feat: exposed network services vsi compute profile

BREAKING CHANGE: upgrade langing zone version to v6.0.0
terraform-ibm-modules · Sep 24, 2024 · 690c464 · 690c464
1 parent f438569
commit 690c464
Show file tree

Hide file tree

Showing 13 changed files with 101 additions and 56 deletions.
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -227,6 +227,9 @@
                         {
                             "key": "transit_gateway_global"
                         },
+                        {
+                            "key": "network_services_vsi_profile"
+                        },
                         {
                             "key": "configure_dns_forwarder"
                         },
@@ -856,6 +859,9 @@
                         {
                             "key": "client_to_site_vpn"
                         },
+                        {
+                            "key": "network_services_vsi_profile"
+                        },
                         {
                             "key": "sm_service_plan"
                         },

diff --git a/modules/powervs-vpc-landing-zone/README.md b/modules/powervs-vpc-landing-zone/README.md
@@ -71,6 +71,7 @@ module "powervs-vpc-landing-zone" {
   existing_sm_instance_guid   = var.existing_sm_instance_guid    #(optional.  default check vars)
   existing_sm_instance_region = var.existing_sm_instance_region  #(optional.  default check vars)
   certificate_template_name   = var.certificate_template_name    #(optional.  default check vars)
+  network_services_vsi_profile = var.network_services_vsi_profile #(optional.  default check vars)
 }
 ```
 
@@ -101,7 +102,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 |------|--------|---------|
 | <a name="module_client_to_site_vpn"></a> [client\_to\_site\_vpn](#module\_client\_to\_site\_vpn) | terraform-ibm-modules/client-to-site-vpn/ibm | 1.7.16 |
 | <a name="module_configure_network_services"></a> [configure\_network\_services](#module\_configure\_network\_services) | ./submodules/ansible | n/a |
-| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module | 5.28.0 |
+| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module | 6.0.0 |
 | <a name="module_powervs_workspace"></a> [powervs\_workspace](#module\_powervs\_workspace) | terraform-ibm-modules/powervs-workspace/ibm | 2.0.0 |
 | <a name="module_private_secret_engine"></a> [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.3.2 |
 | <a name="module_secrets_manager_group"></a> [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.2.2 |
@@ -129,6 +130,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid) | An existing Secrets Manager GUID. The existing Secret Manager instance must have private certificate engine configured. If not provided an new instance will be provisioned. | `string` | `null` | no |
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
+| <a name="input_network_services_vsi_profile"></a> [network\_services\_vsi\_profile](#input\_network\_services\_vsi\_profile) | Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui). | `string` | `"cx2-2x4"` | no |
 | <a name="input_nfs_server_config"></a> [nfs\_server\_config](#input\_nfs\_server\_config) | Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount\_path' defines the target mount point on os. Set 'configure\_nfs\_server' to false to ignore creating file storage share. | <pre>object({<br>    size       = number<br>    iops       = number<br>    mount_path = string<br>  })</pre> | <pre>{<br>  "iops": 600,<br>  "mount_path": "/nfs",<br>  "size": 200<br>}</pre> | no |
 | <a name="input_powervs_backup_network"></a> [powervs\_backup\_network](#input\_powervs\_backup\_network) | Name of the IBM Cloud PowerVS backup network and CIDR to create. | <pre>object({<br>    name = string<br>    cidr = string<br>  })</pre> | <pre>{<br>  "cidr": "10.52.0.0/24",<br>  "name": "bkp_net"<br>}</pre> | no |
 | <a name="input_powervs_image_names"></a> [powervs\_image\_names](#input\_powervs\_image\_names) | List of Images to be imported into cloud account from catalog images. Supported values can be found [here](https://github.com/terraform-ibm-modules/terraform-ibm-powervs-workspace/blob/main/docs/catalog_images_list.md) | `list(string)` | <pre>[<br>  "IBMi-75-03-2924-2",<br>  "IBMi-74-09-2984-1",<br>  "7200-05-07",<br>  "7300-02-01",<br>  "SLES15-SP5-SAP",<br>  "SLES15-SP5-SAP-NETWEAVER",<br>  "RHEL9-SP2-SAP",<br>  "RHEL9-SP2-SAP-NETWEAVER"<br>]</pre> | no |

diff --git a/modules/powervs-vpc-landing-zone/locals.tf b/modules/powervs-vpc-landing-zone/locals.tf
@@ -29,9 +29,10 @@ locals {
   external_access_ip = var.external_access_ip != null && var.external_access_ip != "" ? length(regexall("/", var.external_access_ip)) > 0 ? var.external_access_ip : "${var.external_access_ip}/32" : ""
