Problem
When using Terraform Enterprise in External Services mode with Azure Database for PostgreSQL Flexible Server, the application may fail to start.
Cause
A recent change to Azure Database for PostgreSQL Flexible Server requires you to explicitly add PostgreSQL extensions to an allow-list before they can be installed or used. Terraform Enterprise requires specific extensions that may not be enabled by default.
You can confirm this issue by checking the logs of the ptfe_migrations container (or tfe-migrations for TFE v202205-1 and later). The following log message indicates this problem.
PG::FeatureNotSupported: ERROR: extension "hstore" is not allow-listed for "azure_pg_admin" users in Azure Database for PostgreSQL
Prerequisites
- Azure Database for PostgreSQL Flexible Server.
- Terraform Enterprise configured for External Services mode.
Note: For Terraform Enterprise v202205-1 or later, the container prefix changed from ptfe_ to tfe- (e.g., ptfe_migrations is now tfe-migrations).
Solutions
To resolve this issue, you must enable the required PostgreSQL extensions in your Azure Database configuration.
Solution 1: Manage with Terraform
If you manage the Azure Database for PostgreSQL server with Terraform, add the following resource to your configuration to enable the required extensions.
resource "azurerm_postgresql_flexible_server_configuration" "tfe" {
name = "azure.extensions"
server_id = azurerm_postgresql_flexible_server.tfe.id
value = "CITEXT,HSTORE,UUID-OSSP"
}Solution 2: Manage Manually in the Azure Portal
If you manage the database manually through the Azure Portal, navigate to the Server parameters for your Flexible Server instance. Ensure that the CITEXT, HSTORE, and UUID-OSSP extensions are checked under the azure.extensions parameter.
Outcome
After you enable the required extensions in your Azure Database for PostgreSQL configuration, restart the Terraform Enterprise application. The application should now start successfully.