Terraform Locking State in Azure Blob Storage
Posted By : Ankit Kumar | 28-Jul-2019
When using terraform for building infrastructure, a state file, called terraform.tfstat gets generated locally in the current directory. This state file contains information about the infrastructure that the terraform manages. When working on a team, it is better to store this state file remotely for the centralized management of the metadata and configurational changes.
What is State locking and why do we need it?
In case the state file is stored remotely so that many people can access it, then we risk multiple people attempting to make changes to the state file at the exact same time. So we need to provide a mechanism that will “lock” the state if its currently in-use by any user and this lock will be released only when the deployment completes.
Let’s create a terraform script that will set up a Blob storage block for the state file management. In order to set up terraform to store state remotely, we need to things, blob storage to store the state file in and terraform blob backend resource.
We can create blob storage in terraform script as follows:
#Creates a ResourceGroup:
resource "azurerm_resource_group" "stagestatefiles" {
name = "stagestatefileresources"
location = "West Europe"
}
#Creates a StorageAccount
resource "azurerm_storage_account" "stagstatefiles" {
name = "stagestatefilessa"
resource_group_name = "${azurerm_resource_group.stagestatefiles.name}"
location = "West Europe"
account_tier = "Standard"
account_replication_type = "RAGRS"
}
#Creates a StorageContaiiner
resource "azurerm_storage_container" "stagestatefiles" {
name = "mystagestatefilecontainer"
resource_group_name = "${azurerm_resource_group.stagestatefiles.name}"
storage_account_name = "${azurerm_storage_account.stagestatefiles.name}"
container_access_type = "private"
}
#Creates a StorageBlob
resource "azurerm_storage_blob" "stagestatefiles" {
name = "mystagetfstate"
resource_group_name = "${azurerm_resource_group.stagestatefiles.name}"
storage_account_name = "${azurerm_storage_account.stagestatefiles.name}"
storage_container_name = "${azurerm_storage_container.stagestatefiles.name}"
type = "block"
}
Then create the blob backend module and include it in your main terraform script. This will allow our terraform script to manage to state file remotely. Once the deployment completes you will also notice that there’s no terraform.tfstat, gets generated locally.?
#main.tf
terraform {
backend "azurerm" {
storage_account_name = "stagestatefilessa"
container_name = "mystagestatefilecontainer"
key = "mystagetfstate"
resource_group_name = "stagestatefileresources"
}
}
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Ankit Kumar
RedHat certified in System Administration as well as Ansible Automation. A self-motivated professional with excellent research skill, enthusiasm to learn new things and always try to do his best