Store Terraform State into Object Storage Bucket
Caution
-
The option to upload to Resource Manager is not available when using Jenkins. When using it via CLI, with remote state configured, it is required to remove backend.tf from the directory, bring the remote state into local and then upload the stack.
-
If this is not done, attempting to execute terraform plan/apply directly from OCI Resource Manager may result in below error.
- Toolkit provides the option to store terraform state file(tfstate) into Object Storage bucket.
- This can be achieved by setting
use_remote_state=yesunder Advanced Parameters intenancyconfig.propertiesfile while executingcreateTenancyConfig.py. -
Upon setting above parameter the script will -
- create a versioning enabled bucket in OCI tenancy in the specified region(if you don't specify anything in
remote_state_bucket_nameparameter to use an existing bucket) - create a new customer secret key for the user, and configure it as S3 credentials to access the bucket. Before executing the createTenancyConfig.py script, ensure that the specified user in the DevOps User Details or identified by the user OCID does not already have the maximum limit of two customer secret keys assigned.
- create a versioning enabled bucket in OCI tenancy in the specified region(if you don't specify anything in
-
backend.tf file that gets generated -
terraform {
backend "s3" {
key = "<region_name>/<service_dir_name>/terraform.tfstate"
bucket = "<prefix>-automation-toolkit-bucket"
region = "<region>"
endpoint = "https://<namespace>.compat.objectstorage.<region>.oraclecloud.com"
shared_credentials_file = "/cd3user/tenancies/<prefix>/.config_files/<prefix>_s3_credentials"
skip_region_validation = true
skip_credentials_validation = true
skip_metadata_api_check = true
force_path_style = true
}
}
-
For single outdir, tfstate for all subscribed regions will be stored as
<region>/terraform.tfstateeglondon/terraform.tfstatefor londonphoenix/terraform.tfstatefor phoenix. See below screenshot showing objects in the bucket storing remote state:
-
For multi outdir, tfstate for all services in all subscribed regions will be stored as
<region>/<service_dir_name>/terraform.tfstateeglondon/tagging/terraform.tfstatefor tagging dir in london region. See below screenshot showing objects in the bucket storing remote state: