does not automatically roll back the partially applied changes in cases of process interruption (e.g., due to a network failure, system crash, or manual termination). To mitigate this, it is advised to first use terraform plan before applying changes to understand the impact. Note that you can also use terraform state list and terraform state show to verify the current state before reapplying
4. Be mindful of "drift"
Since infrastructure is managed declaratively, Terraform must be the source of configuration (i.e. Terraform expects the infrastructure matches what is defined in the configuration files). The impact of this means that if any drift is detected (difference between expected and actual state), Terraform might override any external changes on the next apply leading to conflict and unplanned for disruptions. To avoid such issues, it is recommended to use the generate command which provides the current configuration of objects described in the input module. You can read more about this from @JamiesonWalker's blog here:
5. Use Terraform Modules for Reusability
Terraform supports modular configurations, making it easy to reuse and standardize your deployments. Solace provides pre-built Terraform modules for:
- Service Module (VPN settings, authentication, ACLs)
- Client Module (user profiles, authorization groups)
- Queue Endpoint Module (durable queues, templates)
- REST Delivery Module (REST delivery points and consumers)
Use these modules to streamline your Terraform setup and enforce best practices. Learn more about Terraform Modules here
Final Thoughts
Terraform + Declarative SEMP makes managing Solace PubSub+ brokers efficient and scalable. For that, it is also crucial to be aware of Terraform's limitations and best practices to ensure a smooth and reliable experience. Have any questions or tips of your own? Drop them in the comments below!
