WIP

Author: qahmed1998

managing_providers/_topics/automation_management_providers.md

@@ -365,3 +365,148 @@ To use the button to run an Ansible Tower job on a virtual machine:
 If you selected a service dialog to run when creating the button, {{ site.data.product.title_short }} will then prompt you to enter variables to complete the task. After entering your desired parameters, {{ site.data.product.title_short }} takes you to the **Requests** page.
 
 The service item’s details can be viewed in menu: **Services > My Services** in {{ site.data.product.title_short }}.
+
+## OpenTofu
+
+OpenTofu is an open source infrastructure as code tool, which can be used to build, change, and version infrastructure. OpenTofu allows you to define infrastructure resources in human-readable configuration files that you can use to version, reuse, and share.
+
+OpenTofu is built into {{ site.data.product.title_short }} so you do not need to install any additional components. The basic workflow to use OpenTofu in {{ site.data.product.title_short }} is as follows:
+
+1. Enable the Embedded Terraform server role.
+2. Add a source control repository that contains your templates.
+3. Add credentials for your cloud providers.
+4. Create a Service Catalog item with the desired Terraform template.
+
+Use the following sections to learn more about OpenTofu and how to use these described workflows within {{ site.data.product.title_short }}.
+
+### Enabling the Embedded Terraform Server Role
+
+In {{ site.data.product.title_short }}, the Embedded Terraform Role is disabled by default. Enable this server role to utilize Terraform Automation Inside.
+
+To enable the Embedded Terraform Server Role, use the following steps:
+
+1. Browse to the settings menu, and click **Configuration** > **Settings**.
+2. Select the desired server under **Zones**.
+3. Set the **Server Role** for **Embedded Terraform** to `On`.
+
+### Verifying the Embedded Terraform worker state
+
+Verify that the Embedded Terraform worker is started to utilize its features:
+
+1. Browse to the settings menu, then click **Configuration** > **Diagnostics** and click on the desired server.
+2. Click **Roles by Servers** tab.
+
+A table of all workers and their current status appears from which you can confirm the state of your Embedded Terraform worker.
+
+### Adding a Template Repository
+
+To enable {{ site.data.product.title_short }} to discover and utilize your Terraform templates, add a repository to store and manage your templates.
+
+1. Browse to menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Click **Configuration**, then ![Add New Repository](../images/1862.png) (**Add New Repository**).
+
+3. Provide a Repository Name in the **Name** field.
+
+4. Add a description for the repository in the **Description** field.
+
+5. Add a **URL** or IP Address for the repository.
+
+6. Select the appropriate **SCM Credentials** from the drop down menu.
+
+7. Provide a branch name in the **SCM Branch** field.
+
+8. Click **Save**.
+
+Once you have synced a repository, the Terraform templates become available to {{ site.data.product.title_short }}.
+
+### Refreshing Repositories
+
+{{ site.data.product.title_short }} allows you to refresh a targeted Terraform templates or all repositories in your inventory to ensure that your templates are up to date.
+
+Use the following steps to refresh a targeted repository:
+
+1. Browse to menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Click on a repository.
+
+3. Click **Configuration**, then ![Refresh this Repository](../images/2003.png) (**Refresh this Repository**).
+
+Alternately, you can refresh some or all of the repositories from the list view:
+
+1. Browse to menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Select the repositories that you want to refresh. Click **Check All** to select all repositories.
+
+3. Click **Configuration**, then ![Refresh Selected Terraform Templates Repositories](../images/2003.png) (**Refresh Selected Ansible Repositories**).
+
+{% include_relative _topics/opentofu_credentials.md %}
+
+### Executing a Terraform Template from a Service Catalog
+
+You can execute a Terraform Template from {{ site.data.product.title_short }} by creating a Service Catalog item from a Terraform template.
+
+Use the following sections listed in order to execute a Terraform Template from a Service Catalog:
+
+1. Create a catalog
+2. Create a Terraform Service Catalog item
+3. Execute the Terraform template
+
+#### Create a catalog
+
+Use the following steps to create a catalog:
+
+1. In the navigation bar click **Services** > **Catalogs and click Catalog Items**.
+
+2. Click **Configuration**, then click **Add a New Catalog**.
+
+3. Enter a **Name** and **Description** for the catalog.
+
+4. Click **Add**.
+
+#### Create a Terraform Service Catalog item
+
+Use the following steps to create a Terraform Service Catalog item:
+
+1. In the navigation bar click **Automation** > **Embedded Automate** > **Customization**, then click **Service Dialog**.
+
+2. Click **Configuration** > **Create Service Dialog**.
+
+3. Enter a **Service Dialog Name** and add the required fields for the Terraform template.
+
+4. Click **Save**.
+
+5. In the navigation nar click **Services** > **Catalogs** > **Catalog Items**.
+
+6. Click **Configuration** > **Add a New Catalog Item*  to create a new catalog item with the following details at minimum:
+
+   - For **Catalog Item type**, select **Terraform Template**.
+
+   - Enter a **Name** for the service catalog item.
+
+   - Select **Display** in **Catalog**.
+
+   - In Catalog, select the catalog that you created previously.
+
+   - In Provisioning, select the repository that you previously added and select the Terraform template that you want to deploy.
+
+   - In Provisioning, select the **Cloud Type** and then select the **credential** to connect to the cloud.
+
+   - In Provisioning, select the **Service Dialog** that you created previously. If you want enter additional information when running the task, **Service Dialog** must be selected. A dialog is required if **Display in Catalog** is chosen.
+
+6. Click **Save**. The catalog item you created appears in the *All Service Catalog Items* list.
+
+#### Execute the Terraform Template:
+
+Use the following steps to execute the Terraform Template.
+
+1. In the navigation bar click **Service** > **Catalogs** > **Service Catalogs** > **created catalog**.
+
+2. Click **Order** for the catalog item.
+
+3. Enter any variables requested and click **Submit**.
+
+{{ site.data.product.title_short }} takes you to the *Requests queue* page and displays the status of the job.
+
+The service item details can be viewed by navigating to **Services** > **My Services in Infrastructure Automation**.
+

