The task-worker is failing with a "permission denied" error during driver initialization, which prevents it from pulling the agent image: hashicorp/tfe-agent
Error:failed pulling image "hashicorp/tfe-agent:now": Error response from daemon: {"message":"denied: requested access to the resource is denied"}
Possible Causes for Agent Image Pull Failure
Several factors could contribute to this issue:
1. Invalid License
An invalid or misconfigured license may prevent access to the image registry.
To validate the license, run:
echo "<HASHICORP_LICENSE>" | docker login --username terraform images.releases.hashicorp.com --password-stdin docker --debug pull hashicorp/tfe-agent:latest
2. Insufficient Disk Space
The most common cause is insufficient space under the /var
directory, where Podman stores container data. You may encounter an error similar to:
Error response from daemon: failed to load image: payload does not match any of the supported image formats: * oci: open /var/tmp/api_load.tarXXXX/index.json: not a directory * oci-archive: creating temp directory: untarring file "/var/tmp/container_images_ociXXXX": write ... no space left on device
Solution:
- Increase the
/var
partition size to at least 40GB - Ensure
/var
or specifically/var/lib/containers/storage
has sufficient space for Podman image operation - A minimum of 40GB is recommended for stable Terraform Enterprise operations.
Redeploy Terraform Enterprise
Use the following commands to bring down and restart the terraform enterprise deployment as per the platform below is the example for podman deployment :
podman kube down /path/to/yaml podman play kube /path/to/yaml
Additional Information
- https://developer.hashicorp.com/terraform/cloud-docs/agents/agents