Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://developer.hashicorp.com/terraform/enterprise/deploy/reference/configuration below:

Terraform Enterprise configuration reference | Terraform

This topic contains reference information about the configurations you can specify for Terraform Enterprise.

Specify environment variables to configure the operational mode, connections to external systems, and other settings. Specify the variables in a configuration file for your runtime environment, such as a Docker Compose file, Kubernetes Helm chart, or in the env block of your Nomad job. Refer to Create deployment configuration overview for additional information.

Maximum number of Terraform runs that can execute concurrently on each Terraform Enterprise node. Defaults to 10.

Maximum number of CPU cores a Terraform run is allowed to use. Set to 0 for no limit. Defaults to 0. Ignored if TFE_RUN_PIPELINE_DRIVER is set to nomad.

Maximum amount of memory (MiB) a Terraform run is allowed to use. Defaults to 2048. Ignored if TFE_RUN_PIPELINE_DRIVER is set to nomad.

Encryption password used to encrypt and decrypt the internal Vault root token and unseal key.

Required when TFE_VAULT_USE_EXTERNAL is false.

Hostname where Terraform Enterprise is accessed (e.g., terraform.example.com).

Required always.

Specifies a secondary hostname for Terraform Enterprise. You can use this setting for external-facing endpoints, such as OIDC workload identity federation. This hostname must be externally resolvable and configured with appropriate DNS and TLS settings, for example tfe-external.example.com.

Refer to Configure network access for additional information.

The raw HashiCorp license (e.g., 02MV4UU4...MSEKE6T2). Defaults to "".

Required when TFE_LICENSE_PATH is unset.

Path to a file containing the raw HashiCorp license. Must be mounted inside the container (e.g., /opt/terraform-enterprise-license). Defaults to "".

Required when TFE_LICENSE is unset.

Whether to opt out of reporting licensing information to HashiCorp. Defaults to false.

Whether to opt out of reporting usage information to HashiCorp. Defaults to false.

Driver for Terraform runs. Must be one of nomad, docker or kubernetes. Defaults to docker. If set to nomad, the TFE_CAPACITY_CPU and TFE_CAPACITY_MEMORY settings are ignored.

Required for all deployment options.

Determines how Terraform Enterprise stores and retrieves data. This variable is required for all runtimes except Kubernetes.

You can set one of the following values:

• disk: Runs Terraform Enterprise, PostgreSQL database, optional Redis data store, and S3-compatible storage in the same container. In this mode, Terraform Enterprise manages the storage objects. By default, this mode limits the number of Terraform Enterprise instances to one.
• external: Runs Terraform and optional Redis store in the same container. In this mode, Terraform Enterprise can manage the Redis store, but you are responsible for managing the PostgreSQL database and S3-compatible storage as external services. By default, this mode limits the number of Terraform Enterprise instances to one.
• active-active: Runs Terraform Enterprise in its own container. In this mode, you are responsible for managing the PostgreSQL, optional Redis data store, and S3-compatible storage as external services. As a result, you can deploy more than one instance of Terraform Enterprise. Terraform Enterprise operates in active-active mode when it is deployed to Kubernetes.

Refer to Configure the operational mode for additional information.

Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to "".

Path where Terraform Enterprise stores application data. Must be backed by persistent and performant storage such as a container volume or block storage. Defaults to /var/lib/terraform-enterprise.

Required when TFE_OPERATIONAL_MODE is disk on Docker runtime.

The authentication token for the backup/restore API. Leave blank to have it be automatically generated. Defaults to "".

Port application listens on for HTTP. Default 80.

Port application listens to HTTPS on. Default 443.

The PostgreSQL server to connect to in the format HOST[:PORT] (e.g., db.example.com or db.example.com:5432). If only HOST is provided then the :PORT defaults to :5432. Multi host connection strings are not supported.

Required when connecting to an external PostgreSQL server.

Name of the PostgreSQL database to store application data in.

Required when connecting to an external PostgreSQL server.

PostgreSQL server parameters for the connection URI. Used to configure the PostgreSQL connection (e.g., sslmode=require).

PostgreSQL password.

The password is not needed if you are using mTLS or Azure MSI authentication.

PostgreSQL user.

