Terraform Enterprise Installation with SELinux

Avatar
Aya Mohamed
  • Updated

Introduction

To run Terraform Enterprise in RHEL with SELinux enabled we need to make additional steps, besides the ones already mentioned in installation documentation for TFE on RHEL

 

Recommended Steps

  • Make sure to remove any already installed docker or its remnants
sudo yum -y remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
  • Install docker pre-requirements commands
sudo yum -y install -y yum-utils
  • Ensure usage of correct docker repo
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
  • Install Docker
sudo yum -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin container-selinux
  •  Then start docker service
sudo systemctl enable docker
sudo systemctl start docker
  • Update all the presently installed packages to the latest versions that are available in the repositories followed by VM restart
sudo yum -y update
sudo reboot
  • After reboot make sure docker is running check what replicated will test for docker
command -v docker && echo GOOD || echo BAD
ps aux | grep -q '[d]ockerd' && echo GOOD || echo BAD
  • Start TFE installation on "/opt/tfe" where it will be mounted(This only applies to mounted disk installations, please replace the path with your own if needed)
sudo mkdir -p /opt/tfe
  • Set SELinux to permissive and verify
sudo setenforce 0
getenforce
  •  Download installation script and then execute it
curl -o install.sh https://install.terraform.io/ptfe/stable
bash ./install.sh no-docker
  • After installation make sure TFE is accessible via TFE GUI
  • Now is the time to enable SELinux  - so stop application
    • Either utilize Replicated dashboard normally serving on port 8800 
    • Or, alternatively execute on instance replicatedctl app stop
  • Set context and set SELinux to Enforcing:
# These two commands are specific to mounted disk installations
sudo semanage fcontext -a -t container_file_t "/opt/tfe(/.*)?"
sudo restorecon -R /opt/tfe

# Enforce SELinux
sudo setenforce 1
  • Reboot the instance to apply all changes :
sudo reboot
  • After reboot make sure SELinux is enabled
$ getenforce
Enforcing

You should have in your output reply "Enforcing"

 

 

Articles in this section

See more

Related articles