IBM Cloud Docs
Onboarding a virtual server image with Terraform

Onboarding a virtual server image with Terraform

Onboarding virtual server images with Terraform is deprecated. After 29 March 2024, onboarding virtual server images with Terraform is no longer supported as a delivery method, which means that no new virtual server images with Terraform can be onboarded. Existing VSIs in the IBM Cloud catalog will be available to use, but to take advantage of version updates and ensure continued support, onboard virtual server images for Virtual Private Cloud directly. For more information, see Onboarding a virtual server image for VPC.

This tutorial walks you through how to onboard a sample virtual server image with Terraform to your account. By completing this tutorial, you learn how to create a private catalog, import the sample, validate that it can be installed on a selected deployment target, and make the virtual server image available to users who have access to your account.

This tutorial uses sample Terraform code as part of the process to onboard a virtual server image. As you complete the tutorial, adapt each step to match your organization's goal.

The tutorial includes steps for deploying a virtual server image to a target IBM Cloud Virtual Private Cloud (VPC). As a result, you incur associated infrastructure charges.

Before you begin

  1. Create an instance of IBM Cloud Object Storage and upload your image to a bucket.
  2. Create your VPC.
  3. Import your custom image to all regions in which you want your software to be available.
  4. Create your Terraform template.
  5. Upload your Terraform template to your GitHub repository. Use the latest release of the sample Terraform code as an example of how to set up your repository.
  6. Make sure you're assigned the IBM Cloud Identity and Access Management (IAM) editor role on the catalog management service. See Assigning access to account management services for more information.

Create a private catalog

  1. In the IBM Cloud console, go to Manage > Catalogs, and click Create a catalog.
  2. Select Product default as the catalog type.
  3. Enter the name of your catalog, for example, Sample virtual server image.
  4. Select No products to exclude all products in the IBM Cloud® catalog from your catalog.
  5. Click Create.

Import the virtual server image to your private catalog

  1. From the Private products page, click Add.
  2. Select Virtual server image with Terraform as the deployment method.
  3. Confirm that Public repository is selected as the repository type.
  4. Enter https://github.com/IBM-Cloud/isv-vsi-product-deploy-sample/releases/download/v1.0/isv-vsi-product-deploy-sample.tar.gz as your source URL.
  5. Enter 1.0.0 as the software version.
  6. Select Developer tools as the category.
  7. Click Add product.

Review the version details

  1. From the Version list table, click the row that contains your virtual server image.
  2. Review your version details from the Review the version details section. After you review your version details, click Next.

Configure the deployment details

  1. If you need to specify the Terraform runtime version that you want Schematics to use, click the Override the default Terraform runtime version checkbox and enter a version.
  2. From the Configure the deployment details section, click Add deployment values.
  3. Select Parameter to select all options, and click Add.
  4. To customize which parameters are required for users to specify during the installation and which ones are hidden altogether, select a parameter and click Edit. For the purposes of this tutorial, configure each parameter as described in the following table.
Table 1. Parameters that you need to configure
Parameter Description Required for users to specify? Hidden from users?
TF_VERSION The version of the Terraform engine that's used in the Schematics workspace. False True
region The region in which the VPC instance is located. True False
ssh_key_name The name of the public SSH key to use when creating the virtual server instance. True False
subnet_id The ID of the subnet within the VPC that the virtual server instance uses. True False
vsi_instance_name The name of the virtual server instance. True False
vsi_profile The profile of compute CPU and memory resources to use when creating the virtual server instance. False False
vsi_security_group The name of the security group that is created. True False

Edit output value descriptions

You can improve the descriptions for your Terraform template's output values to help users better understand the purpose of the parameters. The description of any output value that you include in your template can be updated.

To add output values, you need to include them in a new imported version of your Terraform template.

Complete the following steps to edit the product's output value descriptions:

  1. Click Configure version > Next.
  2. From the Output value descriptions section, provide a new description for the parameter that you want to update.
  3. Click Next.

Define IAM access

After you configure your deployment values, you can add the service access and platform access roles that are required to install your product.

Use the following steps to define your product's access:

  1. Click Configure version > Next > Next.
  2. Click Add.
  3. Select the service and the required service and platform access.
    • The service access role allows access for using the service and performing service API calls.
    • The platform access role enables actions to be performed on platform resources, such as creating an instance, connecting instances to apps, and assigning user access.
  4. Click Save.

Set the license requirements

If users are required to accept any license agreements beyond the IBM Cloud Services Agreement, provide the URL to each agreement. Or, if users can bring their own licenses, you can provide that URL as well.

  1. Click Add license agreements > Add.
  2. Enter the name and URL, and click Update.
  3. Click Next.

Review your readme file

The TGZ file that you imported to your private catalog includes a readme file that provides product information for the virtual server image. If you want to make updates to the readme file, you can edit it directly from your private catalog. For the purposes of this tutorial, the following steps describe how to edit the description of the readme file.

  1. Click the Edit icon Edit icon, and update the description with the following sentence:

    Create and deploy a virtual server with ease by using a custom image.

  2. Click Save > Next.

Validate the virtual server image

  1. From the Validate product tab, enter the name of your Schematics workspace, select a resource group, select a Schematics region, and click Next.

    In the Tags field, you can enter a name of a specific tag to attach to your virtual server image. Tags provide a way to organize, track usage costs, and manage access to the resources in your account.

  2. From the Deployment values section, review your parameter values, and click Next.

  3. In the Validation product section, select I have read and agree to the following license agreements.

  4. Click Validate.

    To monitor the progress of the validation process, click View logs.

Manage compliance

You can add profiles and controls to your software to prove that it meets security and compliance requirements. You must use Security and Compliance Center to scan the resources created during validation.

Only profiles and controls that are supported by the Security and Compliance Center and validated by Security and Compliance Center scans appear in the catalog.

Run a Security and Compliance Center scan

When you claim profiles and controls, you must evaluate the resources that were created during validation to ensure compliance. To run a scan, complete the following steps:

  1. In the IBM Cloud console, click the Menu icon Menu icon > Security and Compliance to access Security and Compliance Center.
  2. In the navigation, click Profile.
  3. Click the Overflow menu in the row of the profile that you want to evaluate and select Run scan.
  4. Click Run scan.

After your scan completes, you can return to your private catalog to continue the onboarding process.

Adding compliance controls

Add the profiles and controls that you want to claim.

  1. In the Manage compliance section of your product, select Add claims.
  2. Select the profile that you want to add.
  3. Choose to add the entire profile or a subset of controls.
  4. If you choose an entire profile, continue to the next step. If you choose to add a subset of controls, select the controls that you want to add.
  5. Click Add.

Applying Security and Compliance Center scans

Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scanning your resources.

  1. Click Add scan.
  2. Select the profile that you used for the evaluation.
  3. Select the Security and Compliance Center scan.
  4. Click Apply scan.
  5. Click Next.

Review requirements

You must complete validation and any other requirements to publish your product to your account.

Next steps

After you onboard and validate your virtual server image, you're ready to publish it to your account. From the Actions menu, select Publish to account. As a result, the virtual server image is available only to users who have access to the Sample virtual server image private catalog in your account.