The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Hardik Benani
Kilo Sage
Kilo Sage

The Terraform ServiceNow Service Catalogue integration enables your end-users to provision self-serve infrastructure via ServiceNow. By connecting ServiceNow with Terraform Enterprise, this integration lets ServiceNow users create workspaces and perform Terraform runs, using prepared Terraform configurations hosted in VCS repositories.

Integrating ServiceNow with Terraform Enterprise involves several configuration steps. You will perform some of these steps in ServiceNow, and some of them in Terraform Cloud/Enterprise.

The ServiceNow Cloud Provisioning and Governance application (with the Terraform Connector from the ServiceNow Store) provides out of the box support for providers such as VMware, IBM, Azure, AWS clouds.  This article provides steps to extend the same interface to provision resources on OCI.

Pre-requisites: 

To successfully perform this integration, you must have the following:

  • An account on a Terraform Enterprise / Terraform cloud.
  • Sore Application: Cloud Provisioning and Governance: Terraform Connector
  • Store Application: Cloud Provisioning and Governance: Oracle Cloud (OCI) Add-On for Terraform Connector
  • Mid Server configuration with terraform and terraform enterprise capabilities.
  • A supported version control system (VCS) with read access to repositories with Terraform configuration, we will use github in this exercise. 
  • Cloud management recipes link for templates.
  • Verify the Cloud Access Interface app (version 1.0.0) is installed.
  • Verify the CMDB CI Class Models store app (version 1.23.0) is installed.
  • Verify the Discovery and Service Mapping Patterns store app (version 1.0.74) is installed.
  • Ensure your OCI credentials are configured to ensure proper access
         

Now we have all the necessary accounts created, let’s get started with the implementation and configuration.

Step 1: Create a VCS Provider

We will establish communication channel between GitHub and terraform

  • GitHub repository contains cloud provider templates
  • Terraform contains workspace wherein actually run and apply works

1. Go to terraform.io choose your organisation -> click on settings -> select VCS Provider -> click on Add VCS Provider button

find_real_file.png

2. Open “register a new OAuth Application” in new tab as pointed (5) in above screenshot. Copy application name, Homepage URL, Application description, Authorization callback URL as below to the new tab and click on Register application.

find_real_file.png

3. On terraform, copy Client ID and Client Secrete generated after registering an application in GitHub, and paste it on terraform provider. Click on connect and continue.

find_real_file.png

 

Step 2: Generate an API Token in terraform

Users can create any number of API tokens and can revoke existing tokens at any time. To manage API tokens, click on user settings -> Teams -> Team API Token, create a team token.

To create a new token, enter a comment to identify it and click on "Generate token".

find_real_file.png

A token is only displayed once, at the time of creation; if you lose it, you will need to revoke the old token and create a new one. Make sure your description includes enough information, so you know which token to revoke later. For now, copy that token in notepad.

To revoke a token, click the "🗑" (trash can) icon button next to the token's description. That token will no longer be able to authenticate as your user account.

For more details on tokens see API Tokens.

We have successfully created VCS provider, a connection between GitHub and Terraform.

 

Step 3: Generate Personal Access Token in GIT

Login to github, go to user Profile -> click on Settings -> select Developer Settings -> select Personal access tokens -> click on Generate new token button.

find_real_file.png

Provide Note, text explains the use of the token, set the token expiry (if needed), select scopes for this token to be granted and click on Generate token button. Copy the generated token in notepad for later use.

find_real_file.png

 

Step 4: Download and Install Terraform connector (optionally download Discovery with Service Mapping plugin for discovering provisioned resources) on your ServiceNow instance.

find_real_file.png

Step 5: Create VCS Credential to discover repositories

  • Go to Cloud Admin Portal
  • Navigate to Manage ↦ Credentials ↦ New ↦ API Key Credentials
  • Provide API Key – Generated in step 1.5
  • Format – Bearer<space><api_key>
  • Create alias of “Credentials” type alias in Connection & Credential Aliases table

find_real_file.png

Step 6: Create config provider

  1. Go to Cloud Admin Portal
  2. Manage -> Config Management -> New -> provide below details -> Save

find_real_file.png

Note: To support complex variables and terraform version > 0.12, please download the share utility and add the version as described below.

find_real_file.png

 

  • Select Created config provider and click on “Discover Now” (non-schedulable)
  • Once complete, click on “TFE VCS” ↦ Select VCS Provider created in earlier step an API key for GitHub (generated in step 3)
  • Completing above step, provide the created credentials in below format ↦ Save ↦ Click on “Find Branches and Repositories”
  • Format – Token<space><personal_access_token>

find_real_file.png

 

Step 7: Create OCI cloud account

ServiceNow Discovery uses the Oracle Cloud Infrastructure discovery pattern to provide real-time elasticity for enterprise applications by combining Oracle's autonomous services, integrated security, and serverless compute.

