Install and configure tfe on your system.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.tfeThe machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.docker_ce
- role: robertdebock.docker_compose
post_tasks:
# The role docker_ce skips starting on Docker hosts.
- name: Start docker daemon
ansible.builtin.service:
name: docker
state: started
enabled: trueAlso see a full explanation and example on how to use these roles.
The default values for the variables are set in defaults/main.yml:
---
# defaults file for tfe
# Select the image to use for Terraform Enterprise. This includes the version.
# The latest tfe version can be found here:
# https://developer.hashicorp.com/terraform/enterprise/releases/2023/v202303-1
tfe_image: "images.releases.hashicorp.com/hashicorp/terraform-enterprise:v202309-1"
# Paste the license of Terraform Enterprise here. It's a long string.
# If the license is not set or empty, many tasks will be skipped, resulting in
# a non-working Terraform Enterprise instance. Not setting a license can help
# with testing.
tfe_license: ""
# Configure a hostname, used to redirect HTTP(S) requests.
tfe_hostname: "tfe.example.com"
# An encryption password for the TFE application.
tfe_encryption_password: "S0meP@ssword"
# A list of CIDR notated subnets that are allowed to create an "Initial Admin
# Token".
tfe_iact_subnets: []
# - "10.0.0.0/8"
# - "192.168.0.0/24"
# The following variables are used to configure the TLS certificate and key for
# the web interface of Terraform Enterprise. The certificate and key should be
# placed in the `files` directory of your playbook.
#
# You can create a self-signed certificate with the following command:
#
# openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem \
# -sha256 -days 365
# cp cert.pem bundle.pem
tfe_tls_certificate: "cert.pem"
tfe_tls_key: "key.pem"
tfe_tls_bundle: "bundle.pem"
# You can set the operational mode to either: "disk", "external" or "active-active".
tfe_operational_mode: "active-active"
# Maximum number of Terraform runs that can execute concurrently on each Terraform Enterprise node.
tfe_capacity_concurrency: 10
# Enable log forwarding by setting a path.
# The file (basename) will originate from this Ansible role, unless you have
# a custom file in your `files/` directory of your playbook directory.
# tfe_log_forwarding_config_path: /etc/terraform-enterprise/fluent-bit/fluent-bit.conf
# Details on the database host. This host should already exist, this role
# does not create a database.
# These variables are required when `tfe_operational_mode` is set to `active-active` or `external`.
tfe_database_host: "tfe.RaNdOm.eu-west-1.rds.amazonaws.com"
tfe_database_user: "tfe"
tfe_database_password: "my_pass_c0mpl.x"
tfe_database_name: "tfe"
tfe_database_parameters: "sslmode=disable"
# Detail on the object storage. This role does not create the bucket.
# These variables are required when `tfe_operational_mode` is set to `active-active` or `external`.
tfe_object_storage_s3_endpoint: ""
tfe_object_storage_s3_use_instance_profile: false
tfe_object_storage_s3_bucket: "SomeBucketName"
tfe_object_storage_s3_access_key_id: ""
tfe_object_storage_s3_secret_access_key: ""
tfe_object_storage_s3_region: "eu-west-1"
# Details on the Redis host. This host should already exist, this role
# does not create a Redis instance.
# These variables are required when `tfe_operational_mode` is set to `active-active`.
tfe_redis_host: "tfe.RaNdOm.0001.euw1.cache.amazonaws.com"
tfe_redis_user: "tfe"
tfe_redis_password: "my_pass_c0mpl.x"
tfe_redis_use_tls: false
tfe_redis_use_auth: false
# The internal Vault requires an internal address of the node.
tfe_vault_cluster_address: "https://{{ ansible_default_ipv4.address }}:8201"- pip packages listed in requirements.txt.
The following roles are used to prepare a system. You can prepare your system in another way.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.core_dependencies |  |
 |
| robertdebock.docker_ce |  |
 |
| robertdebock.docker_compose |  |
 |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
| container | tags |
|---|---|
| Debian | bullseye |
| EL | 9 |
| Fedora | 38, 39 |
| Ubuntu | all |
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub.
Please consider sponsoring me.