Required when connecting to an external PostgreSQL server.

Whether to use mTLS while authenticating with the PostgreSQL server. When mTLS is enabled, Terraform Enterprise uses client certificates to authenticate with the PostgreSQL server. Terraform Enterprise requires PostgreSQL server certificate to use Subject Alternative Names (SANs) rather than relying solely on the legacy Common Name field.

Defaults to false.

Specifies the path to a file containing the root certificate for validating PostgreSQL server certificates. Defaults to "".

Required when TFE_DATABASE_USE_MTLS is true.

Specifies the path to a file containing the client certificate that Terraform Enterprise uses for authenticating with the PostgreSQL server. Defaults to "".

Required when TFE_DATABASE_USE_MTLS is true.

Specifies the path to a file containing the client private key corresponding to the PostgreSQL client certificate provided in TFE_DATABASE_CLIENT_CERT_FILE. Defaults to "".

Required when TFE_DATABASE_USE_MTLS is true.

Whether to use Managed Service Identity (MSI) for database authentication. Defaults to false.

Client ID of a user-assigned Managed Service Identity. Leave blank to use the system-assigned Managed Service Identity. Defaults to "".

Enables Terraform Enterprise to reconnect to the database when the database connection is interrupted.

This setting is not applicable for Replicated.

Default is false.

Enables Terraform Enterprise to reconnect to the database when the database connection is interrupted. We recommend setting to true when connecting to an external PostgreSQL cluster. Refer to Connect to a PostgreSQL cluster for additional information.

This setting is not applicable for Replicated.

Default is false.

When TFE_DATABASE_MONITOR_ENABLED is set to true, this option specifies the database connection health check interval. Set it to any positive Go duration string.

This setting is not applicable for Replicated.

Default is 1s.

The Redis server to connect to in the format HOST[:PORT] (e.g., redis.example.com or redis.example.com:). If only HOST is provided then the :PORT defaults to :6379.

Required when Redis server is externalized.

Must be true or false. true indicates Redis server is configured to use TFE_REDIS_PASSWORD and TFE_REDIS_USER (optional) for authentication. Defaults to false.

Must be true or false. true indicates to use TLS to access Redis. Defaults to false.

Must be true or false. true indicates to use mutual TLS (mTLS) authentication for clients to access Redis with Redis standalone or Sentinel. Defaults to false.

If using mTLS with Redis standalone, path to the client certificate file to be used for mTLS authentication with Redis server. Required when TFE_REDIS_USE_MTLS is true.

If using mTLS with Redis standalone, path to the certificate authority file to validate the certificate. Required when TFE_REDIS_USE_MTLS is true.

If using mTLS with Redis standalone, path to the private key file corresponding to the client certificate. Required when TFE_REDIS_USE_MTLS is true.

Redis server user. This value is required when TFE_REDIS_USE_AUTH is set to true, and Redis server is configured to use username for authentication. There is no need to set this config when running Redis server internally as credential is not required.

Redis server password. This value is required when TFE_REDIS_USE_AUTH is set to true. There is no need to set this config when running Redis server internally as credential is not required.

The Redis server to connect to in the format HOST[:PORT] (e.g., redis.example.com or redis.example.com:). If only HOST is provided then the :PORT defaults to :6379.

Required when Redis server is externalized and Redis Enterprise is the external service target.

Must be true or false. true indicates Redis server is configured to use TFE_REDIS_SIDEKIQ_PASSWORD and TFE_REDIS_SIDEKIQ_USER (optional) for authentication. Defaults to false.

Must be true or false. true indicates to use TLS to access Redis. Defaults to false.

Redis server user. This value is required when TFE_REDIS_SIDEKIQ_USE_AUTH is set to true, and Redis server is configured to use username for authentication. There is no need to set this config when running Redis server internally as credential is not required.

Redis server password. This value is required when TFE_REDIS_SIDEKIQ_USE_AUTH is set to true. There is no need to set this config when running Redis server internally as credential is not required.

Must be true or false. true indicates to use mutual TLS (mTLS) authentication for clients to access Redis with Redis Enterprise. Defaults to false.

If using mTLS with Redis Enterprise, path to the client certificate file to be used for mTLS authentication with Redis server.

