Skip to content

Deployment

Docker environment variables

The following environment variables are available to configure the docker container

MIGRATE_DATABASE

Whether to perform a database migration on container startup.

Set to True to enable database migration

Note: Be very careful when scaling the application. There should never be more than one instance of Terrareg running with MIGRATE_DATABASE set to True during an upgrade.

When upgrading, scale the application to a single instance before upgrading to a newer version.

Alternatively, set MIGRATE_DATABASE to False and run a dedicated instance for performing database upgrades. Use MIGRATE_DATABASE_ONLY to run an instance that will perform the necessary database migrations and immediately exit.

Default: False

MIGRATE_DATABASE_ONLY

Whether to perform database migration and exit immediately.

This is useful for scheduling migrations by starting a 'migration' instance of the application.

Set to True to exit after migration.

The MIGRATE_DATABASE environment variable must also be set to True to perform the migration, otherwise nothing will be performed and the container will exit.

Default: False

SSH_PRIVATE_KEY

Provide the contents of the SSH key to perform git clones.

This is an alternative to mounting the '.ssh' directory of the root user.

Default: ''

Application environment variables

For a list of available application configuration environment variables, please see doc/CONFIG

Database Migrations

Terrareg can be deployed via Docker and scaled out to support high-availability and load requirements.

However, whilst perform upgrades with database migrations, it's important to ensure that only one container performs the database migration step.

This can be accomplished in two ways:

  • Scale down to 1 container when performing upgrades that container a database migration
  • Run a single dedicated container that performs the database upgrades.

In either situation, when performing a database upgrade, it is highly recommended that any containers serving the web-application are stopped.

On-the-fly DB migrations

To enable database migrations in all containers (assuming the service will be scaled to a single container during upgrade), set the environment variable MIGRATE_DATABASE to True.

Dedicated DB migration container

To dedicate a single container to DB migrations, set MIGRATE_DATABASE to False on all containers running the web application and create a new container

Allowing Terrareg to Communicate with itself

During module extraction/analysis, Terrareg will need to communicate with itself, which is required during cost analysis and graph generation.

To configure this, set the DOMAIN_NAME configuration.

To ensure terraform does not generate unecessary analytics in the module, terrareg must manage the .terraformrc file in the user's home directory. This functionality is enabled by default in the docker container, by disabled outside of it. To enable/disable this functionality, see MANAGE_TERRAFORM_RC_FILE

Docker storage

Module/Provider data

If module hosting is being used, ensure that a directory is mounted into the container for storing module data. This path can be customised by setting DATA_DIRECTORY

Alternative, an S3 bucket may be used for storage. Configure the DATA_DIRECTORY with an s3:// URL, as per the example. When using S3, the container must have native access to an s3 bucket, that is, either on an EC2 instance with S3 permissions, an ECS container with an IAM role that has permission to the s3 bucket or have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables configured.

If S3 is used for the data directory, the UPLOAD_DIRECTORY must be configured to a path, as this usually default to the DATA_DIRECTORY but does not support S3.

Database URL

It is recommended to use an external database when using in production. Terrareg has been tested with MariaDB 10.X and is incompattible with MySQL <= 8.x

A database URL should be configured, otherwise Terrareg will default to a local sqlite database (though this could be mounted via a docker volume, it certainly shouldn't be used for multiple containers).

This should be configured by setting DATABASE_URL

Listen port

The port that Terrareg listens on can be configured with LISTEN_PORT

SSL

Although Terrareg can be deployed without SSL - this is only recommended for testing and local development. Aside from the usualy reasons for using SSL, it is also required for Terraform to communicate with the registry to obtain modules as a registry provider. If SSL is not used, Terrareg will fall-back to providing Terrareform examples using a 'http' download URL for Terraform.

Terrareg must be configured with the URL that the registry is accessible. To configure this, please see PUBLIC_URL

Enabling SSL on the application

SSL can be enabled on Terrareg itself - the certificates must be mounted inside the container (or be available on the filesystem, if running outside of a docker container) and the absolute path can be provided using the environment variables SSL_CERT_PRIVATE_KEY and SSL_CERT_PUBLIC_KEY.

If Terrareg is being run outside of a docker container, these can be provided as command line arguments --ssl-cert-private-key and --ssl-cert-public-key.

Offloading SSL using a reverse proxy

SSL can also be provided by a reverse proxy in front of Terrareg and traffic to the Terrareg container can be served via HTTP.