Azure Stack Hub & Backend Configuration

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Other

42.71k stars 9.55k forks source link

terraform { required_version = ">= 0.15" required_providers { azurestack = { source = "hashicorp/azurestack" version = "0.10.0" } } backend "azurerm" { environment = "stack" endpoint = "https://management.cbr1.devlab.local" resource_group_name = "rg-workload-terraformstate-prd-cbr1-t0-001" storage_account_name = "sgworkloadterraform" container_name = "terraformstate" key = "prd.terraform.tfstate" } } provider "azurestack" { arm_endpoint = "https://management.cbr1.devlab.local" }

PS C:\Users\xxx\GitRepo\xxx\DeployVDC\Terraform> terraform init -plugin-dir="C:\Program Files\Terraform\Plugins" [DEBUG] Adding temp file log sink: C:\Users\xxx\AppData\Local\Temp\2\terraform-log837915435 [INFO] Terraform version: 0.15.1 [INFO] Go runtime version: go1.16.2 PS C:\Users\xxx\Documents\GitRepo\xxx\DeployVDC\Terraform> terraform init -plugin-dir="C:\Program Files\Terraform\Plugins" [DEBUG] Adding temp file log sink: C:\Users\xxx\AppData\Local\Temp\2\terraform-log118368387 [INFO] Terraform version: 0.15.1 [INFO] Go runtime version: go1.16.2 [INFO] CLI args: []string{"C:\\Program Files\\Terraform\\terraform.exe", "init", "-plugin-dir=C:\\Program Files\\Terraform\\Plugins"} [TRACE] Stdout is a terminal of width 270 [TRACE] Stderr is a terminal of width 270 [TRACE] Stdin is a terminal [DEBUG] Attempting to open CLI config file: C:\Users\xxx\AppData\Roaming\terraform.rc [DEBUG] File doesn't exist, but doesn't need to. Ignoring. [DEBUG] ignoring non-existing provider search directory terraform.d/plugins [DEBUG] ignoring non-existing provider search directory C:\Users\xxx\AppData\Roaming\terraform.d\plugins [DEBUG] ignoring non-existing provider search directory C:\Usersxxx\AppData\Roaming\HashiCorp\Terraform\plugins [INFO] CLI command args: []string{"init", "-plugin-dir=C:\\Program Files\\Terraform\\Plugins"} Initializing the backend... [TRACE] Meta.Backend: built configuration for "azurerm" backend with hash value 1229452406 [TRACE] Meta.Backend: backend has not previously been initialized in this working directory [DEBUG] New state was assigned lineage "860ac322-25b1-04de-78b6-6104f230cc5e" [TRACE] Meta.Backend: moving from default local state only to "azurerm" backend │ │ Error: unable to locate metadata for environment "stack" from the built in 'public', 'usgoverment', 'china' and no custom metadata host has been specified │ │

Terraform Version
2021-05-03T11:37:49.555+1000 [INFO]  Terraform version: 0.15.1
2021-05-03T11:37:49.555+1000 [INFO]  Go runtime version: go1.16.2
Provider Version

azurestack 0.10.0

Terraform Configuration Files
terraform {
  required_version = ">= 0.15"
  required_providers {
    azurestack = {
      source = "hashicorp/azurestack"
      version = "0.10.0"
    }
  }
  backend "azurerm" {
    environment           = "stack"
    endpoint              = "https://management.cbr1.devlab.local"
    resource_group_name   = "rg-workload-terraformstate-prd-cbr1-t0-001"
    storage_account_name  = "sgworkloadterraform"
    container_name        = "terraformstate"
    key                   = "prd.terraform.tfstate"
  }
}

provider "azurestack" {
  arm_endpoint = "https://management.cbr1.devlab.local"
}
Debug Output

