Hello everyone!
I have a problem with the lock.
My terraform plan activates the lock. My work VPN works really bad, and the plan get stuck a lot of times with my lock.
There is a way to validate if I have a lock without running a plan or apply?
Since now, I’m running the plan again to validate if I have a lock, and to get the lock-id. Then I use “force-unlock”.
But with running the plan again, I fall again in the same problem of getting stuck by internet connection…
What do you mean by “validate if I have a lock”? The lock should only exist during the time a plan or apply is running, to prevent others from running commands until you are finished. If you get a lock and then have network issues so that the state isn’t updated or the lock released you’d need to run force-unlock as well as probably running apply again (as you might not have updated the state or finished updating things).
Hi @gaberrini
Don’t know about the lock as there are many ways to lock depending on the selected Backend.
For unreliable Internet connections I recommend using a bastion host (ssh/vnc/remote desktop) or Terraform Cloud Agents (Enterprise) or Env0 or a similar non-local solution.
What I mean is if I would be able to see the lock message without running terraform plan or apply
This is the lock message I would get with terraform plan or apply…
Error: Error locking state: Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed
Lock Info:
ID: <Lock-ID>
Path: <env.tfstate>
Operation: OperationTypePlan
Who: <User>
Version: 0.14.xx
Created: <Date>
Info:
So, the question was If I can know if I have a stuck lock without running terraform plan or apply
Hi @javierruizjimenez ,
Great thanks, I have this in mind.
The post is to confirm If I could check the lock of my local env without running plan or apply.
I would like to confirm that this functionality would be ideal for non-Terraform Cloud operators.
We have pipelines that execute in kubernetes, and sometimes the nodes will scale down and the plan or apply pods will die off, leaving the state locked. Having a terraform get-lock-id command or something similar to be able to run a terraform force-unlock -force $(terraform get-lock-id) within the pipeline would be nice.
Same issue here, I have a error message telling me the state is locked and no ID is provided. I am also unware as to why the state is locked as UI terraform cloud tells me there is no lock.
Having some CMDs in regards to locking details would be great!
Bump; looking for this functionality too.
Bump; I also would like to see this unctionality too.
Meanwhile, using S3 and terragrunt
❯ terragrunt force-unlock --force $(terragrunt plan -json 2>&1 | jq -r '.diagnostic.detail' 2>/dev/null | awk '/ ID:/ { print $2 }')
Terraform state has been successfully unlocked!
The state has been unlocked, and Terraform commands should now be able to
obtain a new lock on the remote state.
It’s a bit slow but it works, got that as an alias now. And terragrunt cmd can be replaced by terraform.
You could potentially look for the lockfile at the backend level - if it’s local, it’ll just be a file, and if not, look in the object storage bucket / prefix for the given state
It’ll just be default.tflock in the same place where default.tfstate is the state file.