If using mTLS with Redis Enterprise, path to the certificate authority file to validate the certificate.

If using mTLS with Redis Enterprise, path to the private key file corresponding to the client certificate.

Must be true or false. true indicates Redis Sentinel is configured. Defaults to false.

Specifies one or more Redis Sentinel server addresses to connect to using the HOST:PORT format. The port number is optional and defaults to :26379 when only the host address is provided.

The following example specifies two servers. The first server uses the default port number. The second server is configured to explicitly listen on port 26379:

TFE_REDIS_SENTINEL_HOSTS: redis-sentinel-1.example.com,redis-sentinel-2.example.com:26379

Required when TFE_REDIS_SENTINEL_ENABLED is set to true.

The name of a Redis Sentinel master such as main. This name should return a valid Redis service location when issuing a SENTINEL GET-MASTER-ADDR-BY-NAME <TFE_REDIS_SENTINEL_LEADER_NAME> command to Redis Sentinel.

Required when TFE_REDIS_SENTINEL_ENABLED is set to true.

Redis Sentinel server user.

Redis Sentinel server password.

Whether to use Managed Service Identity (MSI) for Redis authentication. Defaults to false.

Whether to use Managed Service Identity (MSI) for Redis authentication used by Sidekiq. Defaults to false.

Client ID of a user-assigned Managed Service Identity. Leave blank to use the system-assigned Managed Service Identity. Defaults to "".

Client ID of a user-assigned Managed Service Identity. Leave blank to use the system-assigned Managed Service Identity. Defaults to "".

A pre-populated initial admin creation token. If you do not set this value, a random one will be generated for you.

Comma-separated list of subnets in CIDR notation that are allowed to retrieve the initial admin creation token via the API (e.g., 10.0.0.0/8,192.168.0.0/24). Leave blank to disable retrieving the initial admin creation token via the API from outside the host. Defaults to "".

If you do not set this value, you must gain access to the container or pod command line and run curl http://localhost:80/admin/retrieve-iact to retrieve the initial admin token.

Number of minutes that the initial admin creation token can be retrieved via the API after the application starts. Defaults to 60.

Comma-separated list of proxy IP addresses that are allowed to retrieve the initial admin creation token via the API. Leave blank to disable retrieving the initial admin creation token through a proxy. Defaults to "".

Configures the proxy address to use for HTTP requests, for example http://proxy.example.com:8080. For proxy servers that require a username and password, use HTML character encoding to specify special characters. Leave empty to disable using a proxy server. Defaults to "".

Configures the proxy address to use for HTTPS requests, for example http://proxy.example.com:8080. For proxy servers that require a username and password, use HTML character encoding to specify special characters. Leave empty to disable using a proxy server. Defaults to "".

Specifies a list of domains that instances, such as S3, are allowed to connect directly to without going through the proxy, for example localhost,127.0.0.1. Defaults to "". When defining a proxy, this should include following addresses 127.0.0.1,localhost,<IP ADDRESS OF TFE INSTANCE>,<HOSTNAME OF TFE INSTANCE> but is not limited to.

Enables Terraform Enterprise to listen on IPv6 and IPv4 addresses. When set to false, Terraform listens on IPv4 addresses only.

Default is false.

Specifies which hostname Terraform Enterprise should use to federate OIDC workloads for OIDC-related integrations. You can specify one of the following values:

• primary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME setting.
• secondary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME setting.

Default is primary.

Specifies which hostname Terraform Enterprise should use to federate version control system (VCS) workloads for VCS-related integrations. You can specify one of the following values:

• primary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME setting.
• secondary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME_SECONDARY setting.

You must set up new VCS connections if you update the TFE_VCS_HOSTNAME_CHOICE configuration. When TFE_VCS_HOSTNAME_CHOICE is set to secondary, you should continue using the secondary hostname while setting up the new VCS connection. When setup is complete, you can use the primary hostname for all other activities.

Refer to Configure a VCS host for Terraform Enterprise for additional information.

Default is primary.

Specifies which hostname Terraform Enterprise should use to federate run task workloads for custom integrations. You can specify one of the following values:

• primary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME setting.
• secondary: Terraform Enterprise uses the hostname specified in the TFE_HOSTNAME_SECONDARY setting.

