Terraform
Terraform Enterprise v202404-1 (763)
We have pulled the v202404-1 release, making it unavailable to download due to a breaking bug. If you have already installed this release, we recommend upgrading to the v202404-2 patch release or restoring your previously installed version.
Last required release: v202207-2 (642)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:d4071b212178e1dfc3c18900234e2240cee873802b37107bbe394036488099a8
Known Issues
- [Updated May 13, 2024] Replicated-based installs running in Active/Active mode are unable to properly supply a Redis configuration to the application. A fix will be available in v202405-1.
- [Updated April 30, 2024] Customers that use S3 for backend blob storage should not upgrade to this release. The application will start, but is unable to read or write data from the blob storage. A fix is available in v202404-2.
- [Updated April 30, 2024] If your encryption password contains certain special characters (backslash, dollar sign, grave accent, double quotation, exclamation or tilde) the application will not start successfully and will log errors decrypting vault. A fix is available in v202404-2.
- [Updated April 30, 2024] Customers that use Terraform Enterprise with an external vault server are unable to refresh application tokens. This is fixed in v202404-2.
- [Updated April 30, 2024] The global run tasks feature is unavailable in this version. This is fixed in v202404-2.
- [Updated April 30, 2024] The private registry is unable to list module versions. A fix is available in v202404-2.
- [Updated April 30, 2024] The footer shows
dev
instead of the application version. This is corrected in v202404-2. - [Updated June 26, 2024] After successfully running a database restore in mounted disk mode, the Terraform Enterprise container, or Replicated application, must be fully stopped and restarted in order for the application to run properly.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
- [Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
RedHat Enterprise will end support for RHEL v7 on June 30th, 2024. As such, Terraform Enterprise will no longer be supported on that operating system after that date.
Features
- Podman is now a supported deployment option. Requirements, installation and migration instructions from Replicated are available.
- You can now specify which projects can use repositories from a VCS connection. By default, Terraform Enterprise enables every workspace in an organization to access the repositories from every VCS connection. If you want to limit which projects have access to repositories from a given VCS connection, you can change this setting to restrict connection to specific projects.
- You can now associate a run task to all workspaces in the organization. Refer to this blog post for more details.
- You can now create runs with debugging mode enabled from the UI and API, allowing quick access to trace level run logs.
- You can now provide a custom pod template for worker pods with v1.2.0 of the helm chart.
Improvements
- Hosted agents now dequeue jobs in priority order.
- When a user creates a new project or updates a project name whitespace is now removed from both ends of the name. The allows for a better user experience if a user accidentally adds spaces before or after.
- Breadcrumbs for projects-related pages are now a more accurate representation of the user's location in Terraform Enterprise.
- Bitbucket Data Center is now a supported VCS integration.
- Workspace tasks can now be associated to more than one run stage.
Bug Fixes
- Environment variables in priority variable sets will now overwrite workspace variables with the same key. Previously, priority variable sets did not work for environment-type variables.
- Workspaces can now be fully deleted even if they contain a state version which was rolled back. Previously, a bug caused issues with deleting workspaces under these conditions, leading to incomplete removal.
- Searching for a Policy Set no longer is interrupted by unexpected reloads.
- Workspaces with long names in a Kubernetes-hosted Terraform Enterprise installation can now successfully run plan or apply operations. Previously, a bug caused these operations to fail.
- You can now use
tfe-backup-restore
to generate blob storage backups. - Any
tfectl
command that executes across remote nodes and takes more than 30 seconds to complete no longer fails silently. - All Docker container metrics now have an associated
name
label, ensuring proper identification and monitoring. - Terraform Enterprise no longer silently fails runs in organizations with a plan or apply timeout value exceeding 24 hours. If you had previously configured this setting to greater than 24 hours, it will be reduced to 24 hours on start.
- The
tfectl support bundle
command now generates a complete manifest.json file.
Security
- Each service now runs under a unique user id inside the Terraform Enterprise container.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.