Terraform Enterprise Containers

Introduction

HashiCorp utilizes Docker containers to facilitate the runtime of various services used by Terraform Enterprise.

What are the roles of the Terraform Enterprise containers?

• ptfe_nginx - Nginx reverse proxy, facilitates access to the Terraform Enterprise services
• ptfe_atlas - The API and Web UI. Terraform Enterprise used to be known as Atlas
• ptfe_build_manager - Manages the queue of Terraform runs
• ptfe_build_worker - Creates workers on-demand as required by the queue. Injects variables, secrets, and Terraform configuration to a temporary container, ptfe_worker
• ptfe_worker - Executes a Terraform plan or apply. This container can be replaced with a custom image. This ephemeral container may be created with a randomly generated name by Docker
• ptfe_vault - HashiCorp Vault, utilizes transit encryption for items such as sensitive workspace variables
• ptfe_registry_api - Terraform Private Module Registry API
• ptfe_slug_ingress (or ptfe_ingress in older versions of Terraform Enterprise) - Listens for VCS webhooks. Packages VCS repo data as a slug and sends it to ptfe_archivist
• ptfe_registry_worker - Processes VCS slugs, prepares module to be published on the Terraform private Module Registry
• ptfe_sidekiq - Background job scheduler system
• ptfe_redis - Redis in-memory database, use for caching and ptfe_sidekiq queue. This container will not be active on Active-Active Terraform Enterprise installations.
• ptfe_nomad - HashiCorp Nomad, Schedules Sentinel and Cost Estimation runs
• ptfe_archivist - Object storage API
• ptfe_migrations - Runs on startup only, runs database migrations from ptfe_atlas
• ptfe_postgres - PostgreSQL database, holds relational data such as workspace applies and where their state is stored in object storage
• ptfe_state_parser - Reads Terraform state files and parses important information out of them
• rabbitmq - RabbitMQ message queue
• ptfe_backup_restore - The Terraform Enterprise Backup and Restore API
• ptfe_outbound_http_proxy - Outbound HTTP proxy for Terraform applies and plans to facilitate blocking services such as the host’s AWS Metadata Service if configured.
• ptfe_health_check - Runs a periodic health check against Terraform Enterprise
• ptfe_base_startup - Runs on install only. Initializes Terraform Enterprise for installation
• ptfe_registry_migrations - Runs on startup only, runs database migrations from ptfe_registry_api
• telegraf - Data collection agent for collecting and reporting metrics. This container runs when enable_metrics_collection is enabled in the application configuration
• influxdb - Time-series database for storing metrics data from telegraf. This container runs when enable_metrics_collection is enabled in the application configuration

For Terraform Enterprise v202205-1 or later:

• tfe-nginx - Nginx reverse proxy, facilitates access to the Terraform Enterprise services
• tfe-atlas - The API and Web UI. Terraform Enterprise used to be known as Atlas
• tfe-build-manager - Manages the queue of Terraform runs
• tfe-build-worker - Creates workers on-demand as required by the queue. Injects variables, secrets, and Terraform configuration to a temporary container, tfe-worker
• tfe-worker - Executes a Terraform plan or apply. This container can be replaced with a custom image. This ephemeral container may be created with a randomly generated name by Docker. The image will either be `hashicorp/build-worker:now` or the configured custom build worker image in the Terraform Enterprise configuration.
• tfe-vault - HashiCorp Vault, utilizes transit encryption for items such as sensitive workspace variables
• tfe-registry-api - Terraform Private Module Registry API
• tfe-slug-ingress (or ptfe_ingress in older versions of Terraform Enterprise) - Listens for VCS webhooks. Packages VCS repo data as a slug and sends it to tfe-archivist
• tfe-registry-worker - Processes VCS slugs, prepares module to be published on the Terraform private Module Registry
• tfe-sidekiq - Background job scheduler system
• tfe-redis - Redis in-memory database, use for caching and tfe-sidekiq queue. This container will not be active on Active-Active Terraform Enterprise installations.
• tfe-nomad - HashiCorp Nomad, Schedules Sentinel and Cost Estimation runs
• tfe-archivist - Object storage API
• tfe-migrations - Runs on startup only, runs database migrations from tfe-atlas
• tfe-postgres - PostgreSQL database, holds relational data such as workspace applies and where their state is stored in object storage
• tfe-postgresql-setup - PostgreSQL database setup container which initializes the database for use.
• tfe-state-parser - Reads Terraform state files and parses important information out of them
• tfe-rabbitmq - RabbitMQ message queue
• tfe-plan-exporter-worker - Sets up a Nomad job to extract data from Terraform plans
• tfe-sentinel-worker - Sets up a Nomad job to run Sentinel jobs
• tfe-cost-estimation - Sets up a Nomad job to run Cost Estimation jobs
• tfe-backup-restore - The Terraform Enterprise Backup and Restore API
• tfe-outbound-http-proxy - Outbound HTTP proxy for Terraform applies and plans to facilitate blocking services such as the host’s AWS Metadata Service if configured.
• tfe-health-check - Runs a periodic health check against Terraform Enterprise
• tfe-base-startup - Runs on install only. Initializes Terraform Enterprise for installation
• tfe-bootstrap - Runs on install only. Boostraps Docker network required for the other containers
• tfe-registry-migrations - Runs on startup only, runs database migrations from tfe-registry-api
• tfe-anchor-isolation-network - This container does nothing. It is attached to the Docker isolation network and prevents the network from being removed.
• tfe-base-workers - Sets up the Terraform Build Worker base container image
• tfe-admin - Contains useful CLI tools for use with `replicated admin`
• telegraf - Data collection agent for collecting and reporting metrics. This container runs when enable_metrics_collection is enabled in the application configuration
• influxdb - Time-series database for storing metrics data from telegraf. This container runs when enable_metrics_collection is enabled in the application configuration
• tfe-fluent-bit - This container runs when log_forwarding_enabled is enabled in the application configuration. It forwards logs as configured by the user.
• tfe-metrics - This container runs when enable_metrics_collection is enabled in the application configuration. It exposes Terraform Enterprise container metrics.

What are the roles of the Replicated containers?

• replicated - The daemon that runs Replicated services and starts the application. It communicates with the external Replicated API and registry unless running in airgap mode. This is the only component that communicates externally.
• replicated-ui - Provides the Replicated console which listens on host port 8800. It communicates internally with the Replicated daemon and with the premkit service.
• replicated-operator A utility image to transfer files between the host and daemon and to run application containers if using the native scheduler. It communicates internally with the Replicated daemon on port 9879.
• replicated-premkit - This serves as a reverse proxy to the audit log, metrics, and integration services. It communicates internally with the daemon, audit log, and metrics services.
• replicated-statsd - This image is used for a metrics service that runs when the application is running.
• support-bundle This image is run to collect system information when the customer creates a support bundle.
• cmd This image may be used for custom commands if configured in the application yaml. It may communicate internally or externally if configured to do so by the vendor’s application.
• retraced Retraced provides an API and worker for the audit log component and communicates internally with the audit log’s Postgres and NSQ services. The following are the API and worker containers:
  • retraced-processor
  • retraced-api
  • retraced-cron
• retraced-postgres This is the database for the audit log.
• retraced-nsq This is the audit log’s queue.