Default is primary.

Specifies the port that the system API endpoints listen on for HTTPS requests. Defaults to 8443.

The path to a file containing valid Fluent Bit [OUTPUT] configuration. The contents of the file you specify are appended to your existing Fluent Bit configuration if you set TFE_LOG_FORWARDING_ENABLED to true. Refer to Enable log forwarding for more information.

This setting is not applicable for Kubernetes.

Whether to enable log forwarding. Defaults to false.

This setting is not applicable for Kubernetes.

Whether to enable metrics collection. Defaults to false.

The HTTP port that metrics will be exposed on. Defaults to 9090.

The HTTPS port that metrics will be exposed on. Defaults to 9091.

Type of object storage to use. Must be one of s3, azure, or google.

Required when object storage is externalized.

Azure Blob Storage access key.

Required when TFE_OBJECT_STORAGE_TYPE is azure and TFE_OBJECT_STORAGE_AZURE_USE_MSI is false.

Azure Blob Storage account name.

Required when TFE_OBJECT_STORAGE_TYPE is azure.

Client ID of a user-assigned Managed Service Identity. Leave blank to use the system-assigned Managed Service Identity. Defaults to "".

Azure Blob Storage container name.

Required when TFE_OBJECT_STORAGE_TYPE is azure.

Azure Storage endpoint. Useful if using a private endpoint for Azure Storage. Leave blank to use the default Azure Storage endpoint. Defaults to "".

Whether to use Managed Service Identity (MSI) for authentication. Defaults to false.

Google Cloud Storage bucket name.

Required when TFE_OBJECT_STORAGE_TYPE is google.

Google Cloud Storage JSON credentials. Must be given as an escaped string of JSON or Base64 encoded JSON. Leave blank to use the attached service account. Defaults to "".

Google Cloud Storage project name.

Required when TFE_OBJECT_STORAGE_TYPE is google.

S3 access key ID.

Required when TFE_OBJECT_STORAGE_TYPE is s3 and TFE_OBJECT_STORAGE_S3_USE_INSTANCE_PROFILE is false.

S3 bucket name.

Required when TFE_OBJECT_STORAGE_TYPE is s3.

S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the default AWS S3 endpoint. Defaults to "".

S3 region.

Required when TFE_OBJECT_STORAGE_TYPE is s3.

S3 secret access key.

Required when TFE_OBJECT_STORAGE_TYPE is s3 and TFE_OBJECT_STORAGE_S3_USE_INSTANCE_PROFILE is false.

Server-side encryption algorithm to use. Leave blank to have the AWS SDK use a default value. Set to AES256 to use AES-256 encryption, the AWS S3 default since January 5, 2023. Set to aws:kms to use an AWS KMS key to encrypt data in which case you must specify TFE_OBJECT_STORAGE_S3_SERVER_SIDE_ENCRYPTION_KMS_KEY_ID. Defaults to "".

KMS key ID to use for server-side encryption. Leave blank to use AWS-managed keys. Defaults to "".

Whether to use the default AWS credential chain for authentication. When set to true, Terraform Enterprise attempts to authenticate to AWS using the following workload identities:

• EC2 IAM instance profile
• IAM roles for Kubernetes service accounts (IRSA)
• EKS pod identity

Defaults to false.

Optional configuration of the size of the data packets sent to S3. Defaults to 1024 if left blank.

Optional configuration of the concurrency when sending data to S3. Defaults to 3 if left blank.

Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to "".

Path to a file containing the TLS certificate Terraform Enterprise will use when serving TLS connections to clients.

Required always.

Specifies the path to the TLS certificate file used for the secondary hostname, for example /etc/ssl/private/terraform-enterprise/ext_cert.pem.

Configure this setting to secure HTTPS connections for external integrations using the secondary hostname.

This settings is required when TFE_HOSTNAME_SECONDARY is set.

TLS ciphers to use for TLS. Must be valid OpenSSL format. Leave blank to use the default ciphers. Defaults to "".

Whether or not to enforce TLS, Strict-Transport-Security headers, and secure cookies. Defaults to false.

Path to a file containing the TLS private key Terraform Enterprise will use when serving TLS connections to clients.

