Terraform
License and product usage reporting
This topic describes how to enable Terraform Enterprise to report license and product usage information to HashiCorp. This topic also outlines how HashiCorp uses license and product data it collects when automated data reporting is enabled. It is enabled by default, but automated license and product utilization data reporting can be disabled separately.
Data reporting privacy
The process is GDPR compliant and consists of mostly computed metrics that never contain personal identifiable information (PII) or other sensitive information. Automated reporting shares the data with HashiCorp using a secure, unidirectional HTTPS API and makes an auditable record in the product logs each time it submits a report.
Enable automated license utilization reporting
When automated license usage reporting is enabled, Terraform sends HashiCorp the minimum data required to validate license usage as defined in our contracts. As a result, you do not have to manually collect and report the usage data.
License usage reports provide the following benefits:
- Insight into how much more you can deploy under your current contract.
- Protection against over-utilization.
- Predictable consumption for budgeting purposes.
Additionally, you can review license usage with your existing monitoring solutions, such as Splunk and Datadog. Monitoring license consumption enables you to optimize and manage your deployments. For instructions on how to forward your license usage data to a monitoring solution, refer to the following topics for instructions on forwarding logs:
- Enable log forwarding on Replicated installations
- Enable log forwarding on non-Replicated installations.
To enable automated reporting, you need to make sure that outbound network traffic is configured correctly and upgrade your enterprise product to a version that supports it. If your installation is air-gapped or network settings are not in place, automated reporting will not work.
Allow outbound HTTPS traffic on port 443
Make sure that your network allows HTTPS egress on port 443 from https://reporting.hashicorp.services by allow-listing the following IP addresses:
Make sure that your network also allows egress to https://api.replicated.com as described in the network requirements documentation.
Upgrade Terraform Enterprise
Upgrade to Terraform Enterprise v202305-1 or later.
Check logs
Automatic license utilization reporting will start sending data within roughly 24 hours. Check the product logs for records that the data sent successfully.
{
"@level": "debug",
"@message": "export finished successfully",
"@module": "tfe-licensing.licensingexporter",
"@timestamp": "2023-05-10T17:48:06.656979Z"
}
If your installation is air-gapped or your network does not allow the correct egress, logs show the following error:
{
"@level": "error",
"@message": "error exporting snapshot",
"@module": "tfe-licensing.census",
"@timestamp": "2023-05-11T01:50:51.662155Z",
"err": "export failed with error POST https://reporting.hashicorp.services giving up after 5 attempt(s): Post \"https://reporting.hashicorp.services\": dial tcp 35.166.5.222:443: i/o timeout"
}
In this case, reconfigure your network to allow egress and check back in roughly 24 hours.
Opt out of license utilization reporting
If your installation is air-gapped or you want to manually collect and report on the same license utilization metrics, you can opt-out of automated reporting.
Manually reporting these metrics can be time consuming. Opting out of automated reporting does not mean that you also opt out from sending license utilization metrics. Customers who opt out of automated reporting will still be required to manually collect and send license utilization metrics to HashiCorp.
If you are considering opting out because you’re worried about the data, we strongly recommend that you review the example payloads before opting out. If you have concerns with any of the automatically-reported data please bring them to your account manager.
Add the following JSON to the Replicated Application Settings Config (settings.json), then check the product logs for a confirmation message.
{
"optout_license_reporting": {
"value": 1
}
}
If you are on a standalone installation, you can also configure this setting in the Replicated Admin Console UI.
Now restart your system.
Check your product logs roughly 24 hours after opting out to make sure that the system isn’t trying to send reports.
Refer to the License data reference for information about the license data Terraform Enterprise reports to HashiCorp.
Enable product usage reporting
Terraform Enterprise reports product usage data to HashiCorp in order to guide you through data insights and improve product value, experience, and quality. You can enable and disable product usage reporting separately from license utilization reporting.
Allow outbound HTTPS traffic on port 443
Make sure that your network allows egress to https://api.replicated.com, as described in the network requirements documentation.
Make sure that your network also allows HTTPS egress on port 443 from https://reporting.hashicorp.services by allow-listing the following IP addresses:
Upgrade Terraform Enterprise
Upgrade to Terraform Enterprise v202402-1 or later.
Check logs
Terraform starts sending data within approximately 24 hours. Check the product logs for records that the data sent successfully.
Terraform Enterprise logs report an error when your installation is air-gapped or when your network does not allow the correct egress.
Opt out of product usage reporting
If your installation is air-gapped or you do not want to report product utilization data to HashiCorp, you can opt out of reporting.
Add the following JSON to the Replicated application settings configuration specifying in the
settings.jsonfile.{ "optout_usage_reporting": { "value": 1 } }If you are on a standalone installation, you can also configure this setting in the Replicated admin console UI.
- Restart your system.
- Check your product logs roughly 24 hours after opting out to make sure that the system does not send reports.