   override_json_string = templatefile("${path.module}/presets/slz-preset.json.tftpl",
     {
-      external_access_ip     = local.external_access_ip,
-      vsi_image              = "ibm-redhat-8-8-amd64-sap-applications-1",
-      transit_gateway_global = var.transit_gateway_global
+      external_access_ip           = local.external_access_ip,
+      vsi_image                    = "ibm-redhat-8-8-amd64-sap-applications-1",
+      network_services_vsi_profile = var.network_services_vsi_profile,
+      transit_gateway_global       = var.transit_gateway_global
     }
   )
 }
@@ -47,9 +48,10 @@ locals {
   key_floating_ip_exists = local.key_fip_vsi_exists ? contains(keys(module.landing_zone.fip_vsi[0]), "floating_ip") ? true : false : false
   access_host_or_ip      = local.key_floating_ip_exists ? module.landing_zone.fip_vsi[0].floating_ip : ""
 
-  key_vsi_list_exists         = contains(keys(module.landing_zone), "vsi_list") ? true : false
-  network_services_vsi_exists = local.key_vsi_list_exists ? contains(module.landing_zone.vsi_names, "${var.prefix}-network-services-001") ? true : false : false
-  network_services_vsi_ip     = local.network_services_vsi_exists ? [for vsi in module.landing_zone.vsi_list : vsi.ipv4_address if vsi.name == "${var.prefix}-network-services-001"][0] : ""
+  key_vsi_list_exists = contains(keys(module.landing_zone), "vsi_list") ? true : false
+  # network_services_vsi_exists = local.key_vsi_list_exists ? contains(module.landing_zone.vsi_names, "${var.prefix}-network-services-001") ? true : false : false
+  network_services_vsi_exists = local.key_vsi_list_exists ? length([for vsi_name in module.landing_zone.vsi_names : vsi_name if can(regex("${var.prefix}-network-services", vsi_name))]) > 0 ? true : false : false
+  network_services_vsi_ip     = local.network_services_vsi_exists ? [for vsi in module.landing_zone.vsi_list : vsi.ipv4_address if can(regex("${var.prefix}-network-services", vsi.name))][0] : ""
 
   ###### For preset floating ip and network services vsi should exist.
   valid_json_used   = local.key_floating_ip_exists && local.network_services_vsi_exists ? true : false

diff --git a/modules/powervs-vpc-landing-zone/main.tf b/modules/powervs-vpc-landing-zone/main.tf
@@ -4,7 +4,7 @@
 
 module "landing_zone" {
   source    = "terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module"
-  version   = "5.28.0"
+  version   = "6.0.0"
   providers = { ibm = ibm.ibm-is }
 
   ssh_public_key       = var.ssh_public_key

diff --git a/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl b/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl
@@ -533,7 +533,7 @@
         {
             "name": "network-services",
             "image_name": "${vsi_image}",
-            "machine_type": "cx2-2x4",
+            "machine_type": "${network_services_vsi_profile}",
             "vpc_name": "edge",
             "resource_group": "slz-edge-rg",
             "enable_floating_ip": false,

diff --git a/modules/powervs-vpc-landing-zone/submodules/ansible/main.tf b/modules/powervs-vpc-landing-zone/submodules/ansible/main.tf
@@ -13,8 +13,14 @@ locals {
 # 1. Execute shell script to install ansible roles/collections
 ##############################################################
 
+resource "terraform_data" "trigger_ansible_vars" {
+  input = [var.playbook_template_vars, var.ansible_host_or_ip]
+}
+
 resource "terraform_data" "setup_ansible_host" {
 
+  triggers_replace = terraform_data.trigger_ansible_vars
+
   connection {
     type         = "ssh"
     user         = "root"
@@ -50,12 +56,10 @@ resource "terraform_data" "setup_ansible_host" {
 # 2. Execute ansible playbooks
 ##############################################################
 
-resource "terraform_data" "trigger_ansible_vars" {
-  input = var.playbook_template_vars
-}
-
 resource "terraform_data" "execute_playbooks" {
 
+  triggers_replace = terraform_data.trigger_ansible_vars
+
   depends_on = [terraform_data.setup_ansible_host]
 
   connection {
@@ -68,8 +72,6 @@ resource "terraform_data" "execute_playbooks" {
     timeout      = "5m"
   }
 
-  triggers_replace = terraform_data.trigger_ansible_vars
-
   # Create terraform scripts directory
   provisioner "remote-exec" {
     inline = ["mkdir -p ${local.dst_files_dir}", "chmod 777 ${local.dst_files_dir}", ]

diff --git a/modules/powervs-vpc-landing-zone/variables.tf b/modules/powervs-vpc-landing-zone/variables.tf
@@ -54,6 +54,16 @@ variable "transit_gateway_global" {
   default     = false
 }
 
+#####################################################
+# Optional Parameter Network Services VSI Profile
+#####################################################
+
+variable "network_services_vsi_profile" {
+  description = "Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui)."
