feat: enable support for Chennai DCs che02 and che03 (#1248)

Author: BabithaPadiri

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2026-01-12T16:23:47Z",
+  "generated_at": "2026-03-18T11:23:38Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -116,15 +116,15 @@
         "hashed_secret": "6f803b24314c39062efe38d0c1da8c472f47eab3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 174,
+        "line_number": 175,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 190,
+        "line_number": 191,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -134,7 +134,7 @@
         "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 61,
+        "line_number": 62,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -144,7 +144,7 @@
         "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 53,
+        "line_number": 54,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -154,7 +154,7 @@
         "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 32,
+        "line_number": 33,
         "type": "Secret Keyword",
         "verified_result": null
       }

common-dev-assets

@@ -103,6 +103,14 @@
               "required": true,
               "default_value": "",
               "options": [
+                {
+                  "displayname": "Chennai 02 (che02)",
+                  "value": "che02"
+                },
+                {
+                  "displayname": "Chennai 03 (che03)",
+                  "value": "che03"
+                },
                 {
                   "displayname": "Dallas (dallas)",
                   "value": "us-south"
@@ -567,7 +575,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.0.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.1.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Standard Landscape' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured."
@@ -618,6 +626,14 @@
               "default_value": "",
               "required": true,
               "options": [
+                {
+                  "displayname": "Chennai 02 (che02)",
+                  "value": "che02"
+                },
+                {
+                  "displayname": "Chennai 03 (che03)",
+                  "value": "che03"
+                },
                 {
                   "displayname": "Dallas (dallas)",
                   "value": "us-south"
@@ -1306,7 +1322,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.0.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.1.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured."
@@ -1883,7 +1899,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart OpenShift' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.0.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v11.1.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Quickstart OpenShift' deploys VPC services and an Openshift Cluster on PowerVS and interconnects them.\n \nRequired and optional management components are configured."

ibm_catalog.json

@@ -157,7 +157,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
 | <a name="input_ibm_dns_service"></a> [ibm\_dns\_service](#input\_ibm\_dns\_service) | Create IBM DNS service instance, DNS zone, and custom resolver. If set to false, then the DNS service and zone will not be created. Conflicts with 'configure\_dns\_forwarder'. | <pre>object({<br/>    enable      = bool<br/>    name        = optional(string)<br/>    base_domain = optional(string)<br/>    label       = optional(string)<br/>  })</pre> | <pre>{<br/>  "enable": false<br/>}</pre> | no |
-| <a name="input_network_services_vsi_profile"></a> [network\_services\_vsi\_profile](#input\_network\_services\_vsi\_profile) | Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui). | `string` | `"cx2-2x4"` | no |
+| <a name="input_network_services_vsi_profile"></a> [network\_services\_vsi\_profile](#input\_network\_services\_vsi\_profile) | Compute profile configuration of the network services vsi (cpu and memory configuration). Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui). | `string` | `"cxf-2x4"` | no |
 | <a name="input_nfs_server_config"></a> [nfs\_server\_config](#input\_nfs\_server\_config) | Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount\_path' defines the target mount point on os. Set 'configure\_nfs\_server' to false to ignore creating file storage share. | <pre>object({<br/>    size       = number<br/>    iops       = number<br/>    mount_path = string<br/>  })</pre> | <pre>{<br/>  "iops": 600,<br/>  "mount_path": "/nfs",<br/>  "size": 200<br/>}</pre> | no |
 | <a name="input_powervs_backup_network"></a> [powervs\_backup\_network](#input\_powervs\_backup\_network) | Name of the IBM Cloud PowerVS backup network and CIDR to create. | <pre>object({<br/>    name = string<br/>    cidr = string<br/>  })</pre> | <pre>{<br/>  "cidr": "10.52.0.0/24",<br/>  "name": "bkp_net"<br/>}</pre> | no |
 | <a name="input_powervs_custom_image_cos_configuration"></a> [powervs\_custom\_image\_cos\_configuration](#input\_powervs\_custom\_image\_cos\_configuration) | Cloud Object Storage bucket containing custom PowerVS images. bucket\_name: string, name of the COS bucket. bucket\_access: string, possible values: public, private (private requires powervs\_custom\_image\_cos\_service\_credentials). bucket\_region: string, COS bucket region | <pre>object({<br/>    bucket_name   = string<br/>    bucket_access = string<br/>    bucket_region = string<br/>  })</pre> | <pre>{<br/>  "bucket_access": "",<br/>  "bucket_name": "",<br/>  "bucket_region": ""<br/>}</pre> | no |

