Introduction
HashiCorp utilizes Docker containers to facilitate the runtime of various services used by Terraform Enterprise.
What are the roles of the Terraform Enterprise containers?
ptfe_nginx
- Nginx reverse proxy, facilitates access to the Terraform Enterprise servicesptfe_atlas
- The API and Web UI. Terraform Enterprise used to be known as Atlasptfe_build_manager
- Manages the queue of Terraform runsptfe_build_worker
- Creates workers on-demand as required by the queue. Injects variables, secrets, and Terraform configuration to a temporary container,ptfe_worker
ptfe_worker
- Executes a Terraformplan
orapply
. This container can be replaced with a custom image. This ephemeral container may be created with a randomly generated name by Dockerptfe_vault
- HashiCorp Vault, utilizes transit encryption for items such as sensitive workspace variablesptfe_registry_api
- Terraform Private Module Registry APIptfe_slug_ingress
(orptfe_ingress
in older versions of Terraform Enterprise) - Listens for VCS webhooks. Packages VCS repo data as a slug and sends it toptfe_archivist
ptfe_registry_worker
- Processes VCS slugs, prepares module to be published on the Terraform private Module Registryptfe_sidekiq
- Background job scheduler systemptfe_redis
- Redis in-memory database, use for caching andptfe_sidekiq
queue. This container will not be active on Active-Active Terraform Enterprise installations.ptfe_nomad
- HashiCorp Nomad, Schedules Sentinel and Cost Estimation runsptfe_archivist
- Object storage APIptfe_migrations
- Runs on startup only, runs database migrations fromptfe_atlas
ptfe_postgres
- PostgreSQL database, holds relational data such as workspace applies and where their state is stored in object storageptfe_state_parser
- Reads Terraform state files and parses important information out of themrabbitmq
- RabbitMQ message queueptfe_backup_restore
- The Terraform Enterprise Backup and Restore APIptfe_outbound_http_proxy
- Outbound HTTP proxy for Terraform applies and plans to facilitate blocking services such as the host’s AWS Metadata Service if configured.ptfe_health_check
- Runs a periodic health check against Terraform Enterpriseptfe_base_startup
- Runs on install only. Initializes Terraform Enterprise for installationptfe_registry_migrations
- Runs on startup only, runs database migrations fromptfe_registry_api
telegraf
- Data collection agent for collecting and reporting metrics. This container runs whenenable_metrics_collection
is enabled in the application configurationinfluxdb
- Time-series database for storing metrics data fromtelegraf
. This container runs whenenable_metrics_collection
is enabled in the application configuration
For Terraform Enterprise v202205-1 or later:
tfe-nginx
- Nginx reverse proxy, facilitates access to the Terraform Enterprise servicestfe-atlas
- The API and Web UI. Terraform Enterprise used to be known as Atlastfe-build-manager
- Manages the queue of Terraform runstfe-build-worker
- Creates workers on-demand as required by the queue. Injects variables, secrets, and Terraform configuration to a temporary container,tfe-worker
tfe-worker
- Executes a Terraformplan
orapply
. This container can be replaced with a custom image. This ephemeral container may be created with a randomly generated name by Docker. The image will either be `hashicorp/build-worker:now` or the configured custom build worker image in the Terraform Enterprise configuration.tfe-vault
- HashiCorp Vault, utilizes transit encryption for items such as sensitive workspace variablestfe-registry-api
- Terraform Private Module Registry APItfe-slug-ingress
(orptfe_ingress
in older versions of Terraform Enterprise) - Listens for VCS webhooks. Packages VCS repo data as a slug and sends it totfe-archivist
tfe-registry-worker
- Processes VCS slugs, prepares module to be published on the Terraform private Module Registrytfe-sidekiq
- Background job scheduler systemtfe-redis
- Redis in-memory database, use for caching andtfe-sidekiq
queue. This container will not be active on Active-Active Terraform Enterprise installations.tfe-nomad
- HashiCorp Nomad, Schedules Sentinel and Cost Estimation runstfe-archivist
- Object storage APItfe-migrations
- Runs on startup only, runs database migrations fromtfe-atlas
tfe-postgres
- PostgreSQL database, holds relational data such as workspace applies and where their state is stored in object storagetfe-postgresql-setup
- PostgreSQL database setup container which initializes the database for use.tfe-state-parser
- Reads Terraform state files and parses important information out of themtfe-rabbitmq
- RabbitMQ message queuetfe-plan-exporter-worker
- Sets up a Nomad job to extract data from Terraform planstfe-sentinel-worker
- Sets up a Nomad job to run Sentinel jobstfe-cost-estimation
- Sets up a Nomad job to run Cost Estimation jobstfe-backup-restore
- The Terraform Enterprise Backup and Restore APItfe-outbound-http-proxy
- Outbound HTTP proxy for Terraform applies and plans to facilitate blocking services such as the host’s AWS Metadata Service if configured.tfe-health-check
- Runs a periodic health check against Terraform Enterprisetfe-base-startup
- Runs on install only. Initializes Terraform Enterprise for installationtfe-bootstrap
- Runs on install only. Boostraps Docker network required for the other containerstfe-registry-migrations
- Runs on startup only, runs database migrations fromtfe-registry-api
tfe-anchor-isolation-network
- This container does nothing. It is attached to the Docker isolation network and prevents the network from being removed.tfe-base-workers
- Sets up the Terraform Build Worker base container imagetfe-admin
- Contains useful CLI tools for use with `replicated admin`telegraf
- Data collection agent for collecting and reporting metrics. This container runs whenenable_metrics_collection
is enabled in the application configurationinfluxdb
- Time-series database for storing metrics data fromtelegraf
. This container runs whenenable_metrics_collection
is enabled in the application configurationtfe-fluent-bit
- This container runs whenlog_forwarding_enabled
is enabled in the application configuration. It forwards logs as configured by the user.tfe-metrics
- This container runs whenenable_metrics_collection
is enabled in the application configuration. It exposes Terraform Enterprise container metrics.
What are the roles of the Replicated containers?
replicated
- The daemon that runs Replicated services and starts the application. It communicates with the external Replicated API and registry unless running in airgap mode. This is the only component that communicates externally.replicated-ui
- Provides the Replicated console which listens on host port 8800. It communicates internally with the Replicated daemon and with the premkit service.replicated-operator
A utility image to transfer files between the host and daemon and to run application containers if using the native scheduler. It communicates internally with the Replicated daemon on port 9879.replicated-premkit
- This serves as a reverse proxy to the audit log, metrics, and integration services. It communicates internally with the daemon, audit log, and metrics services.replicated-statsd
- This image is used for a metrics service that runs when the application is running.support-bundle
This image is run to collect system information when the customer creates a support bundle.cmd
This image may be used for custom commands if configured in the application yaml. It may communicate internally or externally if configured to do so by the vendor’s application.retraced
Retraced provides an API and worker for the audit log component and communicates internally with the audit log’s Postgres and NSQ services. The following are the API and worker containers:retraced-processor
retraced-api
retraced-cron
retraced-postgres
This is the database for the audit log.retraced-nsq
This is the audit log’s queue.