Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

Earlier this year, we announced our first Terraform connector supporting IBM Cloud Provisioning. Since then, we have made rapid strides to provide more cloud support (VMware, Azure), day-2 operations and also improving the extensibility.

This article is a write-up on what we have supported, and also serves to give an introduction to using ServiceNow Cloud Management for multi-cloud provisioning with Terraform open-source.

First, what do we support till now -

  • Terraform connector now supports 3 clouds - IBM Cloud, VMware vCenter and Azure cloud. With this, you can order service offerings from the cloud services catalog, which get deployed using Terraform command line.
  • Support for import of Terraform config templates NOTE: As of today, Terraform open-source version 0.11 is supported.

In addition, we support commonly for all clouds -

  • Day-2 operations to run catalog actions on deployed instances
  • Visibility into Cloud Resources and their associations via Cloud Discovery patterns
  • Governance policies for enforcing rules of usage at all stages of cloud resource lifecycle

Where's the app?

The Terraform connector app version 1.0.6 is available here.

What's needed?

  • Supported Releases - New York, Madrid Patch 4 onwards
  • Plugins needed - Cloud Management plugin
  • Terraform Provider - Linux (or Windows) machine with Terraform v0.11 command line tool installed and working

What does this mean?

With this now ServiceNow CMP is multi-cloud with support for open technologies like Terraform. We continue to have cloud-native templates support (ARM, CFT and GDM), but you can also now use your Terraform templates instead for the development, test and production environments that your users want. Ansible execution can be called for post-provisioning operations, and this will be supported for provisioning too in future.

 

How does this work?

This can be explained in 2 flows. First the catalog item designers workflow.

  1. First as a cloud administrator (cloud catalog item designer) register the terraform provider with servicenow, and setup access credentials to the machine. The terraform provider is really just a regular linux/windows machine with terraform command line installed and configured to connect to target clouds. The provider machine will have working terraform modules (.tf files) already present in a particular folder, which should be specified at the time of the registration.
  2. Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates.
  3. Finally, a catalog item is generated by importing config templates and providing settings as desired - fields to display, CMDB lookups needed, etc.

Next is the cloud user flow - the aim here is to keep the user flow as similar to any other cloud deployment workflow.

Both flows are represented pictorially below. You will see that nothing is changing for the cloud users and developers really. They work with the catalog interfaces.

 

What can be achieved with this?

As a cloud admin in central IT cloud team, think about how you can meet and talk to your line of business and developer teams letting them know that with their terraform modules they currently use you can create catalog items quickly. This will mean that the developers can resort to using ServiceNow catalog for their infrastructure deployment needs, and be able to operate on the environment via the provided day-2 operations (start, stop, suspend, snapshot, etc - this list is extensible to add more operations).

In addition, you can build in governance policies to enforce rules of usage which means that the IT, CxO is kept happy knowing that the developers are working within a well-set framework of usage.

Here's a screenshot of a catalog item that does Terraform provisioning to VMware and in the end also calls Ansible for applying Tomcat server via playbook. It didn't take much time to do this - CMP has supported Ansible integration for ages now.

 

You can do the same with more clouds like Azure and IBM Cloud. Think about the possibilities this brings up, have a discussion with your line of business and developers about this.

Hope this is useful, please feel free to ask questions in the comments - I am glad to provide clarifications and/or more information.

 

Ram Devanathan

Principal Product Manager, ITOM

Comments
Vivektietsood
Tera Guru
Tera Guru

Thank you. This is helpful. I have a few questions. Let me explain my scenario please. 

I have Terraform Environment (open source and not Enterprise) running on a server and I want to use that to provision resources on Cloud. I am able to run the Terraform manually on this server and provision resources. Now I need to invoke this Terraform from ServiceNow.

You mention this step above:

 

- Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates

 

Can you please give me more details on how to set this up ?

 

Now I am trying to create a Cloud Catalog item and once I pick "Terraform Environment" How do I setup providers. I am not seeing an option where I can give path to where my Terraform server is installed like https://website.com. Please help. Thanksfind_real_file.png

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

This is covered in the documentation - please take a look.

This is a list of hits of terraform for new york documentation. you can switch to Orlando in the search if you are on orlando

https://docs.servicenow.com/search?q=terraform&facetreset=yes&labels=3

 

 

Vivektietsood
Tera Guru
Tera Guru

Thanks. This has been very helpful. I installed Terraform Enterprise and not Cloud on EC 2 and I am able to run terraform plan etc to provision resources on IBM Cloud. Now the next step was to bring it in ServiceNow, so I created a config provider record. But when I try to discover now the discovery fails

 

find_real_file.png

Details of Config provider

 

find_real_file.png

find_real_file.png

SSH Credentials are working fine. Here is the test

 

find_real_file.png

 

 

I have ensured that home directory contains .tf files, too. Please help where can I get reasons of why discovery is failing.

 

ECC Queue only gives this, too:

 

<?xml version="1.0" encoding="UTF-8"?><results probe_time="1234" result_code="0"><result><output/></result><parameters><parameter name="agent" value="mid.server.My Mid Server"/><parameter name="used_by_runbook" value="true"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="error_detail"

aniket_singh
ServiceNow Employee
ServiceNow Employee

Hi Vivek,

    Base directory needs full path of directory. For example, Let's consider in vm( where terraform installed) have following directory structure for template files:

find_real_file.png

  • Base Directory will be - /home/dev/terraformtemplates
  • Config installable after discovery:vm/storagevolume/network

Give full path of base directory and try discovery.

Vivektietsood
Tera Guru
Tera Guru

Thank you everyone for your help on this one. I was able to configure the directory correctly and make it work. Learning for me was if /home/user/sample.tf was the directory. I needed to only give /home and the rest was automatically detected by SNOW.

