Problem
The Terraform Enterprise (TFE) Flexible Deployment Options (FDO) for active-active operational mode offers the TFE_REDIS_USER configuration option for Redis servers that have username/password authentication.
For TFE releases before v202503-1, configuring this option causes an error in TFE startup logs:
{"component":"sidekiq","log":"2025/04/25 19:52:59 rediss://example-redis-server.example.com: not ready yet: WRONGPASS invalid username-password pair or user is disabled."}
{"component":"atlas","log":"2025/04/25 19:52:59 rediss://example-redis-server.example.com: not ready yet: WRONGPASS invalid username-password pair or user is disabled."}
This prevents TFE from starting up successfully.
Cause
The setting
TFE_REDIS_USER cannot be modified in TFE versions prior to v202503-1 due to a known bug, as documented in the Known Issues section of the release notes for those versions."Updated February 27, 2025] Terraform Enterprise does not support usernames provided with the REDIS_USER variable to authenticate with an external Redis instance."
Solutions
- Upgrade to TFE version v202503-1 or later.
-
If upgrading is not feasible, the workaround for earlier versions involves configuring the Redis server to use the default user and password, updating the password, and then removing the
TFE_REDIS_USERsetting. e.g.:
TFE_REDIS_USE_AUTH: true
TFE_REDIS_PASSWORD: <default user password>
# TFE_REDIS_USER: <-do not use
Outcome
TFE can be startup without Redis authentication errors.