Product data collection reference
The following JSON payload describes the product usage data that Terraform Enterprise collects. The contents shown are subject to change.
{
"version":"2",
"mode": "automatic",
"timestamp":"${TIME_OF_EXPORT}",
"signature": "${UUID}",
"checksum": "${UUID}",
"snapshots":[
{
"snapshot_version":2,
"id":"${SNAPSHOT_ID}",
"timestamp":"${TIME_OF_EXPORT}",
"schema_version":"2.2.0",
"product":"terraform",
"process_id":"${PROCESS_ID}",
"product_version":"${TFE_VERSION}",
"license_id":"${LICENSE_IDENTIFIER}",
"checksum": "${SHA}",
"metrics": {
"active_agents_count": { # Count of all remote active agents
"key": "active_agents_count",
"value": 0,
"mode": "write"
},
"ado_vcs_present": { # 1 if Azure DevOps is configured as a VCS provider, 0 otherwise
"key": "ado_vcs_present",
"value": 0,
"mode": "write"
},
"aws_provider_present": { # 1 if AWS provider is in use on the installation.
"key": "aws_provider_present",
"value": 0,
"mode": "write"
},
"azure_provider_present": { # 1 if Azure provider is in use on the installation.
"key": "azure_provider_present",
"value": 0,
"mode": "write"
},
"billable_rum_count": { # Count of all billable RUM on the installation
"key": "billable_rum_count",
"value": 0,
"mode": "write"
},
"billable_rum_count_workspace_80th_percentile": { # 80th percentile workspace billable RUM on the installation
"key": "billable_rum_count_workspace_80th_percentile",
"value": 0,
"mode": "write"
},
"billable_rum_count_workspace_avg": { # Mean workspace billable RUM on the installation
"key": "billable_rum_count_workspace_avg",
"value": 0,
"mode": "write"
},
"billable_rum_count_workspace_max": { # Maximum workspace billable RUM on the installation
"key": "billable_rum_count_workspace_max",
"value": 0,
"mode": "write"
},
"billable_rum_count_workspace_median": { # Median workspace billable RUM on the installation
"key": "billable_rum_count_workspace_median",
"value": 0,
"mode": "write"
},
"billable_rum_count_workspace_min": { # Lowest workspace billable RUM on the installation
"key": "billable_rum_count_workspace_min",
"value": 0,
"mode": "write"
},
"billable_rum_opt_in": { 1 if billable RUM reporting is enabled, 0 otherwise
"key": "billable_rum_opt_in",
"value": 1,
"mode": "write"
},
"bitbucket_vcs_present": { # 1 if Bitbucket is configured as a VCS provider, 0 otherwise
"key": "bitbucket_vcs_present",
"value": 0,
"mode": "write"
},
"continuous_validation_used_last_90_days": { # 1 if continuous validation has run in the last 90 days, 0 otherwise
"key": "continuous_validation_used_last_90_days",
"value": 0,
"mode": "write"
},
"daily_api_runs": { # Count of all Terraform runs associated with api daily
"key": "daily_api_runs",
"value": 0,
"mode": "write"
},
"daily_cli_runs": { # Count of all Terraform runs associated with cli daily
"key": "daily_cli_runs",
"value": 0,
"mode": "write"
},
"daily_runs": { # Count of all Terraform runs daily
"key": "daily_runs",
"value": 0,
"mode": "write"
},
"daily_vcs_runs": { # Count of all Terraform runs associated with VCS daily
"key": "daily_vcs_runs",
"value": 0,
"mode": "write"
},
"deployment_option": { # No data collected
"key": "deployment_option",
"value": 0,
"mode": "write"
},
"drift_detection_used_last_90_days": { # 1 if drift detection has run in 90 days, 0 otherwise
"key": "drift_detection_used_last_90_days",
"value": 0,
"mode": "write"
},
"gcp_provider_present": { # 1 if GCP provider is in use on the installation.
"key": "gcp_provider_present",
"value": 0,
"mode": "write"
},
"github_vcs_present": { # 1 if Github is configured as a VCS provider, 0 otherwise
"key": "github_vcs_present",
"value": 0,
"mode": "write"
},
"gitlab_vcs_present": { # 1 if Gitlab is configured as a VCS provider, 0 otherwise
"key": "gitlab_vcs_present",
"value": 0,
"mode": "write"
},
"installation_reporting_environment_type": { # The environment the TFE installation is setup in, 0 = environment type not set, 1 = prod, 2 = non-prod
"key": "installation_reporting_environment_type",
"value": 0,
"mode": "write"
},
"operational_mode": { # No data collected
"key": "operational_mode",
"value": 0,
"mode": "write"
},
"org_admin_count": { # Count of admin users across all organizations in the installation
"key": "org_admin_count",
"value": 1,
"mode": "write"
},
"org_count": { # Count of “Organization” configured on the installation
"key": "org_count",
"value": 1,
"mode": "write"
},
"private_modules_count": { # Count of private modules in the private registry.
