Integrating NOW with Terraform

I was able to do some more work with Terraform.IO and I worked on exploring the options to use it along with ServiceNow for cloud orchestration. This could be the continuation of the previous blog post here.

For those of you who do not know ServiceNow (a.k.a. NOW) - it is an Enterprise Service Management platform which is mainly used to streamline multitude of processes and realise maximum benefits from the investment done on the IT infrastructure. “Service Catalog” is one of the most used module on the platform where users create various requests for their needs. We are mostly concerned about Service Catalog and it’s workflow since users can use the same to request provisioning of various cloud resources on various IAAS platform.

I was able to identify 2 ways of integrating Terraform.IO with NOW platform and they are dependent on the fact whether the NOW customer is using ITOM or not. It is possible to integrate Terraform from NOW in both the cases.

Installation of Terraform:

  1. Terraform application needs to be hosted on a machine and depending on the current state and topology of client’s infrastructure, they may choose to keep it public or private - behind the firewalls. Capabilities of Terraform are available as single binary. In case of Linux distros - you need to download the binary and unzip it in usr/local/bin folder and make sure this path is available in the $PATH. Windows users - please follow the documentation as I am not covering it here.
  2. A web application then needs to be created to be hosted on a reverse proxy preferably using nginx on a specific port of the host and which can execute terraform commands. The application should expose some APIs through which communication is possible for the external world. NOW platform would consume these APIs to send request data to this host which would then invoke appropriate terraform commands and scripts to do the provisioning.
  3. Additionally, depending on the cloud platform which need to be configured as providers - we need to run terraform init command so that appropriate packages are downloaded and installed before we can use them. I am not an expert yet, but I am guessing there could be more such activities especially when you have to extend Terraform’s capability.

Configuration of NOW:

  1. Since we need to send the request data to Terraform host, we need to do some ground work to encapsulate it in a proper format which is expected by the host. It depends on the kind of development that has been done on the Terraform host application.
  2. If ITOM plugin is enabled in the instance, then we can directly pass the terraform commands as they are using custom SSH workflow activity. The host application then simply executes the command directly in the shell of the host for provisioning of cloud resources using Terraform binary.
  3. If ITOM plugin is not enabled, then we can configure REST/SOAP messages using OOB ServiceNow functionality to send the data in request body to the APIs exposed by host application. The host application then needs to be intelligent enough to interpret this data and build a sensible terraform command for execution.

Testing

Once you configure these things, it would be very easy to test the integration by executing simple command to check Terraform’s version installed on the host by executing below command.

Input

terraform --version

Output

Terraform v0.11.13
+ provider.aws v2.4.0
+ provider.azurerm v1.22.0
+ provider.digitalocean v1.1.0

As you can see, it gives information of the Terraform version itself and all the provider packages which are currently installed as part of terraform init.

The intention of this blog post is to present the integration possibilities between ServiceNow and Terraform so that open source orchestrator capabilities can be utilized.

Hope this helps.