How to Store Terraform Status in Consul KV Store

Terraform stores its configuration and information about the infrastructure it manages in a file called Status file. This state is used to track metadata and map actual resources to the configuration. By default, you will find this state file locally in your project folder, named terraform.tfstate.

Security recommends keeping Terraform state in a highly available remote data storage location. Remote status enables sharing among team members. Terraform supports storing state in:

  • Terrain cloud
  • Consul HashiCorp
  • Amazon S3
  • Google Cloud Storage (GCS)
  • Alibaba Cloud OSS
  • rapid
  • Wait
  • http
  • Among others

In this guide we will explore how to store infrastructure state in the HashiCorp Consul KV data store. The backend supports state locking and facilitates state sharing among team members.

Step 1: Set up the consul cluster

You need to have a Consul cluster available before you can proceed with the setup. We only provide complete articles on installation:

Set up Consul HA cluster on CentOS 8 / CentOS 7

Install Consul cluster on Ubuntu / Debian

Step 2: Configure Terraform to use Consul

Edit the Terraform main.tf file and configure the Consul backend storage.

# Backend
#terraform {
#  backend "local" {
#    path = "terraform.tfstate"
#  }
#}

terraform {
  backend "consul" {
    address  = "consul.example.com:8500"
    scheme   = "http"
    path     = "tf/terraform.tfstate"
    lock     = true
    gzip     = false
  }
}

where:

  • http://consul.example.com:8500 Is the URL of your Consul cluster
  • tf / terraform.tfstate Is the path in the consul KV store.
  • Lock – Lock the state of all possible write state operations
  • gzip – For compressing state data with gzip

If you have ACL authentication, you need to set:

  • access_token / CONSUL_HTTP_TOKEN- (required) access token

Initialize a new or existing Terraform working directory:

$ terraform init -upgrade=true
Upgrading modules...
....
Initializing the backend...

Successfully configured the backend "consul"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

$ terraform apply

If you navigate to core value In the Consul user interface, you will see the path written.

You can read the contents of the status file:

How to Store Terraform Status in Consul KV Store

Reference: Consul Backend Configuration for Terraform

More information about Terraform:

How to configure a VM on oVirt / RHEV using Terraform

How to configure a VM on KVM using Terraform

Sidebar