Terraform Enterprise v202406-1 (776)
This is a required release!
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:2d6cadbc5b4956fbebe899a0ca3735108aa3fa086d380215c45298dcfc4b9c31
Known Issues
[Updated November 21, 2024] Upgrading to v202406-1 appears to stall under the following conditions:
- Terraform Enterprise is in
disk
mode. - The data directory has more than 1 TB of data.
- Terraform is deployed to Replicated.
Terraform Enterprise processes file permissions for the data during the upgrade but does not print ongoing messages to the log indicating that the operations are ongoing.
Allow up to an hour for the upgrade, even when the following message appears in the log for an extended period of time:
Running as builtin tfe user, ensuring ownership of scratch directories...
- Terraform Enterprise is in
[Updated September 6, 2024] This release contains a possible migration error due to orphaned team membership records referring to teams that have been deleted. If this issue affects you, the upgrade will fail. To avoid this, please refer to our support article for steps to check if you have orphaned records and how to remove them before proceeding with the migration.
[Updated June 26, 2024] After successfully running a database restore in mounted disk mode, the Terraform Enterprise container, or Replicated application, must be fully stopped and restarted in order for the application to run properly.
[Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
[Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
[Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
[Updated January 21, 2025] Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in March 2025 (extended from November 2024). Effective December 2024, only pre-existing workflows and capabilities will be tested for continued quality on Replicated releases. New features and product improvements will not be validated on Replicated releases. HashiCorp Support will support this release until April 1, 2026, but bug and security fixes backports will not be available after March.
Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To continue receiving the latest features, fixes, and security updates, migrate to a new deployment option by November 2024. For more information, refer to Flexible Deployment Options or contact your HashiCorp account representative.
RedHat Enterprise is ending support for RHEL v7 on June 30th, 2024. Following suit, Terraform Enterprise will no longer support RHEL v7 after June 30th, 2024. Replicated installations of Terraform Enterprise support RHEL 8. The Podman deployment option supports using RHEL 8 or higher.
We've removed the organizations list and navigation items from the account settings page, and instead recommend referencing your main organization page for a list of your organizations.
Highlights
- This Terraform Enterprise release (v202406-1) is required, because of an upgrade of the internal PostgreSQL service from v14 to v16. This database upgrade also enables using the backup and restore API endpoints against external PostgreSQL servers running versions 15 or 16. If your upgrade fails, restore your PostgresQL v14 database.
- Terraform Enterprise now supports a new deployment option. Terraform Enterprise can now be deployed to HashiCorp Nomad. The feature is still in beta. To get started, refer to the Nomad Beta requirements.
- Terraform Enterprise now supports a new deployment option. Terraform Enterprise can now be deployed to Red Hat OpenShift. The feature is still in Beta stage. To get started, read the Kubernetes and OpenShift requirements and instructions for operating Terraform Enterprise on Red Hat OpenShift.
Features
- You can now search for organizations by name on the main organizations page.
- A new page has been added to allow administrators to view and cancel the current run for each workspace in an organization. For more information, refer to Organizations.
Improvements
- An organization owner can now leave an organization if that organization has other active owners.
- The sentinel worker has been updated to 0.26.0.
Bug Fixes
- The
tfe.run.limit
metric is now displayed in the JSON representation of metrics. - When a workspace is deleted, it will not longer appear in the variable set page.
- Attaching a VCS provider to a project using the attach to a project endpoint will no longer inadvertently remove existing projects attached to the same provider.
- When you edit a workspace variable and wait for some time before clicking the Cancel button, the variable now reverts back to its original key and value.
- Managing a run task with too many workspace associations could time out and display an error, preventing any updates to that run task. The number of workspace associations is now checked before loading, and will only display the workspaces if there are fewer than 50.
Security
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.