Skip to content

Fix GitLab Project Terraform State errors after project creation with settings enabled per product documentation

Problem

When using Terraform state with the feature enabled on a GitLab instance, the Terraform state returns a 404 error. This has been seen informally during other troubleshooting of GitLab Demo Systems infrastructure, so this issue is being created to track progress on mitigating this problem for GitLab Projects that are created from the project template and ideally should work out of the box with no additional configuration by the user.

Screen_Shot_2021-12-06_at_8.23.33_AM

Workaround

The suggested workaround is to manually create a GCP Google Cloud Storage (GCS) bucket (using the GCP web console) in your GCP project (Cloud Account). See Terraform documentation for details.

Create the Environment and Obtain ID

  1. Navigate to the HackyStack UI (ex. https://gitlabsandbox.cloud).
  2. Create a new Environment or navigate to an existing Environment in your Cloud Account. Take note of the ID of the environment (8 alphanumeric characters) and replace this where you see {env_id} below.

Create GCS Bucket for Terraform State

  1. Click the icon link to navigate to the GCP console.
  2. In the left sidebar, navigate to Storage > Cloud Storage > Browser.
  3. Click the Create Bucket button at the top of the page. Use the values below to create your bucket.
    • Name: workaround-{env_id}-terraform-state
    • Location type: Region - us-east1
    • Storage Class: Standard
    • Access Control - Prevent public access: (check) Enforce public access prevention on this bucket
    • Access Control: Uniform
    • Protection tools: Object versioning

Update Terraform Backend Configuration

  1. Click the icon link to navigate to the repository.

  2. Create an Issue/MR named Updated Backend State configuration.

  3. In terraform/providers.tf, replace backend "http" { ... } configuration with backend "gcs" { ... }.

    # terraform/providers.tf

terraform {
  backend "http" {
    # See .gitlab-ci.yml jobs that use terraform-init -backend-config variables.
    lock_method    = "POST"
    unlock_method  = "DELETE"
    retry_wait_min = 5
  }
  # Truncated ...
}
    # terraform/providers.tf

terraform {
  backend "gcs" {
    bucket  = "workaround-{env_id}-terraform-state"
    prefix  = "terraform/state"
  }
  # Truncated ...
}

  4. Commit your changes.

  5. Navigate to CI/CD > Pipelines. Open the console logs for the Validate stage job and validate that the error now longer appears.

    Remember that you will need to ensure that the GOOGLE_APPLICATION_CREDENTIALS CI variable (file) has been added to the GitLab project to be able to authenticate with the GCS bucket.

Edited by Jeff Martin