Earlier this year, we announced our first Terraform connector supporting IBM Cloud Provisioning. Since then, we have made rapid strides to provide more cloud support (VMware, Azure), day-2 operations and also improving the extensibility.

This article is a write-up on what we have supported, and also serves to give an introduction to using ServiceNow Cloud Management for multi-cloud provisioning with Terraform open-source.

First, what do we support till now -

• Terraform connector now supports 3 clouds - IBM Cloud, VMware vCenter and Azure cloud. With this, you can order service offerings from the cloud services catalog, which get deployed using Terraform command line.
• Support for import of Terraform config templates NOTE: As of today, Terraform open-source version 0.11 is supported.

In addition, we support commonly for all clouds -

• Day-2 operations to run catalog actions on deployed instances
• Visibility into Cloud Resources and their associations via Cloud Discovery patterns
• Governance policies for enforcing rules of usage at all stages of cloud resource lifecycle

Where's the app?

The Terraform connector app version 1.0.6 is available here.

What's needed?

• Supported Releases - New York, Madrid Patch 4 onwards
• Plugins needed - Cloud Management plugin
• Terraform Provider - Linux (or Windows) machine with Terraform v0.11 command line tool installed and working

What does this mean?

With this now ServiceNow CMP is multi-cloud with support for open technologies like Terraform. We continue to have cloud-native templates support (ARM, CFT and GDM), but you can also now use your Terraform templates instead for the development, test and production environments that your users want. Ansible execution can be called for post-provisioning operations, and this will be supported for provisioning too in future.

How does this work?

This can be explained in 2 flows. First the catalog item designers workflow.

1. First as a cloud administrator (cloud catalog item designer) register the terraform provider with servicenow, and setup access credentials to the machine. The terraform provider is really just a regular linux/windows machine with terraform command line installed and configured to connect to target clouds. The provider machine will have working terraform modules (.tf files) already present in a particular folder, which should be specified at the time of the registration.
2. Next is the action of enumeration of terraform modules and copying these into ServiceNow CMDB for use as config templates.
3. Finally, a catalog item is generated by importing config templates and providing settings as desired - fields to display, CMDB lookups needed, etc.

Next is the cloud user flow - the aim here is to keep the user flow as similar to any other cloud deployment workflow.

Both flows are represented pictorially below. You will see that nothing is changing for the cloud users and developers really. They work with the catalog interfaces.

What can be achieved with this?

As a cloud admin in central IT cloud team, think about how you can meet and talk to your line of business and developer teams letting them know that with their terraform modules they currently use you can create catalog items quickly. This will mean that the developers can resort to using ServiceNow catalog for their infrastructure deployment needs, and be able to operate on the environment via the provided day-2 operations (start, stop, suspend, snapshot, etc - this list is extensible to add more operations).

In addition, you can build in governance policies to enforce rules of usage which means that the IT, CxO is kept happy knowing that the developers are working within a well-set framework of usage.

Here's a screenshot of a catalog item that does Terraform provisioning to VMware and in the end also calls Ansible for applying Tomcat server via playbook. It didn't take much time to do this - CMP has supported Ansible integration for ages now.

You can do the same with more clouds like Azure and IBM Cloud. Think about the possibilities this brings up, have a discussion with your line of business and developers about this.

Hope this is useful, please feel free to ask questions in the comments - I am glad to provide clarifications and/or more information.

Ram Devanathan

Principal Product Manager, ITOM