POC to test terraform http backend.
- python implmentation storing state file as a file in the local folder. project/code here: https://github.com/rrossouw01/terraform-stateserver-py
- golang implementation storing state file as a file in the local folder. code in this project in file server.go
- golang implementation storing state in mongodb collection. code is in this project in file server-mongodb.go
- Initial source/idea from this project https://github.com/MerlinDMC/go-terraform-stateserver
- Use any of the self-sgined howto's. I used this https://github.com/denji/golang-tls
- Created subfolder states to match URL in terraform config
➜ terraform-poc tail -5 main.tf
terraform {
backend "http" {
address = "http://192.168.1.235:8080/states/terraform.tfstate"
}
}
➜ terraform-poc tail -6 main.tf
terraform {
backend "http" {
address = "https://192.168.1.235/states/terraform.tfstate"
skip_cert_verification = true
}
}
$ go run server.go -data_path=./ -listen_address=192.168.1.235:8080
$ sudo go run server.go -certfile="server.crt" -keyfile="server.key" -data_path=./ -listen_address=192.168.1.235:443
$ go run server-mongodb.go -listen_address=192.168.1.235:443
NOTE: this is TBD not yet done
$ go run server-mongodb.go -certfile="server.crt" -keyfile="server.key" -listen_address=192.168.1.235:443
- Add terraform lock configuration using configuration like this example:
➜ terraform-poc cat main.tf
terraform {
backend "http" {
address = "http://192.168.1.235:5000/terraform_state/4cdd0c76-d78b-11e9-9bea-db9cd8374f3a"
lock_address = "http://192.168.1.235:5000/terraform_lock/4cdd0c76-d78b-11e9-9bea-db9cd8374f3a"
lock_method = "PUT"
unlock_address = "http://192.168.1.235:5000/terraform_lock/4cdd0c76-d78b-11e9-9bea-db9cd8374f3a"
unlock_method = "DELETE"
}
}
- Build locking into server so each GET or POST will include lock and unlock automatically ie no terraform configuration