Its short so I have pasted here:
PS C:\Users\xxx\GitRepo\xxx\DeployVDC\Terraform> terraform init -plugin-dir="C:\Program Files\Terraform\Plugins"
[DEBUG] Adding temp file log sink: C:\Users\xxx\AppData\Local\Temp\2\terraform-log837915435
[INFO]  Terraform version: 0.15.1
[INFO]  Go runtime version: go1.16.2
PS C:\Users\xxx\Documents\GitRepo\xxx\DeployVDC\Terraform> terraform init -plugin-dir="C:\Program Files\Terraform\Plugins"
[DEBUG] Adding temp file log sink: C:\Users\xxx\AppData\Local\Temp\2\terraform-log118368387
[INFO]  Terraform version: 0.15.1
[INFO]  Go runtime version: go1.16.2
[INFO]  CLI args: []string{"C:\\Program Files\\Terraform\\terraform.exe", "init", "-plugin-dir=C:\\Program Files\\Terraform\\Plugins"}
[TRACE] Stdout is a terminal of width 270
[TRACE] Stderr is a terminal of width 270
[TRACE] Stdin is a terminal
[DEBUG] Attempting to open CLI config file: C:\Users\xxx\AppData\Roaming\terraform.rc
[DEBUG] File doesn't exist, but doesn't need to. Ignoring.
[DEBUG] ignoring non-existing provider search directory terraform.d/plugins
[DEBUG] ignoring non-existing provider search directory C:\Users\xxx\AppData\Roaming\terraform.d\plugins
[DEBUG] ignoring non-existing provider search directory C:\Usersxxx\AppData\Roaming\HashiCorp\Terraform\plugins
[INFO]  CLI command args: []string{"init", "-plugin-dir=C:\\Program Files\\Terraform\\Plugins"}

Initializing the backend...
[TRACE] Meta.Backend: built configuration for "azurerm" backend with hash value 1229452406
[TRACE] Meta.Backend: backend has not previously been initialized in this working directory
[DEBUG] New state was assigned lineage "860ac322-25b1-04de-78b6-6104f230cc5e"
[TRACE] Meta.Backend: moving from default local state only to "azurerm" backend

│
│ Error: unable to locate metadata for environment "stack" from the built in 'public', 'usgoverment', 'china' and no custom metadata host has been specified
│
│
Expected Behavior

Reference: https://www.terraform.io/docs/language/settings/backends/azurerm.html

Expected Terrafrom to access and use the storage account on Azure Stack Hub as a shared state file location.

The documentation calls our the "stack" option for Azure Stack

Actual Behavior

Terrafrom fails with the error
Error: unable to locate metadata for environment "stack" from the built in `public`, `usgoverment`, `china` and no custom metadata host has been specified
Steps to Reproduce

Use the code snippet above.

To created the error you do not actually need an Azure Stack Hub, though I'm working against a real Azure Stack Hub when I get the error.

Additional Context

I'm working in an offline (no Internet) environment. However, I can reproduce the error on an Internet connected machine.

Azure Stack is configured to use ADFS and not Azure AD in this situation. https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-identity?view=azs-2008

I have tried putting the value 'stack' into the variable ARM_ENDPOINT as per the linked documentation. The endpoint setting is normally in a variable file or environment variable, I've included it in the code above for ease of reading.

I think when using an older version of Terraform (0.12.0 perhaps) that the error messaged included 'stack' in the list of built in options, but still failed ... but I'm not 100% on that. I upgraded to 0.15.0 while trying to get this working.

I am working at the command prompt not in a pipeline (yet) using a service principle. The service principle details are set as environment variables, and I can configure resources if if I leave out the backend code and allow a state file to be built locally on my developer laptop. Setting this up to move the code into an Azure DevOps Pipeline once I can prove it is working.

If I remove environment completely, though the endpoint is set to the local Azure Stack, I can see in the trace logs that Terrafrom attempts to authenticate against public Azure.

References

The following issue that has been closed seems to be the same or related to what I'm seeing:

27156

This open issue is also related but references 0.9.0

24873

Same issue here, only 0.13.3 version of terraform is currently working for me with Azure stack

hashicorp / terraform

Azure Stack Hub & Backend Configuration #28581

Terraform Version

Provider Version

Terraform Configuration Files

Debug Output

Expected Behavior

Actual Behavior

Steps to Reproduce

Additional Context

References

27156

24873