+  type        = string
+  default     = "cx2-2x4"
+}
+
 #####################################################
 # Optional Parameters VSI OS Management Services
 #####################################################

diff --git a/solutions/standard-plus-vsi/README.md b/solutions/standard-plus-vsi/README.md
@@ -74,6 +74,7 @@ No resources.
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud platform API key needed to deploy IAM enabled resources. | `string` | n/a | yes |
+| <a name="input_network_services_vsi_profile"></a> [network\_services\_vsi\_profile](#input\_network\_services\_vsi\_profile) | Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui). | `string` | `"cx2-2x4"` | no |
 | <a name="input_nfs_server_config"></a> [nfs\_server\_config](#input\_nfs\_server\_config) | Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount\_path' defines the target mount point on os. Set 'configure\_nfs\_server' to false to ignore creating file storage share. | <pre>object({<br>    size       = number<br>    iops       = number<br>    mount_path = string<br>  })</pre> | <pre>{<br>  "iops": 600,<br>  "mount_path": "/nfs",<br>  "size": 200<br>}</pre> | no |
 | <a name="input_powervs_backup_network"></a> [powervs\_backup\_network](#input\_powervs\_backup\_network) | Name of the IBM Cloud PowerVS backup network and CIDR to create. | <pre>object({<br>    name = string<br>    cidr = string<br>  })</pre> | <pre>{<br>  "cidr": "10.52.0.0/24",<br>  "name": "bkp_net"<br>}</pre> | no |
 | <a name="input_powervs_management_network"></a> [powervs\_management\_network](#input\_powervs\_management\_network) | Name of the IBM Cloud PowerVS management subnet and CIDR to create. | <pre>object({<br>    name = string<br>    cidr = string<br>  })</pre> | <pre>{<br>  "cidr": "10.51.0.0/24",<br>  "name": "mgmt_net"<br>}</pre> | no |

diff --git a/solutions/standard-plus-vsi/main.tf b/solutions/standard-plus-vsi/main.tf
@@ -7,26 +7,27 @@ module "standard" {
 
   providers = { ibm.ibm-is = ibm.ibm-is, ibm.ibm-pi = ibm.ibm-pi, ibm.ibm-sm = ibm.ibm-sm }
 
-  powervs_zone                = var.powervs_zone
-  prefix                      = var.prefix
-  external_access_ip          = var.external_access_ip
-  ssh_public_key              = var.ssh_public_key
-  ssh_private_key             = var.ssh_private_key
-  client_to_site_vpn          = var.client_to_site_vpn
-  configure_dns_forwarder     = var.configure_dns_forwarder
-  configure_ntp_forwarder     = var.configure_ntp_forwarder
-  configure_nfs_server        = var.configure_nfs_server
-  dns_forwarder_config        = var.dns_forwarder_config
-  nfs_server_config           = var.nfs_server_config
-  powervs_resource_group_name = var.powervs_resource_group_name
-  powervs_management_network  = var.powervs_management_network
-  powervs_backup_network      = var.powervs_backup_network
-  powervs_image_names         = [local.qs_tshirt_choice.image]
-  tags                        = var.tags
-  sm_service_plan             = var.sm_service_plan
-  existing_sm_instance_guid   = var.existing_sm_instance_guid
-  existing_sm_instance_region = var.existing_sm_instance_region
-  certificate_template_name   = var.certificate_template_name
+  powervs_zone                 = var.powervs_zone
+  prefix                       = var.prefix
+  external_access_ip           = var.external_access_ip
+  ssh_public_key               = var.ssh_public_key
+  ssh_private_key              = var.ssh_private_key
