Devops terraform: backend configuration in .tf file versus in devops' terraform CD config

0
votes

Using the Microsoft "terraform" task as a CD task, you are required to set all the backend state data for storage account, container, blob, etc. Why is this, when we put everything in .tf? Does Azure Devops just as standard practice ignore the user-defined backend config in the TF file?

2
azure-devops
Any update for this issue? Have you resolved this issue? If not, would you please let me know the latest information about this issue?Leo Liu-MSFT
Leo - thanks for the detailed answer you previously gave. I have checked it as the accepted answerOptical Carrier

2 Answers

1
votes

Does Azure Devops just as standard practice ignore the user-defined backend config in the TF file?

AFAIK, Azure Devops would not ignore the user-defined backend config in the TF file.

The reason why Azure devops required to set all the backend state data is that Azure devops adopts a pre-compiled mode for tasks. Before running the tasks, the task will be briefly verified, such as azure subscription, resource group, etc. If those information is not verified correctly, Azure devops will not run the task. This will greatly increase productivity and avoid unnecessary startup and use of agents.

That the reason why Azure Devops also require all the backend state data in the task.

Hope this helps.

0
votes

Terraform keep state in tfstate file not in tf. Your code is not your state. Your code, your tf files have definition of infrastracture. It is information what have to be created. On the contrary tfstate file contains information about tour deplyed infrastracture. To sum up:

  • tf file tells what needs to be created
  • tfstate file tells what was created

Thus when you deploy once again Terraform knows what was done and what part needs to be upodated if any.

When you run terraform apply locally you also get your tfstate file and until you keep this file you can safely update your infrastracture. On CD your agent goes back to pool and your changed are utlized and this is why an external source is needed to keep this file.

From my perspective I recommend to keep it in separate resource group and storage than your running envrionment. I mean it would be better to keep this outside of resource group where you deploy your code.

Edit

Sorry, my bad. But I assime that it is a way to gorce to configure backend. This and only this. Otherwise you may not deckare it right. And you know until build run, so at configuring this step Azure DevOps doesn't know details about yor files, including your backend configuration.

There can be another explenation. It was easier to force user to provide backend configuration than checking it in file. Additionally, you can easily change it without changing code. (I know that it is possible to pass it a parameters but here you don't have actually a choice.)