The Now Platform® Washington DC release is live. Watch now!
on 05-19-2022 04:31 PM
The Terraform ServiceNow Service Catalogue integration enables your end-users to provision self-serve infrastructure via ServiceNow. By connecting ServiceNow with Terraform Enterprise, this integration lets ServiceNow users create workspaces and perform Terraform runs, using prepared Terraform configurations hosted in VCS repositories.
Integrating ServiceNow with Terraform Enterprise involves several configuration steps. You will perform some of these steps in ServiceNow, and some of them in Terraform Cloud/Enterprise.
The ServiceNow Cloud Provisioning and Governance application (with the Terraform Connector from the ServiceNow Store) provides out of the box support for providers such as VMware, IBM, Azure, AWS clouds. This article provides steps to extend the same interface to provision resources on OCI.
Pre-requisites:
To successfully perform this integration, you must have the following:
Now we have all the necessary accounts created, let’s get started with the implementation and configuration.
Step 1: Create a VCS Provider
We will establish communication channel between GitHub and terraform
1. Go to terraform.io choose your organisation -> click on settings -> select VCS Provider -> click on Add VCS Provider button
2. Open “register a new OAuth Application” in new tab as pointed (5) in above screenshot. Copy application name, Homepage URL, Application description, Authorization callback URL as below to the new tab and click on Register application.
3. On terraform, copy Client ID and Client Secrete generated after registering an application in GitHub, and paste it on terraform provider. Click on connect and continue.
Step 2: Generate an API Token in terraform
Users can create any number of API tokens and can revoke existing tokens at any time. To manage API tokens, click on user settings -> Teams -> Team API Token, create a team token.
To create a new token, enter a comment to identify it and click on "Generate token".
A token is only displayed once, at the time of creation; if you lose it, you will need to revoke the old token and create a new one. Make sure your description includes enough information, so you know which token to revoke later. For now, copy that token in notepad.
To revoke a token, click the "🗑" (trash can) icon button next to the token's description. That token will no longer be able to authenticate as your user account.
For more details on tokens see API Tokens.
We have successfully created VCS provider, a connection between GitHub and Terraform.
Step 3: Generate Personal Access Token in GIT
Login to github, go to user Profile -> click on Settings -> select Developer Settings -> select Personal access tokens -> click on Generate new token button.
Provide Note, text explains the use of the token, set the token expiry (if needed), select scopes for this token to be granted and click on Generate token button. Copy the generated token in notepad for later use.
Step 4: Download and Install Terraform connector (optionally download Discovery with Service Mapping plugin for discovering provisioned resources) on your ServiceNow instance.
Step 5: Create VCS Credential to discover repositories
Step 6: Create config provider
Note: To support complex variables and terraform version > 0.12, please download the share utility and add the version as described below.
Step 7: Create OCI cloud account
ServiceNow Discovery uses the Oracle Cloud Infrastructure discovery pattern to provide real-time elasticity for enterprise applications by combining Oracle's autonomous services, integrated security, and serverless compute.
Before we create an account, gather below details from Oracle Cloud Account
1. Login to your oracle cloud account, go to profile icon -> click on user setting -> click on API Keys -> Click on Add API Key
2. Download public and private key files, click on Add button, copy the configuration file details which includes, user, tenancy, region, fingerprint, key_file.
3. Both the private key and public key must be in PEM format (not SSH-RSA format). The public key in PEM format looks something like this:
4. Login to your ServiceNow instance, go to Cloud Admin Portal
Click on Manage -> Credentials -> New -> Select, Oracle API Credentials
Provide the details copied from the oracle cloud account configuration file
NOTE: Ensure the private key entered is RSA Key, use the converter RSA Keys Converter
Step 8: Create Cloud Service Account
A service account is a secure record on your instance that stores the credential and access information for your provider account. Read More
1. On the Cloud Admin Portal, navigate to Manage -> Service Accounts -> New -> Fill in the form to create a new account or select an existing one.
2. Account ID is the compartment ID copied from oracle cloud account, under Identity and security -> Compartment (copy the valid compartment ID for your organisation)
3. Discovery credentials - Select the OCI Credential created in step 2.
4. Datacenter URL – Enter a datacenter URL https://$service.<your_region>.oraclecloud.com.
5. Datacenter Type - Select the OCI Datacenter [cmdb_ci_oci_datacenter]
Step 9: Create Cloud Account
A cloud account is the logical representation in Cloud Provisioning and Governance of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts — even service accounts from different providers. For each service account, you specify which datacenters to include in the cloud account.
1. On the Cloud Admin Portal, navigate to Manage > Cloud Accounts -> New and configure a Cloud Account, select OCI provider and click Next
2. Select the Service Account create in earlier step and click on Discover Datacenters.
3. Once the list of datacenters is populated, select the datacenter where you need resources to be provisioned and click save.
Step 10: Create and Configure Sample OCI Terraform Cloud Catalog
Create a cloud catalog item for provisioning, based on a terraform template and publish the catalog item to provide a service.
For more details, please refer ServiceNow documentation: Create or update a catalog item based on a Terraform template
1. Go to Cloud Admin Portal Click Design -> Cloud Catalog Item -> New and provide below details -> Submit
Name – <name_of_the_catalog>
2. Open the newly created catalog record created above, click on new under “Cloud Template” related list.
3. Select the Configuration Installable from the list (this is the VCS repository attached to terraform / folder for terraform opensource) and click Submit.
4. Once submitted, open the newly created ‘Draft’ version from the catalog item related list, validate the template details and Template Version Parameters and Click Activate
NOTE: Template Version Parameters are automatically parsed input variables from terraform template, these are automatically created as variables on cloud catalog item exposed to end-users order the service.
5. Once Activated, click on the cloud catalog item and make it Active.
For more options to beautify cloud catalog item, refer Create a cloud catalog item | ServiceNow Docs
Step 11: Order cloud catalog item from Cloud User Portal
For more details on Cloud User Portal please refer Cloud User Portal | ServiceNow Docs
1. Open the Cloud user portal e.g. <instance_url>/cloud_portal.
2. Click on Launch a Stack.
3. Select the newly created catalog item, fill in the details and submit.
4. Track and Manage the Status using the Activities tab.
Next Steps: We will also work on article and steps for Terraform OpenSource.
Additional References:
ServiceNow and Oracle Cloud Infrastructure integration for Cloud Provisioning and Governance
Sample Template:
Terraform Oracle Cloud Infrastructure (OCI) - Core Compute Template - Share | ServiceNow Developers
Hi Hardik,
I am not able to view the OCI tile in the cloud account when I click new.
How can it be enabled on PDI
It's a store app, so unfortunately won't able to download on PDI.
Hi @Hardik Benani,
When checking the pre-requisite Cloud Access Interface I got lost. How do you verify this?
Kind regards,
Arno