
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 11-11-2019 09:30 PM
Earlier this year, we announced our first Terraform connector supporting IBM Cloud Provisioning. Since then, we have made rapid strides to provide more cloud support (VMware, Azure), day-2 operations and also improving the extensibility.
This article is a write-up on what we have supported, and also serves to give an introduction to using ServiceNow Cloud Management for multi-cloud provisioning with Terraform open-source.
First, what do we support till now -
- Terraform connector now supports 3 clouds - IBM Cloud, VMware vCenter and Azure cloud. With this, you can order service offerings from the cloud services catalog, which get deployed using Terraform command line.
- Support for import of Terraform config templates NOTE: As of today, Terraform open-source version 0.11 is supported.
In addition, we support commonly for all clouds -
- Day-2 operations to run catalog actions on deployed instances
- Visibility into Cloud Resources and their associations via Cloud Discovery patterns
- Governance policies for enforcing rules of usage at all stages of cloud resource lifecycle
Where's the app?
The Terraform connector app version 1.0.6 is available here.
What's needed?
- Supported Releases - New York, Madrid Patch 4 onwards
- Plugins needed - Cloud Management plugin
- Terraform Provider - Linux (or Windows) machine with Terraform v0.11 command line tool installed and working
What does this mean?
With this now ServiceNow CMP is multi-cloud with support for open technologies like Terraform. We continue to have cloud-native templates support (ARM, CFT and GDM), but you can also now use your Terraform templates instead for the development, test and production environments that your users want. Ansible execution can be called for post-provisioning operations, and this will be supported for provisioning too in future.
How does this work?
This can be explained in 2 flows. First the catalog item designers workflow.
- First as a cloud administrator (cloud catalog item designer) register the terraform provider with servicenow, and setup access credentials to the machine. The terraform provider is really just a regular linux/windows machine with terraform command line installed and configured to connect to target clouds. The provider machine will have working terraform modules (.tf files) already present in a particular folder, which should be specified at the time of the registration.
- Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates.
- Finally, a catalog item is generated by importing config templates and providing settings as desired - fields to display, CMDB lookups needed, etc.
Next is the cloud user flow - the aim here is to keep the user flow as similar to any other cloud deployment workflow.
Both flows are represented pictorially below. You will see that nothing is changing for the cloud users and developers really. They work with the catalog interfaces.
What can be achieved with this?
As a cloud admin in central IT cloud team, think about how you can meet and talk to your line of business and developer teams letting them know that with their terraform modules they currently use you can create catalog items quickly. This will mean that the developers can resort to using ServiceNow catalog for their infrastructure deployment needs, and be able to operate on the environment via the provided day-2 operations (start, stop, suspend, snapshot, etc - this list is extensible to add more operations).
In addition, you can build in governance policies to enforce rules of usage which means that the IT, CxO is kept happy knowing that the developers are working within a well-set framework of usage.
Here's a screenshot of a catalog item that does Terraform provisioning to VMware and in the end also calls Ansible for applying Tomcat server via playbook. It didn't take much time to do this - CMP has supported Ansible integration for ages now.
You can do the same with more clouds like Azure and IBM Cloud. Think about the possibilities this brings up, have a discussion with your line of business and developers about this.
Hope this is useful, please feel free to ask questions in the comments - I am glad to provide clarifications and/or more information.
Ram Devanathan
Principal Product Manager, ITOM
- 2,158 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you. This is helpful. I have a few questions. Let me explain my scenario please.
I have Terraform Environment (open source and not Enterprise) running on a server and I want to use that to provision resources on Cloud. I am able to run the Terraform manually on this server and provision resources. Now I need to invoke this Terraform from ServiceNow.
You mention this step above:
- Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates
Can you please give me more details on how to set this up ?
Now I am trying to create a Cloud Catalog item and once I pick "Terraform Environment" How do I setup providers. I am not seeing an option where I can give path to where my Terraform server is installed like https://website.com. Please help. Thanks

