Introduction
This document provides multiple options for monitoring a Terraform Enterprise instance.
Use Case
Terraform Enterprise provides a /_health_check and /_health_check?full=1 endpoint on the instance. It is accessible using the Terraform Enterprise Hostname and hits the external endpoint.
https://www.terraform.io/docs/enterprise/admin/monitoring.html
There are use cases where this is not desirable such as avoiding network dependencies and you may want to monitor the instance using the internal health checks instead.
The health check will verify the following:
- Archivist is up and healthy.
- The application can communicate with Redis and Postgres.
- The application can connect with Vault and is able to encrypt and decrypt tokens.
- Test that RabbitMQ is able to send and consume messages.
- Verify that the Vault server is healthy.
These results can be passed to a reporting service to be monitored.
Procedure
There are multiple options for monitoring the health of the Terraform Enterprise internally. These options are described below.
You can curl the _health_check using the following command:
$ curl http://$(docker inspect ptfe_health_check|jq -r .[].NetworkSettings.Networks[].IPAddress):23005/_health_check
{"passed":true,"checks":[{"name":"Archivist Health Check","passed":true},{"name":"Terraform Enterprise Health Check","passed":true},{"name":"Terraform Enterprise Vault Health Check","passed":true},{"name":"Fluent Bit Health Check","passed":false,"skipped":true},{"name":"RabbitMQ Health Check","passed":true},{"name":"Vault Server Health Check","passed":true}]}
For Terraform Enterprise v202205-1 or later:
You can curl the _health_check using the following command:
$ curl http://$(docker inspect tfe-health-check|jq -r .[].NetworkSettings.Networks[].IPAddress):23005/_health_check
{"passed":true,"checks":[{"name":"Archivist Health Check","passed":true},{"name":"Terraform Enterprise Health Check","passed":true},{"name":"Terraform Enterprise Vault Health Check","passed":true},{"name":"Fluent Bit Health Check","passed":false,"skipped":true},{"name":"RabbitMQ Health Check","passed":true},{"name":"Vault Server Health Check","passed":true}]}For Terraform Enterprise v202309-1 or later with default consolidated services enabled:
curl http://$(docker inspect terraform-enterprise|jq -r .[].NetworkSettings.Networks[].IPAddress):8080/_health_check?full=1
$ replicated admin health-check
checking: Archivist Health Check...
| checks that Archivist is up and healthy
|- ✓ PASS
checking: Terraform Enterprise Health Check...
| checks that Terraform Enterprise is up and can communicate with Redis and Postgres
|- ✓ PASS
checking: Terraform Enterprise Vault Health Check...
| checks that Terraform Enterprise can connect to Vault and is able to encrypt and decrypt tokens
|- ✓ PASS
checking: RabbitMQ Health Check...
| checks that RabbitMQ can be connected to and that we can send and consume messages
|- ✓ PASS
checking: Vault Server Health Check...
| checks that the configured Vault Server is healthy
|- ✓ PASS
All checks passed.Terraform Enterprise v202012-2 and higher will now use tfe-admin health-check.
$ tfe-admin health-check
checking: Archivist Health Check...
| checks that Archivist is up and healthy
|- ✓ PASS
checking: Terraform Enterprise Health Check...
| checks that Terraform Enterprise is up and can communicate with Redis and Postgres
|- ✓ PASS
checking: Terraform Enterprise Vault Health Check...
| checks that Terraform Enterprise can connect to Vault and is able to encrypt and decrypt tokens
|- ✓ PASS
checking: RabbitMQ Health Check...
| checks that RabbitMQ can be connected to and that we can send and consume messages
|- ✓ PASS
checking: Vault Server Health Check...
| checks that the configured Vault Server is healthy
|- ✓ PASS
All checks passed.