Terraform
Minio Setup Guide for Terraform Enterprise
This document provides an overview for setting up Minio for external object storage for HashiCorp Terraform Enterprise.
Required Reading
- Ensure you are familiar with Terraform Enterprise's operation and installation requirements, and especially the Operational Mode Decision.
- Familiarize yourself with Minio.
Overview
When configured to use External Services, Terraform Enterprise must be connected to a storage service to persist workspace state and other file-based data. Native support exists for Azure Blob Storage, Amazon S3, and services that are API-compatible with Amazon S3. If you are not using Azure or a cloud provider with an S3-compatible service, or you are running Terraform Enterprise in an environment without a storage service, it may be possible to use Minio instead.
Installation
Note: This is not a production-ready configuration: it's intended to guide you to a working configuration that can later be automated and hardened.
This guide will walk through installing Minio in a Docker container alongside Terraform Enterprise on the same host, with Terraform Enterprise configured in the External Services operational mode. Data will not be persisted outside of an ephemeral Docker volume, Minio will not start on system boot, etc. The guide assumes your instance will have access to the Internet and that you will be performing an online install of Terraform Enterprise.
System preparation
Ensure your Linux instance meets the requirements. You will need jq (a command-line JSON processor), and the AWS CLI.
You also need a PostgreSQL database that meets the requirements, as this is part of the External Services operational mode.
Terraform Enterprise installation
Begin with an online installation. Once the installation script has finished and you're presented with the following text, move on to the next section:
To continue the installation, visit the following URL in your browser:
https://<TFE HOSTNAME>:8800
Start Minio
Now you'll start the Minio container, mounting a volume so that you can gain access to the generated config:
docker run \
-d \
--name minio \
-v /run/minio/config:/root/.minio \
minio/minio:latest \
-- \
server /data
Ensure that Minio has started by watching for /var/run/minio/config/config.json
to be written:
while [ ! -e /var/run/minio/config/config.json ]; do
sleep 3
done
You now need to collect several pieces of information about your running Minio instance:
- IP address of the running container:
docker inspect minio | jq -r .[0].NetworkSettings.IPAddress
- Access key:
jq -r .credential.accessKey /var/run/minio/config/config.json
- Secret key:
jq -r .credential.secretKey /var/run/minio/config/config.json
Create a bucket
Like S3, Minio does not automatically create buckets. Use the AWS CLI to create a bucket named tfe
that will be used to store data:
export AWS_ACCESS_KEY_ID="<access key from above>"
export AWS_SECRET_ACCESS_KEY="<secret key from above>"
aws --region us-east-1 --endpoint-url http://<ip address from above>:9000 s3 mb s3://tfe
Terraform Enterprise installation
You may now continue the installation in the browser. When you arrive at the Operational Mode choice in the installer, follow these steps:
- Choose the "Production" installation type.
- Choose the External Services operational mode.
- Provide the required Database URL for the PostgreSQL configuration.
- Choose "S3" for object storage.
- Enter the access key and secret access key using the information retrieved from Minio.
- Provide the endpoint URL, like:
http://<ip address from above>:9000
. - Enter the name of the bucket you created above (
tfe
in the example). - Enter
us-east-1
for the region; this is arbitrary, but must be a valid AWS region. Note: The "Test Authentication" button does not currently work for non-AWS endpoints. - Click "Save".
Next Steps
- Familiarize yourself with the various storage backends provided by Minio.
- Make sure you know how to back up and restore the data written to Minio.