Merge pull request #1793 from qahmed1998/QA-opentofu-provider

Fryguy · web-flow · commit 961dfea2cf65 · 2024-06-26T13:18:01.000-04:00
QA opentofu provider
diff --git a/managing_providers/_topics/automation_management_providers.md b/managing_providers/_topics/automation_management_providers.md
@@ -365,3 +365,174 @@ To use the button to run an Ansible Tower job on a virtual machine:
 If you selected a service dialog to run when creating the button, {{ site.data.product.title_short }} will then prompt you to enter variables to complete the task. After entering your desired parameters, {{ site.data.product.title_short }} takes you to the **Requests** page.
 
 The service item’s details can be viewed in menu: **Services > My Services** in {{ site.data.product.title_short }}.
+
+## Embedded Terraform (OpenTofu)
+
+OpenTofu is an open source infrastructure as code tool, which can be used to build, change, and version the infrastructure. You can use OpenTofu to define infrastructure resources in human-readable configuration files that you can use to version, reuse, and share.
+
+OpenTofu is built into {{ site.data.product.title_short }} so you do not need to install any additional components.
+
+If you want to use the Embedded Terraform feature in {{ site.data.product.title_short }} that is deployed as a virtual machine appliance, then you need to manually import the Terraform image on an appliance:
+
+## Importing OpenTofu image on an appliance
+
+**Note**: Follow this section if you have {{ site.data.product.title_short }} that is deployed as a virtual appliance. These steps are not applicable to a containerized deployment (podified) of {{ site.data.product.title_short }}.
+
+Use the following command to import the OpenTofu image on your appliance server.
+
+``` bash
+runuser --login manageiq --command 'podman --root=/var/www/miq/vmdb/data/containers/storage image load --input /tmp/<OpenTofu_image>'
+```
+
+Where `OpenTofu_image` is the name of your OpenTofu image.
+
+You also need to set the docker image name in advanced settings before enabling the server role. Navigate to the **Settings** > **Application Settings** in {{ site.data.product.title_short }} UI and set the value for `workers/worker_base/opentofu_worker/container_image` field.
+
+An example value of this field is `container_image: docker.io/manageiq/opentofu-runner:latest`.
+
+## Usage of Embedded Terraform (OpenTofu)
+
+The following sections show the usage of Embedded Terraform in {{ site.data.product.title_short }}. The following sections apply to {{ site.data.product.title_short }} that is deployed as a containerized deployment (podified) and {{ site.data.product.title_short }} that is deployed as a virtual machine appliance:
+
+1. Enable the Embedded Terraform server role.
+2. Add a source control repository that contains your templates.
+3. Add credentials to access the repository.
+4. Create a Service Catalog item with the desired Terraform template.
+
+### Enabling the Embedded Terraform Server Role
+
+In {{ site.data.product.title_short }}, the Embedded Terraform server role is disabled by default. Enable this server role to use Embedded Terraform (OpenTofu).
+
+To enable the Embedded Terraform Server Role, use the following steps:
+
+1. Browse to the settings menu, and click **Configuration** > **Settings**.
+2. Select the desired server under **Zones**.
+3. Set the **Server Role** for **Embedded Terraform** to `On`.
+
+### Verifying the Embedded Terraform worker state
+
+Verify that the Embedded Terraform worker is started to use its features:
+
+1. Browse to the settings menu, then click **Configuration** > **Diagnostics** and click the server that you want to choose.
+2. Click **Roles by Servers** tab.
+
+A table of all workers and their status appears from which you can confirm the state of your Embedded Terraform worker.
+
+### Adding a Template Repository
+
+To enable {{ site.data.product.title_short }} to discover and use your Terraform templates, add a repository to store and manage your templates.
+
+If your repository requires credentials for access, then you need to create SCM credentials. For more information about how to create SCM credentials, see [SCM credentials](../_topics/opentofu_credentials.md#scm).
+
+Use the following steps to add a repository:
+
+1. Browse to the menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Click **Configuration**, then ![Add New Repository](../images/1862.png) (**Add New Repository**).
+
+3. Provide a Repository Name in the **Name** field.
+
+4. Add a description for the repository in the **Description** field.
+
+5. Add a **URL** and an optional port for the repository.
