Terraform Enterprise FDO (Docker) Installation Startup Fails Due To TLS Configuration "[error] could not open configuration file, aborting."

Problem

A new Terraform Enterprise Flexible Deployment Options (FDO) for Docker installation fails to start. When attaching to the container, logs show a fluent-bit error, and the container exits.

tfe_1 | [2024/07/18 21:12:17] [error] could not open configuration file, aborting.
terraform-enterprise_tfe_1 exited with code 0

Checking the terraform-enterprise.log file or container logs may reveal a more specific error related to TLS certificates.

2024-07-29T21:14:04.530Z [ERROR] terraform-enterprise: startup: error="failed retrieving configuration: : open /etc/ssl/private/terraform-enterprise/bundle.pem: no such file or directory"

Prerequisites

• Terraform Enterprise version v202404-2 or newer.

Cause

The could not open configuration file, aborting error from fluent-bit is a symptom of an earlier startup failure, not the root cause. More information is available in the related article on Terraform Enterprise v202404-2 startup failures.

The underlying issue is that Terraform Enterprise cannot find the required TLS certificate files. This occurs when the files (bundle.pem, cert.pem, key.pem) are missing, incorrectly named, or not placed in a certs directory that is accessible to the docker compose command, as specified in the TLS certificate requirements.

Solution

To resolve this issue, ensure the TLS certificate files are correctly placed in a local certs directory before starting the application.

1. Verify that you have the required TLS certificate files: cert.pem, key.pem, and bundle.pem (if you are using an intermediate certificate).
2. In the same directory as your docker-compose.yml file, create a new directory named certs.

3. Move your TLS certificate files into the certs directory. The directory structure should look like this:

   . 
   ├── certs/
   │   ├── bundle.pem
   │   ├── cert.pem
   │   └── key.pem
   └── docker-compose.yml

4. Start the Terraform Enterprise application from the directory containing your docker-compose.yml file and the certs directory.

   $ docker compose up --detach

Verification

After starting the application, you can monitor its health until it reports a healthy status.

Run the health check command.

$ docker compose exec tfe tfe-health-check-status

A healthy application will eventually report "status":"healthy".

Additional Information

• Terraform Enterprise FDO for Docker Installation Requirements
• Terraform Enterprise FDO for Docker Installation Procedure