managing_providers/_topics/opentofu_credentials.md

@@ -0,0 +1,115 @@
+### Credentials
+
+Use the following sections to learn more about credentials that are associated with {{ site.data.product.title_short }} and Embedded Terraform:
+
+#### Adding Credentials
+
+Credentials are used by {{ site.data.product.title_short }} for authentication when you connect to cloud providers for infrastructure deployment.
+
+1.  Browse to the menu and click **Automation > Embedded Terraform > Credentials**.
+
+2.  Click **Configuration**, then ![Add New Credential](../images/1862.png) (**Add New Credential**).
+
+3.  Provide a **Name** for the credential.
+
+4.  Select the **Credential Type**. Additional fields might appear depending on the credential type that you chose.
+
+5.  Click **Add**.
+
+#### Credential Types
+
+Each credential type that is used by {{ site.data.product.title_short }} for the Embedded Terraform is listed in the following sections:
+
+##### SCM
+
+SCM (source control) credentials are used with projects to clone and update the local source code repositories from a remote revision control system such as Git, Subversion, or Mercurial.
+
+Source Control credentials contain multiple attributes, which you need to configure:
+
+- **Username**: The username for source control system.
+
+- **Password**: The password for source control system.
+
+- **Private key passphrase**: If the SSH private key used is protected by a passphrase, you might need to configure a key passphrase for the private key.
+
+- **Private Key**: Copy or drag-and-drop the actual SSH private key, which is used to authenticate the user to the source control system by using SSH.
+
+##### Amazon
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Amazon Web Services.
+
+Amazon Web Services credentials contain multiple attributes, which you need to configure:
+
+- **Access Key**: User credentials that allow for programmatic calls to Amazon Web Services.
+
+- **Secret Key**: The secret key that corresponds to the user access key.
+
+- **STS Token**: Token generated by Amazon Web Services Security Token Service.
+
+##### Azure
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Microsoft Azure.
+
+Microsoft Azure credentials contain multiple attributes, which you need to configure:
+
+- **Username**: The username to connect to the Microsoft Azure account.
+
+- **Password**: The password to connect to the Microsoft Azure account.
+
+- **Subscription ID**: The Subscription UUID for the Microsoft Azure account.
+
+- **Tenant ID**: The Tenant ID for the Microsoft Azure account.
+
+- **Client Secret**: The Client Secret for the Microsoft Azure account.
+
+- **Client ID**: The Client ID for the Microsoft Azure account.
+
+##### Google Compute Engine
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Google Compute Engine.
+
+Google Compute Engine credentials contain multiple attributes, which you need to configure:
+
+- **Service Account Email Address**: The Service Account email address to connect to the Google Compute Engine.
+- **RSA Private Key**: Contents of the PEM file associated with the service account email.
+- **Project**: The Google Compute Engine assigned identification. This field is constructed as two words followed by a three-digit number, such as `squeamish-ossifrage-123`.
+- **Google Cloud Region**: The default region for the resources. If another region is specified on the resource, it takes precedence.
+
+##### IBM Cloud Classic Infrastructure
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and IBM Cloud Classic Infrastructure.
+
+IBM Cloud Classic Infrastructure credentials contain multiple attributes, which you need to configure:
+
+- **IBM Cloud Classic Infrastructure User Name**: The username for IBM Cloud Classic Infrastructure.
+- **IBM Cloud Classic Infrastructure API Key**: The API key for IBM Cloud Classic Infrastructure.
+
+##### OpenStack
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and OpenStack.
+
+OpenStack credentials contain multiple attributes, which you might need to configure:
+
+- **Username**: The username to connect to OpenStack.
+
+- **Password (API Key)**: The password or API key to connect to OpenStack.
+
+- **Host (Authentication URL)**: The host to be used for authentication.
+
+- **Project (Tenant Name)**: The Tenant name or Tenant ID to connect to OpenStack. This value is usually the same as the username.
+
+- **Domain name**: The Fully qualified domain name (FQDN) to connect to OpenStack.
+
+##### VMware
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and VMware vCenter.
+
+**Important:** If both {{ site.data.product.title_short }} and a VMware provider are located in the same IPv6-only network, then use a DNS-resolvable hostname for the VMware provider in the **vCenter Host** field when you add the credentials.
+
+VMware credentials contain multiple attributes, which you might need to configure:
+
+- **Username**: The username to connect to vCenter.
+
+- **Password**: The password to connect to vCenter.
+
+- **vCenter Host**: The vCenter hostname or IP address to connect to.