Terraform stores its configuration and information about the infrastructure it manages in a file called state file. The state is used to keep track of the metadata and to map actual resources to a configuration. By default, you’ll have this state file locally in your projects folder, named terraform.tfstate.
It is a security recommendation to keep Terraform states in a highly available remote data storage location. A remote state enables sharing between team members. Terraform supports storing state in:
- Terraform Cloud
- HashiCorp Consul
- Amazon S3
- Google Cloud Storage (GCS)
- Alibaba Cloud OSS
- Swift
- Etcd
- http
- Among others
In this guide, we’ll explore how you can store your Infrastructure state in HashiCorp Consul KV data store. This backend supports state locking and good for state sharing among team members.
Step 1: Setup Consul Cluster
You need to have a working Consul cluster before you can proceed with the setup. We have complete articles only focused on installation:
Step 2: Configure Terraform to use Consul
Edit your Terraform main.tf file and configure Consul backend store.
# Backend
#terraform {
# backend "local" {
# path = "terraform.tfstate"
# }
#}
terraform {
backend "consul" {
address = "consul.example.com:8500"
scheme = "http"
path = "tf/terraform.tfstate"
lock = true
gzip = false
}
}
Where:
- http://consul.example.com:8500 is the URL to your Consul cluster
- tf/terraform.tfstate is path in the Consul KV store.
- lock – Locks your state for all operations that could write state
- gzip – Used to compress the state data using gzip
If you have ACL authentication, you need to set:
- access_token / CONSUL_HTTP_TOKEN – (Required) Access token
Initialize your new or existing Terraform working directory:
$ terraform init -upgrade=true
Upgrading modules...
....
Initializing the backend...
Successfully configured the backend "consul"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform apply
If you navigate to Key/Value section in your Consul UI, you’ll see the path written.
You can read the contents of the state file:
Ref: Consul Backend configuration for Terraform
More on Terraform: