Terraform Enterprise Installation with SELinux

Avatar
Aya Mohamed
  • Updated

Introduction

To successfully run Terraform Enterprise on Red Hat Enterprise Linux (RHEL) with SELinux enabled, you must perform additional configuration steps beyond the standard installation. This guide provides the required procedure to ensure compatibility.

For more information on base requirements, refer to the official installation documentation for Terraform Enterprise on RHEL.

Prerequisites

  • A RHEL environment that meets the standard Terraform Enterprise requirements.
  • sudo or root privileges.

Procedure

Follow these steps to install Terraform Enterprise in an SELinux-enabled environment.

  1. Remove any previous Docker installations to prevent conflicts.

    # sudo yum -y remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

  2. Install the prerequisite packages for Docker.

    # sudo yum -y install -y yum-utils

  3. Add the official Docker repository.

    # sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

  4. Install the Docker engine and required container packages.

    # sudo yum -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin container-selinux

  5. Enable and start the Docker service.

    # sudo systemctl enable docker
# sudo systemctl start docker

  6. Update all installed packages and reboot the instance to apply the changes.

    # sudo yum -y update
# sudo reboot

  7. After the instance reboots, verify that the Docker daemon is running correctly.

    $ command -v docker && echo GOOD || echo BAD
## GOOD
$ ps aux | grep -q '[d]ockerd' && echo GOOD || echo BAD
## GOOD

  8. Create the directory for the Terraform Enterprise installation. This example uses /opt/tfe for a mounted disk installation. Replace this path if you are using a different location.

    # sudo mkdir -p /opt/tfe

  9. Temporarily set SELinux to permissive mode for the installation.

    # sudo setenforce 0

  10. Verify that the current mode is permissive.

    $ getenforce
## Permissive

  11. Download and execute the Terraform Enterprise installation script.

    $ curl -o install.sh https://install.terraform.io/ptfe/stable
$ bash ./install.sh no-docker

  12. After the installation completes, access the Terraform Enterprise UI and stop the application from the Replicated dashboard (typically on port 8800) or by running the following command.

    # replicatedctl app stop

  13. Set the correct SELinux file context for the Terraform Enterprise installation directory. The following commands are for a mounted disk installation at /opt/tfe.

    ## These two commands are specific to mounted disk installations
# sudo semanage fcontext -a -t container_file_t "/opt/tfe(/.*)?"
# sudo restorecon -R /opt/tfe

  14. Set SELinux back to enforcing mode.

    # sudo setenforce 1

  15. Reboot the instance to apply all changes permanently.

    # sudo reboot

Outcome

After the instance reboots, verify that SELinux is in enforcing mode. The command should return Enforcing.

$ getenforce
## Enforcing

Your Terraform Enterprise installation is now running correctly on RHEL with SELinux enabled.

Articles in this section

See more

Related articles