Terraform Enterprise on Amazon Linux 2 fails to start

Introduction

After update or new installation of the TFE with the latest Amazon Linux 2 (AMI as of 1/1/2024) replicated service fails to start

Problem

When checking replicated logs you will see the follow errors

journalctl -u replicated

Jan 04 11:35:48 ip-xxxx.ec2.internal docker[xx]: runtime/cgo: pthread_create failed: Operation not permitted
Jan 04 11:35:48 ip-xxxx.ec2.internal docker[xx]: SIGABRT: abort

Cause

• Due to some  security settings that caused  hardening on Amazon Linux 2  so libseccomp permissions needs to be fixed in the profile. The effect of "SCMP_ACT_ERRNO" is to cause a Permission Denied error.  hence come the need to override this profile with to be SCMP_ACT_ALLOW.

Solutions:

• Follow the steps in this documentation to amend the /etc/docker/seccomp.json file
  From step 1 to step 4
• Before continuing make sure to change in  file etc/docker/seccomp.json  occurrence of "defaultAction": "SCMP_ACT_ERRNO", to "defaultAction": "SCMP_ACT_ALLOW"
• Continue steps from 5 to the end
• Once finished the replicated service will start normally

Additional Information

• docker 20.x with modified libseccomp TFE requirement configuration

• docker seccomp security profile documentation