Terraform tfstate file getting repeated locked even after Break Lease. Tfstate file stored in Azure Storage Account Container

Question

Terraform tfstate file getting repeated locked even after Break Lease. Tfstate file stored in Azure Storage Account Container.

How do I resolve the repeated tfstate file lock issue, The tfstate file is stored in Azure SA container.

Message in Terraform Init - "Terraform has created a lock file terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future."

terraform.lock.hcl is added in gitignore.

Answer 1

Terraform tfstate file getting repeated locked even after Break Lease is due to multiple entities.

If your Terraform tfstate file consistently gets locked, even after attempts to break the lease within an Azure Storage Account Container, it may indicate a more complex underlying problem. Here are some steps to consider.

• Make sure that no concurrent Terraform operations are being executed on the same state file. This encompasses operations from your local machine, CI/CD pipelines, or those initiated by team members. The purpose of Terraform state locking is to avoid simultaneous operations that may lead to conflicting changes.

My Terraform for backend configuration

terraform {
  required_providers {
    azurerm = {      
      source  = "hashicorp/azurerm"
    }
  }
}

terraform {
  backend "azurerm" {
    resource_group_name = "vk-app-res"  # Name of the resource group for state storage
    storage_account_name = "tfstateunique13vk"  # Name of the storage account
    container_name = "terraformstate"    # Name of the container for state file
    key = "terraform.tfstate"             # Key for the state file within the container
  }
}
   
resource "azurerm_resource_group" "rg" {
  name     = "testvk-sb"
  location = "East US2"
}

• Use the Azure CLI to inspect the lease status of the tfstate file directly in the Azure Blob Storage to confirm if it is indeed locked or if the lock has been properly released. You can use the following command to check the blob's lease status:

Follow confirm with the command below.

az storage blob show --container-name terraformstate --name terraform.tfstate --account-name tfstateunique13vk --query properties.lease.status

az storage blob lease release --blob-name terraform.tfstate --container-name terraformstate --account-name tfstateunique13vk --lease-id <LeaseID>

Ensure with Proper Terraform Workflow

• Using Terraform workspaces for managing different environments.
• Implementing a pull request (PR) based workflow where changes to infrastructure are reviewed and applied systematically.
• Utilizing remote state with locking to ensure that only one operation can proceed at a time.

Reference:

• https://www.terraform.io/docs/language/settings/backends/azurerm.html
• https://www.terraform.io/docs/language/state/locking.html
• https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
• https://docs.microsoft.com/en-us/cli/azure/storage/blob?view=azure-cli-latest