+
+6. Select the appropriate **SCM Credentials** from the drop-down menu.
+
+7. Provide a branch name in the **SCM Branch** field. This field is optional and default value is set to `master` branch.
+
+8. Click **Save**.
+
+When you save the repository, the Terraform templates are synced, and are available to {{ site.data.product.title_short }}.
+
+### Refreshing Repositories
+
+You can use {{ site.data.product.title_short }} to refresh specific Terraform repositories or all repositories in your inventory to make sure that your templates are up to date.
+
+Use the following steps to refresh a specific repository:
+
+1. Browse to the menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Click a repository.
+
+3. Click **Configuration**, then ![Refresh this Repository](../images/2003.png) (**Refresh this Repository**).
+
+Alternately, you can refresh some or all of the repositories from the list view:
+
+1. Browse to the menu and click **Automation > Embedded Terraform > Repositories**.
+
+2. Select the repositories that you want to refresh. Click **Check All** to select all repositories.
+
+3. Click **Configuration**, then ![Refresh Selected Terraform Templates Repositories](../images/2003.png) (**Refresh Selected Ansible Repositories**).
+
+{% include_relative _topics/opentofu_credentials.md %}
+
+### Running a Terraform Template from a Service Catalog
+
+You can run a Terraform Template from {{ site.data.product.title_short }} by creating a Service Catalog item from a Terraform template.
+
+Use the following listed steps in each section to run the Terraform Template from a Service Catalog:
+
+1. Create a catalog
+2. Create a Terraform Service Catalog item
+3. Run the Terraform template
+
+#### Create a catalog
+
+Use the following steps to create a catalog:
+
+1. In the navigation bar, click **Services** > **Catalogs and click Catalog Items**.
+
+2. Click **Configuration**, then click **Add a New Catalog**.
+
+3. Enter a **Name** and **Description** for the catalog.
+
+4. Click **Add**.
+
+#### Create a Terraform Service Catalog item
+
+Use the following steps to create a Terraform Service Catalog item:
+
+1. In the navigation bar click **Automation** > **Embedded Automate** > **Customization**, then click **Service Dialog**.
+
+2. Click **Configuration** > **Create Service Dialog**.
+
+3. Enter a **Service Dialog Name** and add the required fields for the Terraform template.
+
+4. Click **Save**.
+
+5. In the navigation bar, click **Services** > **Catalogs** > **Catalog Items**.
+
+6. Click **Configuration** > **Add a New Catalog Item** to create a new catalog item with the following details at minimum:
+
+   - For **Catalog Item type**, select **Terraform Template**.
+
+   - Enter a **Name** for the service catalog item.
+
+   - Select **Display** in **Catalog**.
+
+   - In Catalog, select the catalog that you created previously.
+
+   - In Provisioning, select the repository that you previously added and select the Terraform template that you want to deploy.
+
+   - In Provisioning, select the **Cloud Type** and then select the **credential** to connect to the cloud.
+
+   - In Provisioning, select the **Service Dialog** that you created previously. If you want to enter additional information when you run the task, **Service Dialog** must be selected. A dialog is required if **Display in Catalog** is chosen.
+
+6. Click **Save**.
+
+The catalog item that you created appears in the *All Service Catalog Items* list.
+
+#### Run the Terraform Template:
+
+Use the following steps to run the Terraform Template.
+
+1. In the navigation bar, click **Service** > **Catalogs** > **Service Catalogs** > **created catalog**.
+
+2. Click **Order** for the catalog item.
+
+3. Enter any variables that are requested and click **Submit**.
+
+{{ site.data.product.title_short }} takes you to the *Requests queue* page and displays the status of the job.
+
+The service item details can be viewed when you navigate to **Services** > **My Services in {{ site.data.product.title_short }}**.
+
diff --git a/managing_providers/_topics/opentofu_credentials.md b/managing_providers/_topics/opentofu_credentials.md
@@ -0,0 +1,115 @@
+### Credentials
+
+Use the following sections to learn more about credentials that are associated with {{ site.data.product.title_short }} and Embedded Terraform:
+
+#### Adding Credentials
+
+Credentials are used by {{ site.data.product.title_short }} for authentication when you connect to cloud providers for infrastructure deployment.
