Skip to content

README.md

Latest commit

 

History

History
134 lines (116 loc) · 19.4 KB

README.md

File metadata and controls

134 lines (116 loc) · 19.4 KB

IBM Cloud Solution for Power Virtual Server with VPC Landing Zone Quickstart (Standard plus VSI) Variation

This example sets up the following infrastructure:

  • A VPC Infrastructure with the following components:

  • A local or global transit gateway

  • An optional IBM Cloud Monitoring Instance

  • A Power Virtual Server workspace with the following network topology:

    • Creates two private networks: a management network and a backup network.
    • Attaches the PowerVS workspace to transit gateway.
    • Creates an SSH key.
    • Optionally imports list of stock catalog images.
    • Optionally imports up to three custom images from Cloud Object Storage.

  • A PowerVS Instance with following options:

    • t-shirt profile (Aix/IBMi/SAP Image)
    • Custom profile ( cores, memory, storage and image)
    • 1 volume

Solutions

Variation Available on IBM Catalog Requires Schematics Workspace ID Creates VPC Landing Zone Performs VPC VSI OS Config Creates PowerVS Infrastructure Creates PowerVS Instance Performs PowerVS OS Config
Quickstart (Standard plus VSI) ✔️ N/A ✔️ ✔️ ✔️ ✔️ N/A

Reference architecture

Quickstart (Standard plus VSI) variation

Architecture diagram

Quickstart (Standard plus VSI)

Requirements

Name Version
terraform >= 1.9
ibm 1.76.2

Modules

Name Source Version
powervs_instance terraform-ibm-modules/powervs-instance/ibm 2.4.2
standard ../../modules/powervs-vpc-landing-zone n/a

Resources

No resources.

Inputs

Name Description Type Default Required
IC_SCHEMATICS_WORKSPACE_ID leave blank if running locally. This variable will be automatically populated if running from an IBM Cloud Schematics workspace string "" no
ansible_vault_password Vault password to encrypt ansible playbooks that contain sensitive information. Required when SCC workload Protection is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]_{|}~. string null no
certificate_template_name The name of the Certificate Template to create for a private_cert secret engine. When var.existing_sm_instance_guid is not null, then it has to be the existing template name that exists in the private cert engine. string "my-template" no
client_to_site_vpn VPN configuration - the client ip pool and list of users email ids to access the environment. If enabled, then a Secret Manager instance is also provisioned with certificates generated. See optional parameters to reuse existing certificate from secrets manager instance. 
object({
    enable                        = bool
    client_ip_pool                = string
    vpn_client_access_group_users = list(string)
  })
 
{
  "client_ip_pool": "192.168.0.0/16",
  "enable": false,
  "vpn_client_access_group_users": []
}
 no
configure_dns_forwarder Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns_forwarder_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. bool true no
configure_nfs_server Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). File storage share and mount target in VPC will be created.. If yes, ensure 'nfs_server_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. bool true no
configure_ntp_forwarder Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. bool true no
custom_profile Overrides t-shirt profile: Custom PowerVS instance. Specify 'sap_profile_id' here or combination of 'cores' & 'memory'. Optionally volumes can be created. 
object({
    sap_profile_id = string
    cores          = string
    memory         = string
    server_type    = string
    proc_type      = string
    storage = object({
      size = string
      tier = string
    })
  })
 
{
  "cores": "",
  "memory": "",
  "proc_type": "",
  "sap_profile_id": null,
  "server_type": "",
  "storage": {
    "size": "",
    "tier": ""
  }
}
 no
custom_profile_instance_boot_image Override the t-shirt size specs of PowerVS Workspace instance by selecting an image name and providing valid 'custom_profile' optional parameter. string "none" no
dns_forwarder_config Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. 
object({
    dns_servers = string
  })
 
{
  "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"
}
 no
enable_monitoring Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance and an Intel Monitoring Instance to host the services. If you already have an existing monitoring instance then specify in optional parameter 'existing_monitoring_instance_crn' and setting this parameter to true. bool n/a yes
enable_scc_wp Enable SCC Workload Protection and install and configure the Sysdig agent on all intel VSIs in this deployment. If set to true, then value for 'ansible_vault_password' in optional parameter must be set. bool n/a yes
existing_monitoring_instance_crn Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable_monitoring' is true. string null no
existing_sm_instance_guid An existing Secrets Manager GUID. The existing Secret Manager instance must have private certificate engine configured. If not provided an new instance will be provisioned. string null no
existing_sm_instance_region Required if value is passed into var.existing_sm_instance_guid. string null no
external_access_ip Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. string n/a yes
ibmcloud_api_key The IBM Cloud platform API key needed to deploy IAM enabled resources. string n/a yes
network_services_vsi_profile Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See here. string "cx2-2x4" no
nfs_server_config Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount_path' defines the target mount point on os. Set 'configure_nfs_server' to false to ignore creating file storage share. 
object({
    size       = number
    iops       = number
    mount_path = string
  })
 
