Terraform Enterprise startup error - exit status 7

Avatar
Patrick Munne
  • Updated

Problem

Terraform Enterprise doesn't start and the container keeps crashing. Looking at the logs you see the following messages

tfe-1 | {"component":"supervisord","log":"2024-10-11 08:10:43,834 INFO exited: nginx (exit status 1; not expected)"}
tfe-1 | {"component":"terraform-enterprise","log":"2024-10-11T08:10:43.824Z [ERROR] terraform-enterprise: startup: error=\"exit status 7\""}

 

Prerequisites

  • Terraform Enterprise

 

Cause

When the Terraform Enterprise container starts it will have different processes starting. One of these processes is the nginx server which serves the Terraform Enterprise application. During the start this is crashing without a clear reason in the default logs 


See error message in the default logs

docker logs terraform-enterprise

or

kubectl -n NAMESPACE logs terraform-enterprise

 

Solution

The details for the Nginx crash can be found in the nginx.log on the container itself. You have to be quick to get these details as they are only available in the few seconds the container starts

docker exec -it terraform-enterprise cat /var/log/terraform-enterprise/nginx.log

or

kubectl -n NAMESPACE exec -it terraform-enterprise -- cat /var/log/terraform-enterprise/nginx.log


This could result in the following output 

nginx: [emerg] SSL_CTX_use_PrivateKey("/etc/ssl/private/terraform-enterprise/key.pem") 
failed (SSL: error:05800074:x509 certificate routines::key values mismatch)

 

Check if the private key and certificate key match. If they don't then please contact the team who provided the TLS certificates. 

Verify the certificates.

# Correct certificate and key
openssl x509 -noout -modulus -in cert.pem| openssl md5
(stdin)= b3b8253a1e9b8e797f550f53780a8927

openssl rsa -noout -modulus -in key.pem| openssl md5
(stdin)= b3b8253a1e9b8e797f550f53780a8927
# Wrong certificate and key
openssl x509 -noout -modulus -in cert.pem| openssl md5
(stdin)= c67e374fcd59f60ab35b75f5cbba1944

openssl rsa -noout -modulus -in key.pem| openssl md5
(stdin)= 53489c2da829370f21b77f6b754afea7 <== does not match the certificate hash

 

 

Outcome

When the certificate and key match the Nginx process should start and you should not see this error anymore.

 

Additional Information

  • Documentation about certificates for Terraform Enterprise can be found here.

Articles in this section

Related articles