Introduction
Problem
Organizations using a standalone Terraform Enterprise setup may require increased reliability and scalability. Migrating to an Active/Active architecture allows for multiple TFE nodes, improving availability and performance. However, this migration involves changes to infrastructure, including adding Redis servers and configuring TFE nodes.
Prerequisites:
- Automated Installation Requirement: Active-active TFE requires a completely automated installation method, ensuring all nodes are configured consistently for easy updates and upgrades. This is a hard requirement, as manual installations are not supported for this mode.
- Existing Infrastructure: The existing Postgres DB and S3 bucket must be accessible and compatible, with no changes needed for DB migration beyond ensuring connectivity.
-
Redis Configuration: For an Active/Active Terraform Enterprise (TFE) setup, two Redis servers are not strictly required. However, high availability is recommended, and Redis Sentinel can be used to manage failover between multiple Redis instances
Note that Redis cluster is not supported, which is an important consideration for setup. - Licensing and Security: An Enterprise license and a TLS certificate are required for TFE, ensuring secure operations across multiple nodes.
-
Network and Infrastructure: The infrastructure must support multiple active nodes, including load balancing and network configurations, potentially requiring hairpinning for certain environments.
Cause:
The standalone architecture cannot scale horizontally or provide redundancy. Active/Active mode addresses these limitations but requires infrastructure changes and operational adjustments.
Solutions:
Related to New Additional TFE Server:
- Airgap Package for Active-Active: The same TFE airgap package used for standalone can be used for active-active. No separate package is required; the difference lies in the configuration during installation, with additional options enabling active-active mode.
- Compatibility with Standalone Package: Yes, the standalone TFE airgap package is compatible with active-active, with configuration changes during setup. This ensures a seamless transition without needing additional bundles.
- Database Communication: Both standalone TFE and the new active-active nodes can communicate with the same existing Postgres DB, ensuring no compatibility issues. This reuse simplifies migration, as no DB migration is needed.
- Installation Document: The installation steps for TFE active-active are detailed at this link, providing a step-by-step guide for setup.
Related to Existing TFE Server
- Migration Approach: There are two approaches:
- Reuse the existing TFE node, converting it to active-active (one node initially), then add the second node as needed.
- Create a new active-active installation from scratch, reusing existing S3 and Postgres, but ensure the standalone instance is stopped before starting the new setup to avoid conflicts.
- Migration Steps for TFE App and Postgres DB: The migration follows the automated installation process, with updates to configuration files (e.g., replicated.conf) to enable active-active. No specific steps are needed for Postgres DB beyond ensuring connectivity, as it’s reused. Refer to Automated Installation - Active/Active for detailed steps.
- Rollback Plan: If the upgrade to active-active fails, rollback is possible by scaling back to a single node, which is equivalent to a standalone setup. Alternatively, reinstall using the previous standalone configuration via automated installation, updating Postgres DB settings if needed to match the original setup. This ensures minimal disruption, with steps documented in the installation guide.
- Fluent Bit Container: No changes are required for the TFE Fluent Bit container currently enabled for log forwarding. It will handle logs from multiple nodes, with the output destination receiving logs from additional sources, requiring no updates from the TFE side.