How do I unlock GitLab managed Terraform State file?

Replace this template with your information

Using GitLab.com

Failed Terraform apply left remote state file at https://gitlab.com/api/v4/projects/20733912/terraform/state/primary_hub and am unable to lock.
Error message on subsequent terraform plan:

Error: Error locking state: Error acquiring the state lock: HTTP remote state already locked: ID=450e834d-dc84-2a87-9bbd-751c127b10aa
Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the “-lock=false”
flag, but this is not recommended.

Am able to retrieve contents of state file using following command:

curl --header “private-token: [redacted]” https://gitlab.com/api/v4/projects/20733912/terraform/state/primary_hub

But following command fails with 404 error:

curl --request UNLOCK --header “PRIVATE-TOKEN: [redacted]” https://gitlab.com/api/v4/projects/20733912/terraform/state/primary_hub

Have also tried running terraform force-unlock -force 53fddacc-f27c-d6eb-2d45-7fa9302bd154 and removing .terraform directory.

Code I’m using is based on https://gitlab.com/nicholasklick/terraform-example/-/tree/master and was all working OK until the file became locked.

As there is no GUI currently for viewing or unlocking the state file need assistance please.

I strongly suggest to not post your private token online, and to rotate it immediately. It gives access to all your groups and projects, and an actor in bad faith can impersonate you.

Thanks for flagging @rpadovani !

@martin.hacker I was worried you might not see the above message for a while, so I went ahead and redacted your private token from your original post. GitLab forum moderators will still be able to see that information in order to help troubleshoot, but the rest of the community will no longer be privy to it.

I agree with @rpadovani, since your private token was exposed for almost 12 hours, you might want to consider rotating in just in case. Thanks!

Many thanks to @rpadovani for noticing this and to @linds for redacting. Schoolboy error after spending hours trying to find a fix. Token has now been changed.

Regards,

1 Like

not sure if missing something but what’s the solution to resolve it, facing similar issue

Hi @hemantpro no not missing anything - no responses apart from above. However, I have an open ticket with GitLab support who are still trying to resolve. I suspect that the access token may have insufficient permissions to unlock the state file, although api permissions should in theory be sufficient.

I’ll provide an update here when I get a fix.

Regards,

2 Likes