Introduction
If IPv4 forward has been disabled on the Terraform Enterprise host the admin UI may go down frequently. IPv4 forwarding is commonly disabled due to security compliance either manually or with configuration management tools such as Ansible. The OS image being used for Terraform Enterprise may also have this setting disabled by default(as of January 2022, some GCP images have this disabled by default).
Use Case
From the journald docker logs.raw the warning message below will print indicating that IPv4 forwarding is disabled and networking will not work.
10.0.0.44/default/journald/docker/logs.raw
Oct 29 14:53:47 gbl25030274 dockerd[9683]: time="2021-10-29T14:53:47.0326374312+04:00" level=warning msg="IPv4 forwarding is disabled. Networking will not work"
We can also confirm IPv4Forwarding has been set to false in the docker_info log.
primary/docker/info/docker_info.json
"IPv4Forwarding": false,
The following sysctl command can also be used to check whether IP forwarding is currently enabled or disabled.
# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
Note: Even when IPv4 forwarding has been disabled, the replicated-ui service will remain active running.
systemctl -a | grep replicated
replicated-operator.service loaded active running Replicated Operator Service
replicated-ui.service loaded active running Replicated Service
replicated.service loaded active running Replicated Service
Procedure
We can enable ipv4 forwarding again by adding the following line to /etc/sysctl.conf on the TFE host.
net.ipv4.ip_forward=1
Next restart the networking service.
systemctl restart network