By default, the terrain form will generate a state file in the current directory after running, which stores the resource state after the last successful execution.
However, in the production environment, there are usually multiple SRE/DevOps responsible for operation and maintenance. Based on the local state, it may cause bifurcation on the resource file version of the terrain.
So why not put the state file on git so that everyone can change it?
The reason is that if multiple people modify the terrain concurrently, the state will still be inconsistent.
At this time, one of the easiest solutions we can think of is to put the state into A similar database. During execution, operation and maintenance A locks the record before releasing it, and operation and maintenance B can continue to execute.
Terrain here, for remote state storage, s3, alicloud oss, and consumer are already supported (the columns may not be complete).
The following is an example from the Internet:
vim /root/.zshrc adds ak of aws, similar to the following:
export AWS_ACCESS_KEY_ID = AKIA2PA4F44444Q7C72XJ export AWS_SECRET_ACCESS_KEY = RnckzT427mR222222nZRHHA3333kRV
Clone sample code
git clone https://github.com/loujaybee/terraform-aws-github-action-bootstrap.git
cd terraform-aws-github-action-bootstrap/
I simply modified the main TF, as follows:
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {
bucket = "lee-terraform-project-name-bootstrap-terraform-state"
key = "default-infrastructure"
region = "us-east-1"
}
}
#resource "aws_s3_bucket" "terraform_state" {
# bucket = "lee-terraform-project-name-bootstrap-terraform-state"
# versioning {
# enabled = true
# }
#}Then execute
terraform init terraform apply
After completion, an s3bucket will be created with the name Lee terrain project name bootstrap terrain state, as shown in the following figure:
Then, we store the terrain state file in remote s3
Modify main TF modified files are as follows:
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {
bucket = "lee-terraform-project-name-bootstrap-terraform-state"
key = "default-infrastructure"
region = "us-east-1"
}
}
resource "aws_s3_bucket" "terraform_state" {
bucket = "lee-terraform-project-name-bootstrap-terraform-state"
versioning {
enabled = true
}
}Then, execute the following command to make it effective:
terraform init terraform apply
On the storage of s3, you can see that a state file is generated. Interested can download it. It's a json file.
We can also try to open an ec2 host. The modified code is as follows:
provider "aws" {
region = "us-east-1"
}
terraform {
backend "s3" {
bucket = "lee-terraform-project-name-bootstrap-terraform-state"
key = "default-infrastructure"
region = "us-east-1"
}
}
resource "aws_s3_bucket" "terraform_state" {
bucket = "lee-terraform-project-name-bootstrap-terraform-state"
versioning {
enabled = true
}
}
resource "aws_instance" "app_server" {
ami = "ami-087c17d1fe0178315"
instance_type = "t2.nano"
count = 1
tags = {
Name = "prod-devops-dba-01"
}
}Run it, and you can open an ec2 instance
terraform plan Then, we can upload the file to gitlab git add . git commit -m 'first commit' git push In the production environment, we should push it to the individual branch and then others in the group review After, merge Next code to master. Then go to the production environment pull Code, then execute terraform apply (It can also be used here CICD System will terraform apply This step applies automation to the production environment)
After each change, the latest state will be transferred to s3 after executing apply, and s3 will be run many times. The versions of records in s3 are as follows:
Finally, after the test, remember that terrain destroy destroys relevant resources to avoid wasting money. I've suffered a great loss!
Supplement:
The state file can be stored in the consumer as well as in the S3 cloud vendor. Next, I post a packet capture when I save the state to consumer and execute terrain apply.
