Earlier this year, we announced our first Terraform connector supporting IBM Cloud Provisioning. Since then, we have made rapid strides to provide more cloud support (VMware, Azure), day-2 operations and also improving the extensibility.
This article is a write-up on what we have supported, and also serves to give an introduction to using ServiceNow Cloud Management for multi-cloud provisioning with Terraform open-source.
First, what do we support till now -
- Terraform connector now supports 3 clouds - IBM Cloud, VMware vCenter and Azure cloud. With this, you can order service offerings from the cloud services catalog, which get deployed using Terraform command line.
- Support for import of Terraform config templates NOTE: As of today, Terraform open-source version 0.11 is supported.
In addition, we support commonly for all clouds -
- Day-2 operations to run catalog actions on deployed instances
- Visibility into Cloud Resources and their associations via Cloud Discovery patterns
- Governance policies for enforcing rules of usage at all stages of cloud resource lifecycle
Where's the app?
The Terraform connector app version 1.0.6 is available here.
What's needed?
- Supported Releases - New York, Madrid Patch 4 onwards
- Plugins needed - Cloud Management plugin
- Terraform Provider - Linux (or Windows) machine with Terraform v0.11 command line tool installed and working
What does this mean?
With this now ServiceNow CMP is multi-cloud with support for open technologies like Terraform. We continue to have cloud-native templates support (ARM, CFT and GDM), but you can also now use your Terraform templates instead for the development, test and production environments that your users want. Ansible execution can be called for post-provisioning operations, and this will be supported for provisioning too in future.
How does this work?
This can be explained in 2 flows. First the catalog item designers workflow.
- First as a cloud administrator (cloud catalog item designer) register the terraform provider with servicenow, and setup access credentials to the machine. The terraform provider is really just a regular linux/windows machine with terraform command line installed and configured to connect to target clouds. The provider machine will have working terraform modules (.tf files) already present in a particular folder, which should be specified at the time of the registration.
- Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates.
- Finally, a catalog item is generated by importing config templates and providing settings as desired - fields to display, CMDB lookups needed, etc.
Next is the cloud user flow - the aim here is to keep the user flow as similar to any other cloud deployment workflow.
Both flows are represented pictorially below. You will see that nothing is changing for the cloud users and developers really. They work with the catalog interfaces.
What can be achieved with this?
As a cloud admin in central IT cloud team, think about how you can meet and talk to your line of business and developer teams letting them know that with their terraform modules they currently use you can create catalog items quickly. This will mean that the developers can resort to using ServiceNow catalog for their infrastructure deployment needs, and be able to operate on the environment via the provided day-2 operations (start, stop, suspend, snapshot, etc - this list is extensible to add more operations).
In addition, you can build in governance policies to enforce rules of usage which means that the IT, CxO is kept happy knowing that the developers are working within a well-set framework of usage.
Here's a screenshot of a catalog item that does Terraform provisioning to VMware and in the end also calls Ansible for applying Tomcat server via playbook. It didn't take much time to do this - CMP has supported Ansible integration for ages now.
You can do the same with more clouds like Azure and IBM Cloud. Think about the possibilities this brings up, have a discussion with your line of business and developers about this.
Hope this is useful, please feel free to ask questions in the comments - I am glad to provide clarifications and/or more information.
Ram Devanathan
Principal Product Manager, ITOM
Thank you. This is helpful. I have a few questions. Let me explain my scenario please.
I have Terraform Environment (open source and not Enterprise) running on a server and I want to use that to provision resources on Cloud. I am able to run the Terraform manually on this server and provision resources. Now I need to invoke this Terraform from ServiceNow.
You mention this step above:
- Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates
Can you please give me more details on how to set this up ?
Now I am trying to create a Cloud Catalog item and once I pick "Terraform Environment" How do I setup providers. I am not seeing an option where I can give path to where my Terraform server is installed like https://website.com. Please help. Thanks
Thanks. This has been very helpful. I installed Terraform Enterprise and not Cloud on EC 2 and I am able to run terraform plan etc to provision resources on IBM Cloud. Now the next step was to bring it in ServiceNow, so I created a config provider record. But when I try to discover now the discovery fails
Details of Config provider
SSH Credentials are working fine. Here is the test
I have ensured that home directory contains .tf files, too. Please help where can I get reasons of why discovery is failing.
ECC Queue only gives this, too:
<?xml version="1.0" encoding="UTF-8"?><results probe_time="1234" result_code="0"><result><output/></result><parameters><parameter name="agent" value="mid.server.My Mid Server"/><parameter name="used_by_runbook" value="true"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="error_detail"
Hi Vivek,
Base directory needs full path of directory. For example, Let's consider in vm( where terraform installed) have following directory structure for template files:
- Base Directory will be - /home/dev/terraformtemplates
- Config installable after discovery:vm/storagevolume/network
Give full path of base directory and try discovery.
Thank you everyone for your help on this one. I was able to configure the directory correctly and make it work. Learning for me was if /home/user/sample.tf was the directory. I needed to only give /home and the rest was automatically detected by SNOW.
Giving screenshots with the hope that it helps someone else stuck in a similar situation.
Had fun learning about it. Thanks again. Now off to creating Cloud Catalog items with it.
Hi All
I have one more question, please. I was able to discover terraform templates hosted on Unix server in EC 2 (Terraform is installed there). I have only one template to start with for provisioning VMs on IBM Cloud.
That template is called - sample.tf, and it has the following info:
resource "ibm_compute_vm_instance" "vm1" {
hostname = "vm1"
domain = "example.com"
os_reference_code = "DEBIAN_8_64"
datacenter = "dal09"
network_speed = 10
hourly_billing = true
private_network_only = false
cores = 1
memory = 1024
disks = [25]
local_disk = false
}
There is another .tf file called provider that has the following info:
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
generation = 1
region = var.region
iaas_classic_username = var.iaas_classic_username
iaas_classic_api_key = var.iaas_classic_api_key
}
Now there is a third file called terraform.tfvars, and it has api key info that terraform needs to connect to IBM Cloud:
ibmcloud_api_key = "XXXXXXXXXXX"
iaas_classic_username = "XXXXXXXXXXX"
iaas_classic_api_key = "XXXXXXXXXXX"
region = "us-south"
Now discovering these tf files only brings provider.tf and sample.tf. It does not bring in terraform.tfvars:
So subsequently, my Cloud template does not have any info on IBM credentials:
I tried ordering the VM through the catalog item. It gives error Failed to execute API, possibly due to lack of credentials
I tried renaming terraform.tfvars file as terraform.tf and it still does not get imported, if anyone has faced a similar problem please help. Where do I need to configure IBM Cloud credentials. I searched community and could not find any answer. Please help!
Hello All,
I'm getting the below error message after running the Catalog in the user portal. I'm trying to integrate Terraform open source with Service Now. Terraform is installed on a Linux server while I have setup a MID server on another Windows server in the same VPC.