Specifies the path to the TLS private key file used for the secondary hostname, for example /etc/ssl/private/terraform-enterprise/ext_key.pem.

You must also configure the TFE_TLS_CERT_FILE_SECONDARY setting to enable secure HTTPS connections.

This settings is required when TFE_HOSTNAME_SECONDARY is set.

Whether to require TLS when connecting to SMTP servers. When set to true, the application will raise an error if it cannot upgrade SMTP connections to TLS. Defaults to false.

TLS version to use. Must be one of tls_1_2, tls_1_3, or blank. Leave blank to use both TLS v1.2 and TLS v1.3. Defaults to "".

Address of the external Vault server (e.g., https://vault.example.com:8200). Defaults to "".

Required when TFE_VAULT_USE_EXTERNAL is true.

Cluster URL of the internal Vault server on this node (e.g., http://192.168.0.1:8201). Must be reachable across nodes. Defaults to http://{{ GetPrivateIP }}:8201.

Required when TFE_OPERATIONAL_MODE is active-active.

Disable mlock for internal Vault. Defaults to false.

Vault namespace. External Vault only. Leave blank to use the default namespace. Defaults to "".

Vault path when AppRole is mounted. External Vault only. Defaults to auth/approle.

Vault role ID. External Vault only.

Required when TFE_VAULT_USE_EXTERNAL is true.

Vault secret ID. External Vault only.

Required when TFE_VAULT_USE_EXTERNAL is true.

How often, in seconds, to renew the Vault token. External Vault only. Defaults to 3600.

Whether to use external Vault. Defaults to false.

Comma-separated list of extra hosts in the format HOST:IP,HOST:IP to set in the /etc/hosts file within the container used to execute Terraform runs. Leave blank to not set any extra hosts. Defaults to "".

Network where the container used to execute Terraform runs will be created. The network must already exist, it will not be created automatically. Leave blank to use the default network. Defaults to "".

Path where Terraform Enterprise caches Terraform binaries. The volume specified in TFE_DISK_CACHE_VOLUME_NAME must be mounted to this path. Defaults to /var/cache/tfe-task-worker.

Required when TFE_RUN_PIPELINE_DRIVER is docker.

Container volume name backing the TFE_DISK_CACHE_PATH.

Required when TFE_RUN_PIPELINE_DRIVER is docker.

The name of an ImagePullSecret in the [namespace]-agents namespace to use when pulling the custom source tfc-agent image. If an ImagePullSecret is required to access a private repository you must create the secret within the [namespace]-agents namespace after this helm chart has installed, but before attempting a plan or apply. See Prerequisites for instructions for creating ImagePullSecrets.

The path to a Kubernetes configuration file.

The Kubernetes namespace to create ephemeral run containers. Defaults to default.

A feature toggle to enable or disable compatibility with an OpenShift runtime environment. Defaults to false.

Boolean flag that will delay the deletion of jobs from the cluster for their inspection.

Time in seconds after which the jobs delayed by the TFE_RUN_PIPELINE_KUBERNETES_DEBUG_ENABLED flag will get deleted. Defaults to 86400, 1 day.

This is a base64-encoded custom pod template in JSON format, equivalent to Kubernetes' corev1.PodTemplateSpec, used in a job. The values here will override corresponding values from Terraform Enterprise configuration. Note that only one container is allowed in the pod template.

Time in seconds after which Terraform Enterprise will fails jobs submitted to Kubernetes. Defaults to 60.

The Nomad namespace where Terraform Enterprise agent job starts. Defaults to tfe-agents.

Specifies the ID of the batch job that runs the Terraform Enterprise agent. Defaults to tfe-agent-job.

Max timeout in seconds used by Terraform Enterprise workers to connect with Nomad and start an agent job. Defaults to 60.

Terraform Enterprise relies on the native application runtime for setting proxy values. For configuring proxies in Docker, refer to the official Docker proxy configuration guide. For Kubernetes, refer to the Kubernetes proxy configuration guide. For Nomad deployments, refer to the reference architecture guide

The following table describes how the Replicated configuration maps to the configuration settings for non-Replicated deployments. Refer to settings for more information about the variables.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4