Template Management
In this section we will learn to create and update templates and utilize all their features.
We will not cover the Terraform coding of a Template in here, writing the code for a Template is covered in the Template Developer Guide.
Creating a Template involves configuring ESH to know about the SCM repository in which the Template source code resides. You will need the web URL of the repository (not the clone URL), credentials to access the repository and it must have at least 1 tag as Deployments are tied to specific versions of Templates.
Tips for Template Management
To help your organization to get the most out of Templates, read this section.
-
Template Name - Give the Template a name that will make it easy for users for know what it does. I.e. EC2 Instance - Simple Config, EC2 Instance - Advanced Config, RDS Postgres, Aurora Postgres etc
-
Template Description - Give the Template a good multi line description. This will be useful to help users know exactly what resources a Template will create for them.
-
Authorization - An access token that has read privilege on your Template repositories.
It is usually a good idea to have an SCM service account configured on your SCM provider, this makes managing credentials easier than using an individual users account. Generate a token for that account and use the token for Template authorization.
-
Template Versions - Versions are Tags can be created by typing
git tag <semantic version, i.e. 0.0.1>
thengit push --tags
. -
Template Approval - Some Templates deploy special resources such as AWS accounts or expensive resources such as large virtual machines. Where this is the case it is possible to specify that deployment the Template requires manager approval. Where this is set, the Deployment of the resource is paused after the plan phase and a Tenant administrator is required to approve the Deployment.
Create a Template
Step 1 - Specify SCM Repository and Template Metadata
Use the Template console to create a Template and specify required details as referenced in above section Tips.
Fill in the parameters for the Template.
Step 2 - Download a version (Git tag)
Use the Template Version console to download a tag. Click the download button as below:
The tag has been downloaded and a TFSec report has been created for the version.
Step 3 - Review TFSec Security Reports
Review the report if it has any vulnerabilities, improve where necessary.
Step 4 - Preview the Template Parameters
The Template parameters preview gives you a representation of what the user could see when they deploy the template. Some fields have been defaulted from the default
value specified in the Terraform variables. If it possible to override the presentation and defaults for the Template parameters on a Tenant by Tenant basis using CMDB Tenant Defaults but a baseline presentation is available here for you to review parameter descriptions etc.
Review the parameters in the popup window.
Step 5 - Test a Template
Navigate to the Deployments console and follow the steps here to test your Template.
Step 6 - Certify a Template
Only Certified Templates can be used by end users so after testing has taken place by the Template Developer or other admin level users, it is essential to certify the template so it can be assigned out to regular users.
Step 7 - Assign Template to Template Groups
Users are granted access to Templates via their Template Group assignments. For each Tenant you create, ESH creates a default Template group. If this is a new ESH installation you have probably not created any additional Template Groups so simply assign to the default for the Tenant you have been assigned to. If there are more Template Groups, assign to approproate groups.
Updating a Template
After creating a Template, changes might be needed, such as changing the name, writing a more thorough description, or updating the repository authorization token.
Click the Edit button and change anything you need, then click Save.
Update Template Repository Authorization
For all private repositories, a token must be specified. Update the token by clicking on the Template auth tab. Enter the new token and click the test button, if the token is valid for accessing the repository, the test button will turn green and the Save button will be enabled.
Do not specify a token for public repositories.
Learn about Template development here