Problem
After migrating Terraform Enterprise from a Replicated installation to a Flexible Deployment Options (FDO) installation on Docker, Terraform runs fail with the error message Sentinel policies errored.
Cause
This error typically occurs due to an incorrect Docker networking configuration for the Terraform Enterprise containers.
You can confirm this by inspecting the logs. The sidekiq.log file may show a connection refused error.
[ERROR] msg=Failed to enqueue Sentinel worker run_id=6599 policy_check_id=410 exception=Failed to open TCP connection to 127.0.0.1:8000 (Connection refused - connect(2) for "127.0.0.1" port 8000)
Additionally, the task-worker.log file may indicate that the specified Docker network was not found.
Error response from daemon: network tfe_terraform_isolation not found
Solutions
The issue is related to the TFE_RUN_PIPELINE_DOCKER_NETWORK parameter in your Docker Compose file. You can resolve this with one of the following solutions.
Solution 1: Create the specified Docker network
Create the missing Docker network manually.
-
Execute the following command to create the network.
$ docker network create tfe_terraform_isolation
- Re-deploy the FDO container and trigger a new run to test the fix.
Solution 2: Use the default Docker bridge network
Modify the configuration to use the default Docker bridge network instead of a custom one.
- In your Docker Compose file, find and remove the line containing the
TFE_RUN_PIPELINE_DOCKER_NETWORKparameter. - Re-deploy the FDO container and trigger a new run to test the fix.
Outcome
After applying one of the solutions, Terraform runs should process successfully without Sentinel policy errors.
Additional Information
- For more details on this configuration option, please see the
TFE_RUN_PIPELINE_DOCKER_NETWORKdocumentation.