Unable to set backend

marinalf · November 24, 2023, 10:02pm

hello there,

I am running into an issue where I can not save my state on gitlab when doing local development. No issues when running the same config from CI. There seems to be something with my backend config.

  backend "http" {
    address = "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/terraform/state/$TF_STATE_NAME"
  }

I follow the “Copy the Terraform init command” snippet and got this when doing init

terraform init -reconfigure \
    -backend-config="address=https://gitlab.com/api/v4/projects/xxxxxxx/terraform/state/$TF_STATE_NAME" \
    -backend-config="lock_address=https://gitlab.com/api/v4/projects/xxxxxxxx/terraform/state/$TF_STATE_NAME/lock" \
    -backend-config="unlock_address=https://gitlab.com/api/v4/projects/xxxxxxx/terraform/state/$TF_STATE_NAME/lock" \
    -backend-config="username=xxxx" \
    -backend-config="password=$GITLAB_ACCESS_TOKEN" \
    -backend-config="lock_method=POST" \
    -backend-config="unlock_method=DELETE" \
    -backend-config="retry_wait_min=5"


Initializing the backend...

Successfully configured the backend "http"! Terraform will automatically
use this backend unless the backend configuration changes.
**Error refreshing state: HTTP remote state endpoint invalid auth**

This is the trace results:

2023-11-24T16:49:23.751-0500 [DEBUG] checking for provisioner in "."
2023-11-24T16:49:23.755-0500 [DEBUG] checking for provisioner in "/usr/local/bin"
2023-11-24T16:49:23.755-0500 [TRACE] backend/local: state manager for workspace "default" will:
 - read initial snapshot from terraform.tfstate
 - write new snapshots to terraform.tfstate
 - create any backup at terraform.tfstate.backup
2023-11-24T16:49:23.755-0500 [TRACE] statemgr.Filesystem: reading initial snapshot from terraform.tfstate
2023-11-24T16:49:23.755-0500 [TRACE] statemgr.Filesystem: snapshot file has nil snapshot, but that's okay
2023-11-24T16:49:23.756-0500 [TRACE] statemgr.Filesystem: read nil snapshot
2023-11-24T16:49:23.756-0500 [TRACE] Meta.Backend: ignoring local "default" workspace because its state is empty
2023-11-24T16:49:23.764-0500 [TRACE] Preserving existing state lineage "4da075fd-c0f0-3d42-4125-460cd1bcafb7"
2023-11-24T16:49:23.764-0500 [TRACE] Preserving existing state lineage "4da075fd-c0f0-3d42-4125-460cd1bcafb7"
2023-11-24T16:49:23.764-0500 [TRACE] Preserving existing state lineage "4da075fd-c0f0-3d42-4125-460cd1bcafb7"
2023-11-24T16:49:23.787-0500 [TRACE] Meta.Backend: instantiated backend of type *http.Backend
2023-11-24T16:49:23.788-0500 [TRACE] providercache.fillMetaCache: scanning directory .terraform/providers
2023-11-24T16:49:23.788-0500 [WARN]  local provider path ".terraform/providers/registry.terraform.io/ciscodevnet/.DS_Store" contains invalid type ".DS_Store"; ignoring
2023-11-24T16:49:23.788-0500 [WARN]  ignoring file "registry.terraform.io/ciscodevnet/mso/.DS_Store" as possible package for registry.terraform.io/ciscodevnet/mso: filename lacks expected prefix "terraform-provider-mso_"
2023-11-24T16:49:23.789-0500 [TRACE] getproviders.SearchLocalDirectory: found registry.terraform.io/ciscodevnet/mso v0.11.1 for darwin_amd64 at .terraform/providers/registry.terraform.io/ciscodevnet/mso/0.11.1/darwin_amd64
2023-11-24T16:49:23.789-0500 [TRACE] providercache.fillMetaCache: including .terraform/providers/registry.terraform.io/ciscodevnet/mso/0.11.1/darwin_amd64 as a candidate package for registry.terraform.io/ciscodevnet/mso 0.11.1
2023-11-24T16:49:23.932-0500 [DEBUG] checking for provisioner in "."
2023-11-24T16:49:23.936-0500 [DEBUG] checking for provisioner in "/usr/local/bin"
2023-11-24T16:49:23.936-0500 [TRACE] Meta.Backend: backend *http.Backend does not support operations, so wrapping it in a local backend
2023-11-24T16:49:23.937-0500 [DEBUG] GET https://gitlab.com/api/v4/projects/xxxxx/terraform/state/default

If I reconfigure init without the address definitions, it initializes ok. However, during apply, it gives HTTP error 404 and failed to persist state to backend.

Any ideas of where I am be missing something? Thank you!

joel.gerber · November 25, 2023, 1:46pm

I’m in the exact same boat. I have tried user access tokens and project access tokens with all of the permissions in the world at maintainer level and even owner to no avail. I’ve combed through my GitLab logs, but all I can find is an API log and a workhorse log, both simply reporting a 403 error with no real reason.

joel.gerber · November 25, 2023, 2:21pm

I figured this out. In my case it was because Terraform state was not enabled on my instance! See this doc for the deets: Terraform state administration | GitLab

marinalf · November 25, 2023, 7:22pm

Glad to know you figured it out yours. In my case, I am using gitlab.com, and state is enabled and being updated when I run the pipeline from there. The challenge is initializing my local environment with remote backend.

don_dataarmy · January 23, 2024, 10:52pm

Hi,

Did you find a resolution? I have the same message “[TRACE] Meta.Backend: backend *http.Backend does not support operations, so wrapping it in a local backend”.

The difference is I can save the tfstate from my workstation but not from inside the pipeline. I’m wondering if it’s a setting in the image hashicorp/terraform:latest that is causing it.

don_dataarmy · January 23, 2024, 11:51pm

And just after sending this, I removed the quotes from around the -backend-config and it worked.

So :

-backend-config=“lock_method=POST” -backend-config=“unlock_method=DELETE”

was fine on my workstation but failed on gitlab pipeline.

Whereas:

-backend-config=lock_method=POST -backend-config=unlock_method=DELETE

worked on both.

kichitan · February 22, 2024, 5:51pm

I was getting the same error, but my mistake was on the URL I was using the gitlab.com instead of my own instance URL