Before we create an account, gather below details from Oracle Cloud Account

  • user - the OCID of the user for whom the key pair is being added.
  • fingerprint - the fingerprint of the key that was just added.
  • tenancy - your tenancy's OCID.
  • region - the currently selected region in the Console.
  • key_file- the path to your downloaded private key file. You must update this value to the path on your file system where you saved the private key file(if terraform installed on local machine).

1. Login to your oracle cloud account, go to profile icon -> click on user setting -> click on API Keys -> Click on Add API Key

find_real_file.png

 

2. Download public and private key files, click on Add button, copy the configuration file details which includes, user, tenancy, region, fingerprint, key_file.

find_real_file.png

 

3. Both the private key and public key must be in PEM format (not SSH-RSA format). The public key in PEM format looks something like this:

find_real_file.png

4. Login to your ServiceNow instance, go to Cloud Admin Portal
Click on Manage -> Credentials -> New -> Select, Oracle API Credentials

find_real_file.png

Provide the details copied from the oracle cloud account configuration file

NOTE: Ensure the private key entered is RSA Key, use the converter RSA Keys Converter

find_real_file.png

 

Step 8: Create Cloud Service Account

A service account is a secure record on your instance that stores the credential and access information for your provider account. Read More

1. On the Cloud Admin Portal, navigate to Manage -> Service Accounts -> New -> Fill in the form to create a new account or select an existing one.

find_real_file.png

2. Account ID is the compartment ID copied from oracle cloud account, under Identity and security -> Compartment (copy the valid compartment ID for your organisation)

find_real_file.png

3. Discovery credentials - Select the OCI Credential created in step 2.
4. Datacenter URL – Enter a datacenter URL https://$service.<your_region>.oraclecloud.com.
5. Datacenter Type - Select the OCI Datacenter [cmdb_ci_oci_datacenter]

Step 9: Create Cloud Account

A cloud account is the logical representation in Cloud Provisioning and Governance of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts — even service accounts from different providers. For each service account, you specify which datacenters to include in the cloud account.

1. On the Cloud Admin Portal, navigate to Manage > Cloud Accounts -> New and configure a Cloud Account, select OCI provider and click Next

find_real_file.png

 

 

2. Select the Service Account create in earlier step and click on Discover Datacenters.

find_real_file.png

3. Once the list of datacenters is populated, select the datacenter where you need resources to be provisioned and click save.

find_real_file.png

 

 

Step 10: Create and Configure Sample OCI Terraform Cloud Catalog

Create a cloud catalog item for provisioning, based on a terraform template and publish the catalog item to provide a service.

For more details, please refer ServiceNow documentation: Create or update a catalog item based on a Terraform template

1. Go to Cloud Admin Portal Click Design -> Cloud Catalog Item -> New and provide below details -> Submit
Name – <name_of_the_catalog>

  • Short Description – <short_desc_for_the_catalog>
  • Source – Select Configuration Management Template
  • Provider Type – Select relevant Terraform Provider from the list.
  • Provider – Select config provider from the list (created in earlier section) and click submit.
  • Picture / Icon – Select picture and Icon that will be displayed for the cloud catalog item.

find_real_file.png

2. Open the newly created catalog record created above, click on new under “Cloud Template” related list.
3. Select the Configuration Installable from the list (this is the VCS repository attached to terraform / folder for terraform opensource) and click Submit.

find_real_file.png

4. Once submitted, open the newly created ‘Draft’ version from the catalog item related list, validate the template details and Template Version Parameters and Click Activate

NOTE: Template Version Parameters are automatically parsed input variables from terraform template, these are automatically created as variables on cloud catalog item exposed to end-users order the service.

find_real_file.png

 

5. Once Activated, click on the cloud catalog item and make it Active.

For more options to beautify cloud catalog item, refer Create a cloud catalog item | ServiceNow Docs

find_real_file.png

 

Step 11: Order cloud catalog item from Cloud User Portal

For more details on Cloud User Portal please refer Cloud User Portal | ServiceNow Docs

1. Open the Cloud user portal e.g. <instance_url>/cloud_portal.
2. Click on Launch a Stack.
3. Select the newly created catalog item, fill in the details and submit.
4. Track and Manage the Status using the Activities tab.

Next Steps: We will also work on article and steps for Terraform OpenSource. 

Additional References: 

ServiceNow and Oracle Cloud Infrastructure integration for Cloud Provisioning and Governance

Sample Template:

Terraform Oracle Cloud Infrastructure (OCI) - Core Compute Template - Share | ServiceNow Developers

Comments
Gautham4
Giga Contributor

Hi Hardik,

I am not able to view the OCI tile in the cloud account when I click new.

How can it be enabled on PDI

Hardik Benani
Kilo Sage
Kilo Sage

It's a store app, so unfortunately won't able to download on PDI.

Arno Reintjens
Tera Contributor

Hi @Hardik Benani,

When checking the pre-requisite Cloud Access Interface I got lost. How do you verify this?

Kind regards,

 

Arno

 

Version history
Last update:
‎05-19-2022 04:31 PM
Updated by: