copyright | lastupdated | keywords | subcollection | content-type | services | account-plan | completion-time | ||
---|---|---|---|---|---|---|---|---|---|
|
2023-01-03 |
onboard software, Terraform, virtual server image, virtual machine image, image, vm, vsi, validate, test, VSI image, VM image, private catalog |
account |
tutorial |
cloud-object-storage, vpc |
paid |
20m |
{{site.data.keyword.attribute-definition-list}}
{: #catalog-vsi-tutorial} {: toc-content-type="tutorial"} {: toc-services="cloud-object-storage, vpc"} {: toc-completion-time="20m"}
This tutorial walks you through how to onboard a sample virtual server image with Terraform to your account. By completing this tutorial, you learn how to create a private catalog, import the sample, validate that it can be installed on a selected deployment target, and make the virtual server image available to users who have access to your account. {: shortdesc}
This tutorial uses sample Terraform code{: external} as part of the process to onboard a virtual server image. As you complete the tutorial, adapt each step to match your organization's goal.
The tutorial includes steps for deploying a virtual server image to a target {{site.data.keyword.cloud_notm}} Virtual Private Cloud (VPC). As a result, you incur associated infrastructure charges. {: note}
{: #catalog-vsi-prereqs}
- Create an instance of {{site.data.keyword.cloud_notm}} Object Storage and upload your image to a bucket.
- Create your VPC.
- Import your custom image to all regions{: external} in which you want your software to be available.
- Create your Terraform template.
- Upload your Terraform template to your GitHub repository. Use the latest release of the sample Terraform code{: external} as an example of how to set up your repository.
- Make sure you're assigned the {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM) editor role on the catalog management service. See Assigning access to account management services for more information.
{: #catalog-vsi-create} {: step}
- In the {{site.data.keyword.cloud_notm}} console, go to Manage > Catalogs, and click Create a catalog.
- Select Product default as the catalog type.
- Enter the name of your catalog, for example,
Sample virtual server image
. - Select No products to exclude all products in the {{site.data.keyword.cloud}} catalog from your catalog.
- Click Create.
{: #catalog-vsi-import} {: step}
- From the Private products page, click Add.
- Select Virtual server image with Terraform as the deployment method.
- Confirm that Public repository is selected as the repository type.
- Enter
https://github.com/IBM-Cloud/isv-vsi-product-deploy-sample/releases/download/v1.0/isv-vsi-product-deploy-sample.tar.gz
as your source URL. - Enter
1.0.0
as the software version. - Select Developer tools as the category.
- Click Add product.
{: #catalog-vsi-review-version} {: step}
- From the Version list table, click the row that contains your virtual server image.
- Review your version details from the Review the version details section. After you review your version details, click Next.
{: #catalog-vsi-cfg-deployment} {: step}
- If you need to specify the Terraform runtime version that you want Schematics to use, click the Override the default Terraform runtime version checkbox and enter a version.
- From the Configure the deployment details section, click Add deployment values.
- Select Parameter to select all options, and click Add.
- To customize which parameters are required for users to specify during the installation and which ones are hidden altogether, select a parameter and click Edit. For the purposes of this tutorial, configure each parameter as described in the following table.
Parameter | Description | Required for users to specify? | Hidden from users? |
---|---|---|---|
TF_VERSION |
The version of the Terraform engine that's used in the Schematics workspace. | False | True |
region |
The region in which the VPC instance is located. | True | False |
ssh_key_name |
The name of the public SSH key to use when creating the virtual server instance. | True | False |
subnet_id |
The ID of the subnet within the VPC that the virtual server instance uses. | True | False |
vsi_instance_name |
The name of the virtual server instance. | True | False |
vsi_profile |
The profile of compute CPU and memory resources to use when creating the virtual server instance. | False | False |
vsi_security_group |
The name of the security group that is created. | True | False |
{: caption="Table 1. Parameters that you need to configure" caption-side="bottom"} |
{{site.data.content.output-values}}
{{site.data.content.define-IAM-access}}
{: #catalog-vsi-cfg-license} {: step}
If users are required to accept any license agreements beyond the {{site.data.keyword.cloud_notm}} Services Agreement, provide the URL to each agreement. Or, if users can bring their own licenses, you can provide that URL as well.
- Click Add license agreements > Add.
- Enter the name and URL, and click Update.
- Click Next.
{: #catalog-vsimage-onboard-readme} {: step}
The TGZ file that you imported to your private catalog includes a readme file that provides product information for the virtual server image. If you want to make updates to the readme file, you can edit it directly from your private catalog. For the purposes of this tutorial, the following steps describe how to edit the description of the readme file.
-
Click the Edit icon , and update the description with the following sentence:
Create and deploy a virtual server with ease by using a custom image.
-
Click Save > Next.
{: #catalog-vsi-validate} {: step}
-
From the Validate product tab, enter the name of your Schematics workspace, select a resource group, select a Schematics region, and click Next.
In the Tags field, you can enter a name of a specific tag to attach to your virtual server image. Tags provide a way to organize, track usage costs, and manage access to the resources in your account. {: tip}
-
From the Deployment values section, review your parameter values, and click Next.
-
In the Validation product section, select I have read and agree to the following license agreements.
-
Click Validate.
To monitor the progress of the validation process, click View logs. {: tip}
{: #catalog-vsi-controls} {: step}
Controls are safeguards that are used to meet security and compliance requirements. Only controls that are supported by Security and Compliance Center, formatted correctly, and validated by Code Risk Analysis and Security and Compliance Center scans appear in the catalog. For more information, see Adding compliance details.
{: #catalog-vsi-add-controls}
You can review the controls that were added from your readme file and add additional controls.
- Click Add controls.
- Choose a profile.
- Select the controls that you want to add to your version.
- Click Add.
{: #catalog-vsi-cra-scan}
Scan your source code with Code Risk Analyzer to identify any security vulnerabilities that you need to assess.
- Click Run scan.
- Wait for the scan to finish.
{: #catalog-vsi-scc-scan}
Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scheduling a scan.
- Select the profile that you scanned.
- Select the Security and Compliance Center scan.
- Click Add scan.
- Click Next.
{: #catalog-vsi-review-reqs}
You must complete validation and any other requirements to publish your product to your account.
{: #catalog-vsi-publish}
After you onboard and validate your virtual server image, you're ready to publish it to your account. From the Actions menu, select Publish to account. As a result, the virtual server image is available only to users who have access to the Sample virtual server image
private catalog in your account.