+
+1.  Browse to the menu and click **Automation > Embedded Terraform > Credentials**.
+
+2.  Click **Configuration**, then ![Add New Credential](../images/1862.png) (**Add New Credential**).
+
+3.  Provide a **Name** for the credential.
+
+4.  Select the **Credential Type**. Additional fields might appear depending on the credential type that you chose.
+
+5.  Click **Add**.
+
+#### Credential Types
+
+Each credential type that is used by {{ site.data.product.title_short }} for the Embedded Terraform is listed in the following sections:
+
+##### SCM
+
+SCM (source control) credentials are used with projects to clone and update the local source code repositories from a remote revision control system such as Git, Subversion, or Mercurial.
+
+Source Control credentials contain multiple attributes, which you need to configure:
+
+- **Username**: The username for source control system.
+
+- **Password**: The password for source control system.
+
+- **Private key passphrase**: If the SSH private key used is protected by a passphrase, you might need to configure a key passphrase for the private key.
+
+- **Private Key**: Copy or drag-and-drop the actual SSH private key, which is used to authenticate the user to the source control system by using SSH.
+
+##### Amazon
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Amazon Web Services.
+
+Amazon Web Services credentials contain multiple attributes, which you need to configure:
+
+- **Access Key**: User credentials that allow for programmatic calls to Amazon Web Services.
+
+- **Secret Key**: The secret key that corresponds to the user access key.
+
+- **STS Token**: Token generated by Amazon Web Services Security Token Service.
+
+##### Azure
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Microsoft Azure.
+
+Microsoft Azure credentials contain multiple attributes, which you need to configure:
+
+- **Username**: The username to connect to the Microsoft Azure account.
+
+- **Password**: The password to connect to the Microsoft Azure account.
+
+- **Subscription ID**: The Subscription UUID for the Microsoft Azure account.
+
+- **Tenant ID**: The Tenant ID for the Microsoft Azure account.
+
+- **Client Secret**: The Client Secret for the Microsoft Azure account.
+
+- **Client ID**: The Client ID for the Microsoft Azure account.
+
+##### Google Compute Engine
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and Google Compute Engine.
+
+Google Compute Engine credentials contain multiple attributes, which you need to configure:
+
+- **Service Account Email Address**: The Service Account email address to connect to the Google Compute Engine.
+- **RSA Private Key**: Contents of the PEM file associated with the service account email.
+- **Project**: The Google Compute Engine assigned identification. This field is constructed as two words followed by a three-digit number, such as `squeamish-ossifrage-123`.
+- **Google Cloud Region**: The default region for the resources. If another region is specified on the resource, it takes precedence.
+
+##### IBM Cloud Classic Infrastructure
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and IBM Cloud Classic Infrastructure.
+
+IBM Cloud Classic Infrastructure credentials contain multiple attributes, which you need to configure:
+
+- **IBM Cloud Classic Infrastructure User Name**: The username for IBM Cloud Classic Infrastructure.
+- **IBM Cloud Classic Infrastructure API Key**: The API key for IBM Cloud Classic Infrastructure.
+
+##### OpenStack
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and OpenStack.
+
+OpenStack credentials contain multiple attributes, which you might need to configure:
+
+- **Username**: The username to connect to OpenStack.
+
+- **Password (API Key)**: The password or API key to connect to OpenStack.
+
+- **Host (Authentication URL)**: The host to be used for authentication.
+
+- **Project (Tenant Name)**: The Tenant name or Tenant ID to connect to OpenStack. This value is usually the same as the username.
+
+- **Domain name**: The Fully qualified domain name (FQDN) to connect to OpenStack.
+
+##### VMware
+
+If you select this credential type, it enables connection between {{ site.data.product.title_short }} and VMware vCenter.
+
+**Important:** If both {{ site.data.product.title_short }} and a VMware provider are located in the same IPv6-only network, then use a DNS-resolvable hostname for the VMware provider in the **vCenter Host** field when you add the credentials.
+
+VMware credentials contain multiple attributes, which you might need to configure:
+
+- **Username**: The username to connect to vCenter.
+
+- **Password**: The password to connect to vCenter.
+
+- **vCenter Host**: The vCenter hostname or IP address to connect to.
