How to understand the operational log files in a TFE support bundle(Replicated)

Introduction

This guide explains how to review the operational log files found in a Terraform Enterprise (TFE) support bundle for Replicated installations. This allows you to self-diagnose problems by identifying the root cause of issues when the user interface does not provide specific error details.

Procedure

Generating a Support Bundle

You can generate a support bundle using one of the following methods.

1. From the Installer Dashboard: Navigate to the Installer dashboard on port 8800 of your TFE instance. Select the Support tab, then click Download Support Bundle.
2. From the CLI: If you cannot access the dashboard, connect to the instance via SSH and run the appropriate command.

   • For standard installations, run the following command:

     $ replicatedctl support-bundle

   • For Active-Active deployments, run the following command:

     $ tfe-admin support-bundle

Locating and Reviewing Logs

After generating and expanding the support bundle, you can find the logs in the [bundle]/primary/app/logs directory. Each Docker container has its own stderr and stdout files in this location. Searching recursively within the expanded support bundle directories for a specific error message can provide additional context for troubleshooting.

Key Log Files and Containers

Note on Container Naming: For TFE versions v202205-01 through v202308-1, container names follow the tfe-<service> convention (e.g., tfe-atlas). Older versions may use the ptfe_ prefix (e.g., ptfe_atlas). For more information, refer to the v202205-1 release notes.

Depending on where in the application flow the problem occurs, identify the logs for the relevant container. The following containers are the most important for troubleshooting common issues.

• tfe-atlas (ptfe_atlas) The main TFE web application that receives requests from users via a web browser or API call.
• tfe-ingress (ptfe_ingress) Copies files to TFE for processing, either from a VCS repository or a local client system.
• tfe-archivist (ptfe_archivist) Handles writing configurations, state files, and provider files to the S3-compatible storage buckets.
• tfe-sidekiq (ptfe_sidekiq) Responsible for inbound API call handling, including VCS webhook calls.
• tfe-nomad (ptfe_nomad) Executes Sentinel policies. In TFE v202212-1 and later, the tfe-task-worker container handles this task.
• tfe-postgresql-setup (ptfe_postgresql_setup) Shows any errors related to connecting to the PostgreSQL database.
• tfe-vault (ptfe_vault) The internal Vault server that encrypts and decrypts all sensitive data.
• tfe-build-worker (ptfe_build_worker) When TFE executes the Terraform CLI, it generates a temporary Docker container for the run. Logs from these containers, including most Terraform syntax or provider errors, appear in the tfe-build-worker logs.