+  client_to_site_vpn           = var.client_to_site_vpn
+  configure_dns_forwarder      = var.configure_dns_forwarder
+  configure_ntp_forwarder      = var.configure_ntp_forwarder
+  configure_nfs_server         = var.configure_nfs_server
+  dns_forwarder_config         = var.dns_forwarder_config
+  nfs_server_config            = var.nfs_server_config
+  powervs_resource_group_name  = var.powervs_resource_group_name
+  powervs_management_network   = var.powervs_management_network
+  powervs_backup_network       = var.powervs_backup_network
+  powervs_image_names          = [local.qs_tshirt_choice.image]
+  tags                         = var.tags
+  sm_service_plan              = var.sm_service_plan
+  existing_sm_instance_guid    = var.existing_sm_instance_guid
+  existing_sm_instance_region  = var.existing_sm_instance_region
+  certificate_template_name    = var.certificate_template_name
+  network_services_vsi_profile = var.network_services_vsi_profile
 }
 
 moved {

diff --git a/solutions/standard-plus-vsi/variables.tf b/solutions/standard-plus-vsi/variables.tf
@@ -99,6 +99,16 @@ variable "custom_profile" {
   }
 }
 
+#####################################################
+# Optional Parameter Network Services VSI Profile
+#####################################################
+
+variable "network_services_vsi_profile" {
+  description = "Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui)."
+  type        = string
+  default     = "cx2-2x4"
+}
+
 #####################################################
 # Optional Parameters VSI OS Management Services
 #####################################################

diff --git a/solutions/standard/README.md b/solutions/standard/README.md
@@ -71,6 +71,7 @@ No resources.
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud platform API key needed to deploy IAM enabled resources. | `string` | n/a | yes |
+| <a name="input_network_services_vsi_profile"></a> [network\_services\_vsi\_profile](#input\_network\_services\_vsi\_profile) | Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui). | `string` | `"cx2-2x4"` | no |
 | <a name="input_nfs_server_config"></a> [nfs\_server\_config](#input\_nfs\_server\_config) | Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount\_path' defines the target mount point on os. Set 'configure\_nfs\_server' to false to ignore creating file storage share. | <pre>object({<br>    size       = number<br>    iops       = number<br>    mount_path = string<br>  })</pre> | <pre>{<br>  "iops": 600,<br>  "mount_path": "/nfs",<br>  "size": 200<br>}</pre> | no |
 | <a name="input_powervs_backup_network"></a> [powervs\_backup\_network](#input\_powervs\_backup\_network) | Name of the IBM Cloud PowerVS backup network and CIDR to create. | <pre>object({<br>    name = string<br>    cidr = string<br>  })</pre> | <pre>{<br>  "cidr": "10.52.0.0/24",<br>  "name": "bkp_net"<br>}</pre> | no |
 | <a name="input_powervs_image_names"></a> [powervs\_image\_names](#input\_powervs\_image\_names) | List of Images to be imported into cloud account from catalog images. Supported values can be found [here](https://github.com/terraform-ibm-modules/terraform-ibm-powervs-workspace/blob/main/docs/catalog_images_list.md) | `list(string)` | <pre>[<br>  "IBMi-75-03-2924-2",<br>  "IBMi-74-09-2984-1",<br>  "7200-05-07",<br>  "7300-02-01",<br>  "SLES15-SP5-SAP",<br>  "SLES15-SP5-SAP-NETWEAVER",<br>  "RHEL9-SP2-SAP",<br>  "RHEL9-SP2-SAP-NETWEAVER"<br>]</pre> | no |