Introduction
Terraform Enterprise provides built-in health check endpoints that you can use to monitor the status and operational health of an instance. While the primary /_health_check endpoint is accessible externally via the instance hostname, certain use cases may require monitoring the instance internally to avoid network dependencies.
This guide outlines several methods for performing internal health checks on a Terraform Enterprise instance.
Use Case
The internal health check verifies the status of critical components, including:
- Archivist service health.
- Application connectivity to Redis and PostgreSQL.
- Application connectivity to Vault, including token encryption and decryption.
- RabbitMQ message sending and consumption.
- Vault server health.
The results from these checks can be integrated with an external monitoring or reporting service.
Procedure
There are multiple options for monitoring the health of a Terraform Enterprise instance internally, depending on the installed version.
Option 1: Monitor using curl
You can query the health check endpoint directly from the instance's host using curl.
For Terraform Enterprise v202205-1 or later:
Execute the following command to query the health check container.
$ curl http://$(docker inspect tfe-health-check | jq -r .[].NetworkSettings.Networks[].IPAddress):23005/_health_check
A successful response returns a JSON object indicating the status of each check.
{
"passed": true,
"checks": [
{"name": "Archivist Health Check", "passed": true},
{"name": "Terraform Enterprise Health Check", "passed": true},
{"name": "Terraform Enterprise Vault Health Check", "passed": true},
{"name": "Fluent Bit Health Check", "passed": false, "skipped": true},
{"name": "RabbitMQ Health Check", "passed": true},
{"name": "Vault Server Health Check", "passed": true}
]
}For Terraform Enterprise v202309-1 or later (with consolidated services):
Execute the following command to query the main application container.
$ curl http://$(docker inspect terraform-enterprise | jq -r .[].NetworkSettings.Networks[].IPAddress):8080/_health_check?full=1
For versions prior to v202205-1:
Execute the following command.
$ curl http://$(docker inspect ptfe_health_check | jq -r .[].NetworkSettings.Networks[].IPAddress):23005/_health_check
Option 2: Monitor using the tfe-admin command
For Terraform Enterprise v202012-2 and later, you can use the tfe-admin command-line utility.
Run the health check command.
$ tfe-admin health-check
The command displays the status of each check.
checking: Archivist Health Check... | checks that Archivist is up and healthy |- ✓ PASS checking: Terraform Enterprise Health Check... | checks that Terraform Enterprise is up and can communicate with Redis and Postgres |- ✓ PASS checking: Terraform Enterprise Vault Health Check... | checks that Terraform Enterprise can connect to Vault and is able to encrypt and decrypt tokens |- ✓ PASS checking: RabbitMQ Health Check... | checks that RabbitMQ can be connected to and that we can send and consume messages |- ✓ PASS checking: Vault Server Health Check... | checks that the configured Vault Server is healthy |- ✓ PASS All checks passed.
Option 3: Monitor using the replicated command
For older versions of Terraform Enterprise, you can use the replicated command.
Run the health check command.
$ replicated admin health-check
The command displays the status of each check.
checking: Archivist Health Check... | checks that Archivist is up and healthy |- ✓ PASS checking: Terraform Enterprise Health Check... | checks that Terraform Enterprise is up and can communicate with Redis and Postgres |- ✓ PASS checking: Terraform Enterprise Vault Health Check... | checks that Terraform Enterprise can connect to Vault and is able to encrypt and decrypt tokens |- ✓ PASS checking: RabbitMQ Health Check... | checks that RabbitMQ can be connected to and that we can send and consume messages |- ✓ PASS checking: Vault Server Health Check... | checks that the configured Vault Server is healthy |- ✓ PASS All checks passed.
Additional Information
For more details, refer to the official documentation on monitoring a Terraform Enterprise instance.