How To Store Terraform State in Consul KV Store

Posted on 133 views

Terraform stores its configuration and information about the infrastructure it manages in a file called state file. The state is used to keep track of the metadata and to map actual resources to a configuration. By default, you’ll have this state file locally in your projects folder, named terraform.tfstate.

It is a security recommendation to keep Terraform states in a highly available remote data storage location. A remote state enables sharing between team members. Terraform supports storing state in:

  • Terraform Cloud
  • HashiCorp Consul
  • Amazon S3
  • Google Cloud Storage (GCS)
  • Alibaba Cloud OSS
  • Swift
  • Etcd
  • http
  • Among others

In this guide, we’ll explore how you can store your Infrastructure state in HashiCorp Consul KV data store. This backend supports state locking and good for state sharing among team members.

Step 1: Setup Consul Cluster

You need to have a working Consul cluster before you can proceed with the setup. We have complete articles only focused on installation:

Step 2: Configure Terraform to use Consul

Edit your Terraform main.tf file and configure Consul backend store.

# Backend
#terraform 
#  backend "local" 
#    path = "terraform.tfstate"
#  
#

terraform 
  backend "consul" 
    address  = "consul.example.com:8500"
    scheme   = "http"
    path     = "tf/terraform.tfstate"
    lock     = true
    gzip     = false
  

Where:

  • http://consul.example.com:8500 is the URL to your Consul cluster
  • tf/terraform.tfstate is path in the Consul KV store.
  • lock – Locks your state for all operations that could write state
  • gzip – Used to compress the state data using gzip

If you have ACL authentication, you need to set:

  • access_token / CONSUL_HTTP_TOKEN – (Required) Access token

Initialize your new or existing Terraform working directory:

$ terraform init -upgrade=true
Upgrading modules...
....
Initializing the backend...

Successfully configured the backend "consul"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

$ terraform apply

If you navigate to Key/Value section in your Consul UI, you’ll see the path written.

terraform-consul-state-01-1024x326

You can read the contents of the state file:

terraform-consul-state-02-1024x316

Ref: Consul Backend configuration for Terraform

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.