Day 2 operations with Terraform Open Source Connector

Alikutty A · ‎05-10-2022

I need to handle few Day 2 use cases like Adding disks to a VM, Resizing a VM, Snapshot of VM which are currently executed using Terraform Open Source scripts by a customer and we are looking to configure the same via CPG Terraform Connector. Is it possible to achieve this via CPG resource blocks out of box? I also do not see any CAPI setup for Terraform operations.

Any support is appreciated @Ram Devanathan

Ram Devanathan1 · ‎05-11-2022

hi, Terraform does not understand the concept of day-2 use-cases as it follows a declarative approach. whatever is 'applied' is really a current state - unlike additive approaches that we have with CAPI.

An approach that you can check out is to reuse existing workspaces with the modified terraform template brought in via IaC changes. you can see more details in this video.

all our existing day-2 operations will work with resources deployed through terraform however, there's an issue that the state file is out of sync once the action is complete. e.g. if a disk is added through CAPI resource operation, the disk is not present in the terraform state file unless a separate terraform import is called.

ideally a terraform apply operation needs to be provided but there's some complexity in this area, especially around response processing.

regards,

Ram

Alikutty A · ‎05-11-2022

Thanks for detail update @Ram Devanathan. I get this is not supported out of box and may require some good amount of customization depending on our day 2 use cases

My understanding is that after Day 1 resource provisioning with TF, the cloud specific API need to be used for Day 2 Ops and then TF state file need to be refreshed with another operation to add the additional disk information. Can you clarify on how the second part of state file refresh could be done via CPG?

I am aware of TF Apply spoke but does it work with the open source connector? Totally new with Terraform, so please bear with the questions

Ram Devanathan1 · ‎05-11-2022

Normal scenario is - terraform file is changed to add an additional disk, this will be put through plan and apply phases. and likely this is what will be done in the test/dev stage by a terraform developer/infrastructure coder for their own testing.

in the production however, with ServiceNow in the picture, the code change will be done in the module, the change will get picked up in the CPG terraform integration's next IaC discovery schedule run, and then change will go through CPG's IaC approval process. once this is approved, the change is added in the catalog item. the next time the catalog item is ordered, the same workspace should be chosen as before - then what happens is that the change is brought in the existing resources in the workspace.

please see the video for the details @Alikutty Abdulrazak

regards,

Ram

Alikutty A · ‎05-12-2022

@Ram Devanathan Thanks for sharing the video. I have watched it and understand this as a typical DevOps scenario for governing the IAC templates. We are not looking to modify the same catalog item every time for a Day 2 operations. We need both as separate catalog or an interface available to the users requesting for a VM (Day 1) and another for adding disk, resize etc (Day 2). The former approach helps for governance but customers are looking for a UI with better experience to manage these use cases.