terragrunt icon indicating copy to clipboard operation
terragrunt copied to clipboard

Published 20 hours ago verified publisher icon gruntwork-io

Race condition on http backends, when module is nested

Open ch9hn opened this issue 1 year ago • 2 comments

Hello,

we are using Terragrunt with a Gitlab HTTP Terraform backend. Here we have the problem, that when a module is nested under another module, the CI/CD fails due a state lock race condition.

Structure is as follows:

terraform/ ├─ terragrunt.hcl ├─ k8s/ │ ├─ argocd/ │ │ ├─ terragrunt.hcl │ ├─ terragrunt.hcl

Content argocd.hcl

terraform {
  source = "${include.root.locals.source_url}//modules/k8s-cluster/argocd?ref=${include.root.locals.source_version}"
}

include "root" {
  path   = find_in_parent_folders("${get_terragrunt_dir()}/../terragrunt.hcl")
  expose = true
}

dependency "k8s-cluster" {
  config_path                             = "../k8s-cluster/"
  mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "providers", "terragrunt-info", "show"]
  mock_outputs = {
    cluster_endpoint = "mock-cluster-endpoint"
    cluster_ca_cert  = "bW9ja21vY2ttb2NrbW9ja21vY2ttb2Nr"
    cluster_token    = "bW9ja21vY2ttb2NrbW9ja21vY2ttb2Nr"
  }
  mock_outputs_merge_strategy_with_state = "shallow"
}

inputs = {
  argocd_namespace = "argocd"
  argocd_helm_chart_version = "5.27.3"
  argocd_values_file = "values-repo.yaml"
  cluster_endpoint = dependency.k8s-cluster.outputs.cluster_endpoint
  cluster_ca_cert  = dependency.k8s-cluster.outputs.cluster_ca_cert
  cluster_token    = dependency.k8s-cluster.outputs.cluster_token

}

Error:

╷
│ Error: Error acquiring the state lock
│ 
│ Error message: Unexpected HTTP response code 404
│ 
│ Terraform acquires a state lock to protect the state from being written
│ by multiple users at the same time. Please resolve the issue above and try
│ again. For most commands, you can disable locking with the "-lock=false"
│ flag, but this is not recommended.

Did someone have similar issues ?

ch9hn avatar Apr 14 '23 21:04 ch9hn

Hi, looks based on the error message, looks like it is "Not found" 404 error Maybe will show more details running with --terragrunt-log-level debug

denis256 avatar Apr 17 '23 07:04 denis256

You can't use "/" in names of gitlab http tf states. For example, u can replace it with "_" like this

terraform {
  backend "http" {
    address        = "${get_env("TF_STATE_BASE_ADDRESS")}/${replace(path_relative_to_include(), "/", "_")}"
    lock_address   = "${get_env("TF_STATE_BASE_ADDRESS")}/${replace(path_relative_to_include(), "/", "_")}/lock"
    unlock_address = "${get_env("TF_STATE_BASE_ADDRESS")}/${replace(path_relative_to_include(), "/", "_")}/lock"
  }
}

xeonkeeper avatar Feb 14 '24 12:02 xeonkeeper