How to enable Terraform core logging in Terraform Enterprise application logging >=v202306-1

Introduction

In the v202306-1 release of Terraform Enterprise (TFE), the "Terraform Build Worker" image for performing Terraform runs was retired in favor of the hashicorp/tfc-agent image. For more information, refer to the guide on how to Migrate Alternative Worker Images to Agents.

The legacy Terraform Build Worker image logged the core terraform command output in the TFE application logging by default. The new agent image does not. While Terraform core logs are still available by navigating to a Workspace Run and from the API, it requires additional configuration to include these logs in the application logs, such as those configured for log forwarding on Flexible Deployment Options (FDO) or Replicated deployments.

Expected Outcome

Terraform core logging is available in the standard output produced by the Terraform Enterprise application.

Prerequisites

• You are running Terraform Enterprise v202306-1 or later, which uses the agent image pipeline.
• You need to consume Terraform core logs from the standard output of Terraform Enterprise.

Procedure

To enable Terraform core logging, you must set the TFC_AGENT_LOG_LEVELenvironment variable to trace on the tfc-agent image responsible for executing Terraform runs. The traceverbosity level "contains all debug-level messages, plus verbose process logs such as the line-by-line output of the terraform command".

1. Build a custom agent image.

   Create a custom worker image that includes the required environment variable. Add the following line to your Dockerfile.

   ENV TFC_AGENT_LOG_LEVEL='trace'

   A complete example Dockerfile could look like this.

   FROM hashicorp/tfc-agent:latest
   
   ## Switch to the root user to perform privileged actions such as
   ## installing software.
   USER root
   
   ## Install sudo. The container runs as a non-root user, but you may rely on
   ## the ability to apt-get install things.
   RUN apt-get -y install sudo
   
   ## Permit tfc-agent to use sudo apt-get commands.
   RUN echo 'tfc-agent ALL=NOPASSWD: /usr/bin/apt-get , /usr/bin/apt' >> /etc/sudoers.d/50-tfc-agent
   
   ## Switch back to the tfc-agent user as needed by Terraform agents.
   USER tfc-agent
   
   ## Enable Terraform core logging.
   ENV TFC_AGENT_LOG_LEVEL='trace'

2. Update Terraform Enterprise to use the custom image.

   The process to update the image varies depending on your deployment option.

   For Flexible Deployment Options (FDO)

   Configure the TFE_RUN_PIPELINE_IMAGE environment variable to use your custom image.

   For Replicated Deployments

   Configure the custom_agent_image_tag setting to use your custom image.

Additional Information

• HCP Terraform Agents > Logging