{
  "iops": 600,
  "mount_path": "/nfs",
  "size": 200
}
 no
powervs_backup_network Name of the IBM Cloud PowerVS backup network and CIDR to create. 
object({
    name = string
    cidr = string
  })
 
{
  "cidr": "10.52.0.0/24",
  "name": "bkp_net"
}
 no
powervs_management_network Name of the IBM Cloud PowerVS management subnet and CIDR to create. 
object({
    name = string
    cidr = string
  })
 
{
  "cidr": "10.51.0.0/24",
  "name": "mgmt_net"
}
 no
powervs_resource_group_name Existing IBM Cloud resource group name. string "Default" no
powervs_zone IBM Cloud data center location where IBM PowerVS infrastructure will be created. string n/a yes
prefix A unique identifier for resources. Must begin with a lowercase letter and end with a lowercase letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 10 or fewer characters. string n/a yes
sm_service_plan The service/pricing plan to use when provisioning a new Secrets Manager instance. Allowed values: standard and trial. Only used if existing_sm_instance_guid is set to null. string "standard" no
ssh_private_key Private SSH key (RSA format) to login to Intel VSIs to configure network management services (SQUID, NTP, DNS and ansible). Should match to public SSH key referenced by 'ssh_public_key'. The key is not uploaded or stored. For more information about SSH keys, see SSH keys. string n/a yes
ssh_public_key Public SSH Key for VSI creation. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). Must be a valid SSH key that does not already exist in the deployment region. string n/a yes
tags List of tag names for the IBM Cloud PowerVS workspace list(string) [] no
tshirt_size PowerVS instance profiles. These profiles can be overridden by specifying 'custom_profile_instance_boot_image' and 'custom_profile' values in optional parameters. 
object({
    tshirt_size = string
    image       = string
  })
 n/a yes
vpc_intel_images Stock OS image names for creating VPC landing zone VSI instances: RHEL (management and network services) and SLES (monitoring). 
object({
    rhel_image = string
    sles_image = string
  })
 
{
  "rhel_image": "ibm-redhat-9-4-amd64-sap-applications-4",
  "sles_image": "ibm-sles-15-5-amd64-sap-applications-4"
}
 no

Outputs

Name Description
access_host_or_ip Access host(jump/bastion) for created PowerVS infrastructure.
ansible_host_or_ip Central Ansible node private IP address.
dns_host_or_ip DNS forwarder host for created PowerVS infrastructure.
monitoring_instance Details of the IBM Cloud Monitoring Instance: CRN, location, guid.
network_services_config Complete configuration of network management services.
nfs_host_or_ip_path NFS host for created PowerVS infrastructure.
ntp_host_or_ip NTP host for created PowerVS infrastructure.
powervs_backup_subnet Name, ID and CIDR of backup private network in created PowerVS infrastructure.
powervs_images Object containing imported PowerVS image names and image ids.
powervs_instance_management_ip IP address of the primary network interface of IBM PowerVS instance.
powervs_instance_private_ips All private IP addresses (as a list) of IBM PowerVS instance.
powervs_management_subnet Name, ID and CIDR of management private network in created PowerVS infrastructure.
powervs_resource_group_name IBM Cloud resource group where PowerVS infrastructure is created.
powervs_ssh_public_key SSH public key name and value in created PowerVS infrastructure.
powervs_storage_configuration Storage configuration of PowerVS instance.
powervs_workspace_guid PowerVS infrastructure workspace guid. The GUID of the resource instance.
powervs_workspace_id PowerVS infrastructure workspace id. The unique identifier of the new resource instance.
powervs_workspace_name PowerVS infrastructure workspace name.
powervs_zone Zone where PowerVS infrastructure is created.
prefix The prefix that is associated with all resources.
proxy_host_or_ip_port Proxy host:port for created PowerVS infrastructure.
resource_group_data List of resource groups data used within landing zone.
scc_wp_instance Details of the Security and Compliance Center Workload Protection Instance: guid, access key, api_endpoint, ingestion_endpoint.
schematics_workspace_id ID of the IBM Cloud Schematics workspace. Returns null if not ran in Schematics.
ssh_public_key The string value of the ssh public key used when deploying VPC.
transit_gateway_id The ID of transit gateway.
transit_gateway_name The name of the transit gateway.
vpc_names A list of the names of the VPC.
vsi_list A list of VSI with name, id, zone, and primary ipv4 address, VPC Name, and floating IP.
vsi_names A list of the vsis names provisioned within the VPCs.