We use Terraform a lot either to test our own infrastructure or deploy projects within DownToZero.
Since DTZ is supported as provider we started implementing projects on top of it. One thing that regualarly was coming up is the location of the state file. Checking the state in the git repo is usually not a good idea (although it still better than keeping it local), but having some for of remote state helps a lot with running TF in pipelines and making the state independent of the project.
Looking at our options for remote state, there is quite a list behind this. Sadly most of them are bound to cloud providers which is not really helpful to us at the moment. There is however the generic http backend provider.
Looking at this provider we found that we can use this provider to connect to our objectstore and use our own system for persisting the state file.
And this is what it would look like.
terraform {
required_providers {
dtz = {
source = "DownToZero-Cloud/dtz"
version = ">= 0.1.24"
}
}
backend "http" {
address = "http://objectstore.dtz.rocks/api/2022-11-28/obj/tf-test/state.tfstate"
update_method = "PUT"
username = "apikey"
password = var.apikey
}
}
Sadly the locking does not work, since it has some implementation details that are not compatible with our objectstore.
The objectstore does not support the LOCK, UNLOCK-http methods (although this is adjustable in the provider).
The other limitation is the return code, the object store always returns a HTTP-201 (CREATED) status if the object was persisted. The terraform provider however only looks for an HTTP-200 (OK). There already is an open issue and pull-request about this, but both are open for years now. So I wouldn’t expect a fix for this anytime soon.