Terraform
Requirements
Important: All agents in an agent pool should have the same operating system and hardware resources available. If the agents are using different resources, run performance can vary significantly between each agent in the pool.
Ensure your system meets the following requirements before installing and configuring HCP Terraform Agents. Refer to HCP Terraform Agents on Terraform Enterprise for additional Terraform Enterprise requirements.
Supported Operating Systems
Agents currently only support x86_64 bit Linux operating systems. You can also run the agent within Docker using our official HCP Terraform Agent Docker container.
Supported Terraform Versions
Agents support Terraform versions 0.12 and above. Workspaces configured to use Terraform versions below 0.12 cannot select the agent-based execution mode.
Hardware Requirements
The host running the agent has varying resource requirements depending on the workspaces the agent will serve and the agent's configuration. A host can be a dedicated or shared cloud instance, virtual machine, bare metal server, or a container. You should monitor and adjust memory, CPU, and disk space based on each workspace's usage and performance.
Use the following specifications as a reference:
- At least 4GB of free disk space
- Each run requires the agent to temporarily store local copies of the tarred repository, extracted repository, state file, any providers or modules, and the Terraform binary itself.
- When using agents for private VCS operations, we recommend that the agent has storage capacity equal to at least twice the maximum expected repository size.
- At least 2GB of system memory
- This provides the agent with enough memory to complete run operations, such as
terraform plan
,git clone
, andsentinel apply
. This also supports operations such as uploading and downloading artifacts, constructing temporary execution environments, and parsing configurations. - If you enable request forwarding, we recommend that you add at least 250MB of additional memory. The agent may hold multiple forwarded requests and responses in memory until they are successfully executed and relayed to HCP Terraform.
- This provides the agent with enough memory to complete run operations, such as
Software Requirements
Agents may depend on third-party tooling for certain features and functionality.
The tfc-agent itself does not have any direct dependency on any of the following
tools, though most common uses of Terraform will require them. The agent makes
the assumption that the following utilities are pre-installed, and their
respective CLI commands available on the $PATH
of the user running tfc-agent.
git
- The Git CLI. May be used by the Terraform CLI when downloading modules from remote Git servers. Git version 2.3 or greater is required.ssh
- The SSH CLI. Used bygit
when the remote source uses the SSH protocol.
In addition to the above tools, it is often useful to install the following
optional software to support a broad range of uses. These tools may be used by
Terraform's local-exec
provisioners, an external
data source, or a tfc-agent
hook script.
curl
- Simple command-line HTTP client.wget
- Simple command-line HTTP client.jq
- JSON data inspection utility.unzip
- Unarchiver for zip archives.tar
- Unarchiver for tar archives.gzip
- Decompression utility for gzipped archives.
Networking Requirements
In order for an agent to function properly, it must be able to make outbound TCP connections to the HCP Terraform application APIs. These requests may require perimeter networking as well as container host networking changes, depending on your environment. Refer to the HCP Terraform IP Ranges documentation for more details on the IP ranges.
Additionally, the agent must also be able to communicate with any services required by the Terraform code it is executing. This includes the Terraform releases distribution service, releases.hashicorp.com, as well as any provider APIs. The following services run on these IP ranges:
Hostname | Port/Protocol | Directionality | Purpose |
---|---|---|---|
app.terraform.io | tcp/443, HTTPS | Outbound | Polling for new workloads, providing status updates, and downloading private modules from HCP Terraform's Private Module Registry |
registry.terraform.io | tcp/443, HTTPS | Outbound | Downloading public modules from the Terraform Registry |
releases.hashicorp.com | tcp/443, HTTPS | Outbound | Updating agent components and downloading Terraform binaries |
archivist.terraform.io | tcp/443, HTTPS | Outbound | Blob Storage |
agents.terraform.io | tcp/7146, TCP | Outbound | Agent RPC interface (currently used for request forwarding only) |