Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the mechanism of Terraform state locking when using Google Cloud Platform?

Tags:

google-cloud-platform

google-cloud-storage

terraform

terraform-provider-gcp

What is the Google Cloud Platform mechanism for locking state file when using Terraform? Something like DynamoDB on AWS...

thanks

like image 287
zurekarol Avatar asked Nov 21 '18 13:11

zurekarol

People also ask

What is state locking in Terraform?

If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state. State locking happens automatically on all operations that could write state.

How do I store Terraform state files in Google cloud?

Change the backend configuration Make sure to update the BUCKET_NAME to match the name of your new Cloud Storage bucket. Run terraform init to configure your Terraform backend. Terraform detects that you already have a state file locally and prompts you to copy it to the new Cloud Storage bucket. Enter yes .

Does Terraform work with Google cloud?

Try Terraform on Google Cloud tutorials, courses, and self-paced training from Google Cloud Skills Boost . In this lab, you install Terraform and create a VM instance using Terraform. In this lab, you write infrastructure as code with Terraform.

Which Terraform backends support state locking?

Terraform Remote Backend — AWS S3 and DynamoDB DynamoDB supports state locking and consistency checking. A single DynamoDB table can be used to lock multiple remote state files.

2 Answers

Google Cloud Platform like most of the remote backends natively supports locking. AWS doesn't support locking natively via S3 but it does as you mentioned via DynamoDB.

To run terraform apply, Terraform will automatically acquire a lock; if someone else is already running apply, they will already have the lock, and you will have to wait.

You can run apply with the -lock-timeout=<TIME> parameter to tell Terraform to wait up to TIME for a lock to be released (e.g., -lock-timeout=10m will wait for 10 minutes).

like image 81
Max Voitko Avatar answered Sep 24 '22 15:09

Max Voitko

gcs backend implements Terraform state locking by using a special lock file with .tflock extension. This file is placed next to the Terraform state itself for the period of Terraform state operation. For example, if the state file is located at path

gs://BUCKET/PREFIX/WORKSPACE.tfstate

then the corresponding lock file will be located at path

gs://BUCKET/PREFIX/WORKSPACE.tflock

Source: hashicorp/terraform

The atomicity of locking is guaranteed by using the GCS feature called Precondition. Terraform itself makes use of DoesNotExist condition of GCP Go SDK which in turn uses the GCS Precondition. Underneath, this adds this HTTP header x-goog-if-generation-match: 0 to the GCS copy request.

According to GCS documentation:

When a Match precondition uses the value 0 instead of a generation number, the request only succeeds if there are no live objects in the Cloud Storage bucket with the name specified in the request.

Which is exactly what is needed for Terraform state locking.

like image 22
Alexander Tarasov Avatar answered Sep 23 '22 15:09

Alexander Tarasov

Sign in to Comment

Related questions

How to update Google Cloud Platform Legacy GAE and GCF Metadata Server endpoints
Upload Files with Space in Name on Google Cloud SDK Shell
Change storage class of (existing) objects in Google Cloud Storage
Does Firebase blaze plan have the spark plans quota?
Cloud Firestore equivalent of AppEngine/Datastore Memcache and Keys-only queries?
Malformed entry error while trying to install Google Cloud SDK
Can Google Cloud Dataprep monitor a GCS path for new files?
Getting ChannelException when adding Google cloud client library to Play 2.5
Why is my Container Builder build failing with "failed to find one or more images after execution of build steps"
How to get client ip from Google Network Load Balancer with kubernetes service
Google Cloud SQL import - ERROR: HTTPError 403: The client is not authorized to make this request
how to delete load balancer using gcloud command?
ImagePullBackOff error Google Kubernetes Engine
Possible to host a website with Google Cloud without a domain?
{"error": {"canonicalCode": "INVALID_ARGUMENT", google cloud
Google cloud - connect: connection refused with cloud build triggers
How to setup nginx in front of node in docker for Cloud Run?
Error 4003: can't ssh login into the instance that I created in google cloud platform
GKE: Insufficient regional quota to satisfy request: resource "IN_USE_ADDRESSES"
Incorrect Service Networking config for instance: xxxx:SERVICE_NETWORKING_NOT_ENABLED

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!