"key": "private_modules_count",
"value": 0,
"mode": "write"
},
"product_usage_reporting_opt_in": { 1 if product usage reporting is opted in, 0 otherwise
"key": "product_usage_reporting_opt_in",
"value": 1,
"mode": "write"
},
"project_count": { # Count of “Project” configured on the installation
"key": "project_count",
"value": 1,
"mode": "write"
},
"run_concurrency": { # Run concurrency configured for the TFE installation
"key": "run_concurrency",
"value": 0,
"mode": "write"
},
"run_tasks_count": { # Count of run tasks configured across all workspaces
"key": "run_tasks_count",
"value": 0,
"mode": "write"
},
"run_tasks_used_last_90_days": { # 1 if run tasks has been used in 90 days, 0 otherwise
"key": "run_tasks_used_last_90_days",
"value": 0,
"mode": "write"
},
"run_triggers_used_last_90_days": { # 1 if run triggers has been used in 90 days, 0 otherwise
"key": "run_triggers_used_last_90_days",
"value": 0,
"mode": "write"
},
"sentinel_used_last_90_days": { # 1 if sentinel has run in 90 days, 0 otherwise
"key": "sentinel_used_last_90_days",
"value": 0,
"mode": "write"
},
"servicenow_catalog_billable_rum_count": { Count of all billable RUM on ServiceNow workspaces for this install
"key": "servicenow_catalog_billable_rum_count",
"value": 0,
"mode": "write"
},
"servicenow_catalog_run_count": { # Count of of Terraform runs initiated from ServiceNow for this install
"key": "servicenow_catalog_run_count",
"value": 0,
"mode": "write"
},
"servicenow_catalog_workspace_count": { # Count of workspaces provisioned using servicenow integration
"key": "servicenow_catalog_workspace_count",
"value": 0,
"mode": "write"
},
"teams_count": { # Count of “Teams” configured on the installation
"key": "teams_count",
"value": 1,
"mode": "write"
},
"user_count": { # Count of "Users" configured on the installation
"key": "user_count",
"value": 1,
"mode": "write"
},
"using_admin_api": { # 1 is Admin API was used, 0 otherwise
"key": "using_admin_api",
"value": 0,
"mode": "write"
},
"using_iam_auth_s3": { # 1 if IAM auth-s3 is configured for the TFE installation, 0 otherwise
"key": "using_iam_auth_s3",
"value": 0,
"mode": "write"
},
"varsets_count": { # Count of varsets configured on the installation
"key": "varsets_count",
"value": 0,
"mode": "write"
},
"workspace_count_azure_devops": { # Workspace count connected to Azure DevOps
"key": "workspace_count_azure_devops",
"value": 0,
"mode": "write"
},
"workspace_count_bitbucket": { # Workspace count connected to Bitbucket
"key": "workspace_count_bitbucket",
"value": 0,
"mode": "write"
},
"workspace_count_github": { # Workspace count connected to GitHub
"key": "workspace_count_github",
"value": 0,
"mode": "write"
},
"workspace_count_gitlab": { # Workspace count connected to Gitlab
"key": "workspace_count_gitlab",
"value": 0,
"mode": "write"
},
"workspacecount": { # Count of all workspaces on the installation
"key": "workspacecount",
"value": 1,
"mode": "write"
},
"workspaces_api_driven_runs": { # Workspaces using API-driven runs
"key": "workspaces_api_driven_runs",
"value": 0,
"mode": "write"
},
"workspaces_cli_driven_runs": { # Workspaces using CLI-driven runs
"key": "workspaces_cli_driven_runs",
"value": 0,
"mode": "write"
},
"workspaces_count_continuous_validation": { # No data collected
"key": "workspaces_count_continuous_validation",
"value": 0,
"mode": "write"
},
"workspaces_count_drift_detection": { # No data collected
"key": "workspaces_count_drift_detection",
"value": 0,
"mode": "write"
},
"workspaces_count_no_code_modules": { # No data collected
"key": "workspaces_count_no_code_modules",
"value": 0,
"mode": "write"
},
"workspaces_count_notifications_enabled": { # No data collected
"key": "workspaces_count_notifications_enabled",
"value": 0,
"mode": "write"
},
"workspaces_count_opa_policy_sets": { # No data collected
"key": "workspaces_count_opa_policy_sets",
"value": 0,
"mode": "write"
},
"workspaces_count_run_tasks": { # Count of workspaces with run tasks
"key": "workspaces_count_run_tasks",
"value": 0,
"mode": "write"
},
"workspaces_count_sentinel_policy_sets": { # No data collected
"key": "workspaces_count_sentinel_policy_sets",
"value": 0,
"mode": "write"
}
},
}
],
"metadata":{
}
}
}