Giving screenshots with the hope that it helps someone else stuck in a similar situation.

 

Had fun learning about it. Thanks again. Now off to creating Cloud Catalog items with it.

 

find_real_file.png

 

 

 

 

 

find_real_file.png

Vivektietsood
Tera Guru
Tera Guru

Hi All

I have one more question, please. I was able to discover terraform templates hosted on Unix server in EC 2 (Terraform is installed there). I have only one template to start with for provisioning VMs on IBM Cloud. 

That template is called - sample.tf, and it has the following info:

 

resource "ibm_compute_vm_instance" "vm1" {

hostname = "vm1"

domain = "example.com"

os_reference_code = "DEBIAN_8_64"

datacenter = "dal09"

network_speed = 10

hourly_billing = true

private_network_only = false

cores = 1

memory = 1024

disks = [25]

local_disk = false

}

There is another .tf file called provider that has the following info:

provider "ibm" {

ibmcloud_api_key = var.ibmcloud_api_key

generation = 1

region = var.region

iaas_classic_username = var.iaas_classic_username

iaas_classic_api_key  = var.iaas_classic_api_key

}

 

Now there is a third file called terraform.tfvars, and it has api key info that terraform needs to connect to IBM Cloud:

 

ibmcloud_api_key = "XXXXXXXXXXX"

iaas_classic_username = "XXXXXXXXXXX"

iaas_classic_api_key = "XXXXXXXXXXX"

region = "us-south"

 

Now discovering these tf files only brings provider.tf and sample.tf. It does not bring in terraform.tfvars:

 find_real_file.png

 

So subsequently, my Cloud template does not have any info on IBM credentials:find_real_file.png

 

I tried ordering the VM through the catalog item. It gives error Failed to execute API, possibly due to lack of credentials find_real_file.png

 

I tried renaming terraform.tfvars file as terraform.tf and it still does not get imported, if anyone has faced a similar problem please help. Where do I need to configure IBM Cloud credentials. I searched community and could not find any answer. Please help!

Chaytali
Kilo Explorer

Hello All,

I'm getting the below error message after running the Catalog in the user portal. I'm trying to integrate Terraform open source with Service Now. Terraform is installed on a Linux server while I have setup a MID server on another Windows server in the same VPC.

find_real_file.png

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

seems your config mgmt provider configuration is not right. you can check there.

are you able to 'discover now'? what version of the Terraform connector are you using, and what version of Terraform CLI are you running? only 0.11 an 0.12 are supported fyi.

Ram

Chaytali
Kilo Explorer

Hello Ram,

Thanks for the reply!!
Im able to discover and the tf files are appearing after the Discover Now from the specified path.
Also the version of the Terraform Connector installed is 1.0.11 and that of Terraform is 0.12.24

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

ok so those look good. you are in supported versions.

are you in a domain separated setup? if so please check if the config mgmt provider record is accessible to your user login. it would be if the provider is global.

if not domain separated, check if there's ACLs preventing access to the record.

what's your request details looking like - can you share that? please black out any sensitive info...

Ram

 

Chaytali
Kilo Explorer

I have a Terraform server on linux and MID Server on a Windows server in the same network. Will this setup work? I was trying to setup the MIDServer in the same linux where terraform is installed but was facing issues hence i installed it on a Windows server

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

is your record updated to reflect the terraform box is windows?

Chaytali
Kilo Explorer

If its able to discovery and get the tf files do we need to join linux to windows AD still?

Chaytali
Kilo Explorer

Also i wanted to deploy the infra into AWS cloud and I read that Terraform Connector only supports IBM Cloud, VMware vSphere and Azure only

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

yes only these clouds are supported. aws is planned for Feb 2021 store release along with some other features.

don't understand your question about Windows AD.

Ram

Chaytali
Kilo Explorer

So i wont be able to deploy infra to the AWS cloud? 

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

yes it is officially not supported.

you can achieve this however, if you follow the manual steps in these blog articles we have written.

if you are using Terraform command line (Open-source) https://community.servicenow.com/community?id=community_article&sys_id=e3995a1ddb81dc501cd8a345ca961910


if you are using Terraform Enterprise or Terraform Cloud https://community.servicenow.com/community?id=community_article&sys_id=0ba54196dbd21890b1b102d5ca961982

Ram

Chaytali
Kilo Explorer

Yes I had followed the steps mentioned in the below link earlier before posting the error message

https://community.servicenow.com/community?id=community_article&sys_id=e3995a1ddb81dc501cd8a345ca961910

But it still fails, I tried it again now but it fails with the same error message

Failed to execute API - Please provide a valid IP for Terraform Config Provider.Please input value for credential field(s) -UserName, Password/PrivateKey. (script_include:TerraformExecutor; line 54)

Chaytali
Kilo Explorer

I have ordered the catalog again this time no errors but its processing for more than 30 minutes. Its just a vm that I'm trying to create with the terraform script.
How long does it take to deploy the resources.

RISHAV SANSON
Tera Contributor

Hi @Ram Devanathan - I was provisioning the VM to AWS using Terraform opensource ( Terraform Environment ,Linux) and also followed the link : https://community.servicenow.com/community?id=community_article&sys_id=e3995a1ddb81dc501cd8a345ca961910 which you have mentioned but at the time of provisioning, I am not getting anything as It's still in the processing state whenever I am launching the Stack. Please find the below status of the stack :

#[Catalog_Item_name ]Catalog_item_name.Provision.AWS Datacenter.Configuration Orchestration Interface.ExecuteCommand - Processing.
 
Could you please suggest something to fix this issue ? Thanks
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

best to go via support case route, to identify the issue.

Version history
Last update:
‎11-11-2019 09:30 PM
Updated by: