search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.71k stars 9.55k forks source link

Terraform locks state on read operations #24804

Closed andrew-schlackman closed 2 years ago

andrew-schlackman commented 4 years ago

Terraform Version

Terraform v0.12.24

Terraform Configuration Files

terraform {
  backend "etcdv3" {
    endpoints = ["etcd-server"]
    lock      = true
    prefix    = "terraform-state/"
  }
}

Expected Behavior

State should not be locked on a read operation, such as terraform state list or terraform show.

Actual Behavior

State is locked on read operations, such as terraform state list or terraform show. If state is already locked, the following error occurs on terraform state list:

Error loading the state: Failed to lock state in etcd: context deadline exceeded

Steps to Reproduce

On one machine:

  1. terraform init
  2. terraform apply
  3. Wait at the confirmation prompt

On a second machine/another directory with the same backend configuration:

  1. terraform init
  2. terraform state list

Additional Context

This differs from other backends with state locking. Consul and Azure at least do allow read operations with a locked state. I have not tested others.

A workaround is to set Lock = false in the configuration when performing read-only operations, but this is cumbersome and again, differs from other backends and expected behavior.

References

https://www.terraform.io/docs/state/locking.html

Official documentation states that "Terraform will lock your state for all operations that could write state".

jeffvandyke commented 3 years ago

I can understand the desire for read locking, in case an apply starts executing changes in the middle of a long-running read from a separate client. Our issue is that we read information from terraform from a few different scripts, and conflicts have been seen multiple times, where theoretically, it should be safe to simultaneously read as long as no writes are going on.

I think a better solution than the simple mutex-style locking of (locked / unlocked) would be to have a multiple-read-single-write lock that would allow exclusively either an unlimited number of read locks, or only one write lock to exist at any given time. Disclaimer: I have not seen a single line of terraform's internal code :)

apparentlymart commented 2 years ago

Hello! Thanks for reporting this.

We removed the etcd backends in Terraform v1.3 because they hasn't had a dedicated maintainer for a few versions now and so they were becoming problematic to keep working in newer Terraform versions. Since these backends are no longer present in the Terraform codebase, I'm going to close this issue.

If you're currently using one of these backends with an older version of Terraform, see Removal of Deprecated State Storage Backends in the Terraform v1.3 upgrade guide for some information on the available options for migration.

Thanks again!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.