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
This is covered in the documentation - please take a look.
This is a list of hits of terraform for new york documentation. you can switch to Orlando in the search if you are on orlando
https://docs.servicenow.com/search?q=terraform&facetreset=yes&labels=3
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks. This has been very helpful. I installed Terraform Enterprise and not Cloud on EC 2 and I am able to run terraform plan etc to provision resources on IBM Cloud. Now the next step was to bring it in ServiceNow, so I created a config provider record. But when I try to discover now the discovery fails
Details of Config provider
SSH Credentials are working fine. Here is the test
I have ensured that home directory contains .tf files, too. Please help where can I get reasons of why discovery is failing.
ECC Queue only gives this, too:
<?xml version="1.0" encoding="UTF-8"?><results probe_time="1234" result_code="0"><result><output/></result><parameters><parameter name="agent" value="mid.server.My Mid Server"/><parameter name="used_by_runbook" value="true"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="error_detail"
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Vivek,
Base directory needs full path of directory. For example, Let's consider in vm( where terraform installed) have following directory structure for template files:
- Base Directory will be - /home/dev/terraformtemplates
- Config installable after discovery:vm/storagevolume/network
Give full path of base directory and try discovery.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you everyone for your help on this one. I was able to configure the directory correctly and make it work. Learning for me was if /home/user/sample.tf was the directory. I needed to only give /home and the rest was automatically detected by SNOW.
Giving screenshots with the hope that it helps someone else stuck in a similar situation.
Had fun learning about it. Thanks again. Now off to creating Cloud Catalog items with it.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi All
I have one more question, please. I was able to discover terraform templates hosted on Unix server in EC 2 (Terraform is installed there). I have only one template to start with for provisioning VMs on IBM Cloud.
That template is called - sample.tf, and it has the following info:
resource "ibm_compute_vm_instance" "vm1" {
hostname = "vm1"
domain = "example.com"
os_reference_code = "DEBIAN_8_64"
datacenter = "dal09"
network_speed = 10
hourly_billing = true
private_network_only = false
cores = 1
memory = 1024
disks = [25]
local_disk = false
}
There is another .tf file called provider that has the following info:
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
generation = 1
region = var.region
iaas_classic_username = var.iaas_classic_username
iaas_classic_api_key = var.iaas_classic_api_key
}
Now there is a third file called terraform.tfvars, and it has api key info that terraform needs to connect to IBM Cloud:
ibmcloud_api_key = "XXXXXXXXXXX"
iaas_classic_username = "XXXXXXXXXXX"
iaas_classic_api_key = "XXXXXXXXXXX"
region = "us-south"
Now discovering these tf files only brings provider.tf and sample.tf. It does not bring in terraform.tfvars:
So subsequently, my Cloud template does not have any info on IBM credentials:
I tried ordering the VM through the catalog item. It gives error Failed to execute API, possibly due to lack of credentials
I tried renaming terraform.tfvars file as terraform.tf and it still does not get imported, if anyone has faced a similar problem please help. Where do I need to configure IBM Cloud credentials. I searched community and could not find any answer. Please help!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello All,
I'm getting the below error message after running the Catalog in the user portal. I'm trying to integrate Terraform open source with Service Now. Terraform is installed on a Linux server while I have setup a MID server on another Windows server in the same VPC.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
seems your config mgmt provider configuration is not right. you can check there.
are you able to 'discover now'? what version of the Terraform connector are you using, and what version of Terraform CLI are you running? only 0.11 an 0.12 are supported fyi.
Ram
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello Ram,
Thanks for the reply!!
Im able to discover and the tf files are appearing after the Discover Now from the specified path.
Also the version of the Terraform Connector installed is 1.0.11 and that of Terraform is 0.12.24

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
ok so those look good. you are in supported versions.
are you in a domain separated setup? if so please check if the config mgmt provider record is accessible to your user login. it would be if the provider is global.
if not domain separated, check if there's ACLs preventing access to the record.
what's your request details looking like - can you share that? please black out any sensitive info...
Ram
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I have a Terraform server on linux and MID Server on a Windows server in the same network. Will this setup work? I was trying to setup the MIDServer in the same linux where terraform is installed but was facing issues hence i installed it on a Windows server

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
is your record updated to reflect the terraform box is windows?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
If its able to discovery and get the tf files do we need to join linux to windows AD still?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Also i wanted to deploy the infra into AWS cloud and I read that Terraform Connector only supports IBM Cloud, VMware vSphere and Azure only

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
yes only these clouds are supported. aws is planned for Feb 2021 store release along with some other features.
don't understand your question about Windows AD.
Ram
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
So i wont be able to deploy infra to the AWS cloud?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
yes it is officially not supported.
you can achieve this however, if you follow the manual steps in these blog articles we have written.
if you are using Terraform command line (Open-source) https://community.servicenow.com/community?id=community_article&sys_id=e3995a1ddb81dc501cd8a345ca961910
if you are using Terraform Enterprise or Terraform Cloud https://community.servicenow.com/community?id=community_article&sys_id=0ba54196dbd21890b1b102d5ca961982
Ram
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Yes I had followed the steps mentioned in the below link earlier before posting the error message
https://community.servicenow.com/community?id=community_article&sys_id=e3995a1ddb81dc501cd8a345ca961910
But it still fails, I tried it again now but it fails with the same error message
Failed to execute API - Please provide a valid IP for Terraform Config Provider.Please input value for credential field(s) -UserName, Password/PrivateKey. (script_include:TerraformExecutor; line 54)
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I have ordered the catalog again this time no errors but its processing for more than 30 minutes. Its just a vm that I'm trying to create with the terraform script.
How long does it take to deploy the resources.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
best to go via support case route, to identify the issue.