Skip to content

How to enable debug logging when using the Rancher2 Terraform Provider

Article Number: 000020022

Environment

Rancher2 Terraform Provider

Situation

If you encounter an issue with the Rancher2 Terraform Provider, capturing the debug output can be essential for troubleshooting or providing context to Rancher Support. This article explains how to enable debug logging and specify a log file location for Terraform commands, such as terraform apply.

Resolution

You can control the verbosity and destination of logs using the TF_LOG and TF_LOG_PATH environment variables.

1. Set the log level with TF_LOG

The TF_LOG variable defines the verbosity of the output. Valid levels (from most to least verbose) are: TRACE, DEBUG, INFO, WARN, or ERROR. For most support cases, DEBUG or TRACE is preferred.

Run the appropriate command for your shell:

  • Bash: export TF_LOG="DEBUG"
  • PowerShell: $env:TF_LOG="DEBUG"

2. Redirect logs to a file with TF_LOG

The TF_LOG_PATH variable specifies the file where Terraform will write its logs. If this is not set, logs are sent to the terminal's standard output. When set, Terraform appends logs from every execution to the specified file.

Run the appropriate command for your shell:

  • Bash: export TF_LOG_PATH="tmp/terraform.log"
  • PowerShell: $env:TF_LOG_PATH="C:\tmp\terraform.log"

3. Persisting the Settings

To enable these settings permanently, add the export commands to your shell's profile:

  • Linux/macOS: Add to .bashrc, .bash_profile, or .zshrc.
  • Windows: Add to your PowerShell profile (found at the path stored in the $profile variable) or via the "Edit the system environment variables" utility in the Control Panel.

Important Notes:

  • Log File Growth: Since Terraform appends to the log file every time a command is run, the file can grow quite large. It is recommended to either configure log rotation or unset these variables once troubleshooting is complete.
  • Sensitive Data: Debug logs (especially at the TRACE level) may contain sensitive information. Ensure you review logs before sharing them if they contain secrets or credentials.