modules/powervs-vpc-landing-zone/README.md

@@ -26,6 +26,8 @@ locals {
     "us-east"  = "us-east"
     "wdc06"    = "us-east"
     "wdc07"    = "us-east"
+    "che02"    = "in-che"
+    "che03"    = "in-che"
   }
 
   ibm_powervs_availability_zone_map = {
@@ -51,6 +53,8 @@ locals {
     "us-east"  = "zone-1"
     "wdc06"    = "zone-2"
     "wdc07"    = "zone-3"
+    "che02"    = "zone-2"
+    "che03"    = "zone-3"
   }
   availability_zone        = lookup(local.ibm_powervs_availability_zone_map, var.powervs_zone, null) # "zone-n"
   availability_zone_number = substr(local.availability_zone, -1, 1)                                  # "n"

modules/powervs-vpc-landing-zone/locals.tf

@@ -804,7 +804,7 @@
         {
             "name": "jump-box",
             "image_name": "${rhel_image}",
-            "machine_type": "cx2-2x4",
+            "machine_type": "cxf-2x4",
             "vpc_name": "edge",
             "resource_group": "${second_rg_name}",
             "enable_floating_ip": true,
@@ -842,7 +842,7 @@
         {
             "name": "monitoring",
             "image_name": "${sles_image}",
-            "machine_type": "bx2-2x8",
+            "machine_type": "cxf-2x4",
             "vpc_name": "edge",
             "resource_group": "${second_rg_name}",
             "enable_floating_ip": false,

modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl

@@ -67,7 +67,8 @@ module "configure_scc_wp_agent" {
   playbook_template_vars = {
     COLLECTOR_ENDPOINT : local.scc_wp_instance.ingestion_endpoint,
     API_ENDPOINT : local.scc_wp_instance.api_endpoint,
-    ACCESS_KEY : local.scc_wp_instance.access_key
+    ACCESS_KEY : local.scc_wp_instance.access_key,
+    PROXY_SERVER : "${local.network_services_vsi_ip}:${local.network_services_config.squid.squid_port}"
   }
   src_inventory_template_name = "inventory.tftpl"
   dst_inventory_file_name     = "${var.prefix}-scc-wp-inventory"

modules/powervs-vpc-landing-zone/scc-wp.tf

@@ -39,6 +39,7 @@ No modules.
 | <a name="input_src_playbook_template_name"></a> [src\_playbook\_template\_name](#input\_src\_playbook\_template\_name) | Name of the playbook template file located within the 'templates-ansible' directory. | `string` | n/a | yes |
 | <a name="input_src_script_template_name"></a> [src\_script\_template\_name](#input\_src\_script\_template\_name) | Name of the bash script template file located within the 'templates-ansible' directory. | `string` | n/a | yes |
 | <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key) | Private SSH key used to login to jump/bastion server, also the ansible host and all the hosts on which tasks will be executed. This key will be written temporarily on ansible host and deleted after execution. | `string` | n/a | yes |
+| <a name="input_target_type"></a> [target\_type](#input\_target\_type) | Type of target hosts: 'vpc' for VPC VSIs (use vpcuser), 'powervs' for PowerVS instances (use root) | `string` | `"vpc"` | no |
 
 ### Outputs
 

modules/powervs-vpc-landing-zone/submodules/ansible/README.md

@@ -4,6 +4,7 @@
 # This bash script performs                                #
 # - installation of packages                               #
 # - ansible galaxy collections.                            #
+# Note: This script is executed with sudo privileges       #
 #                                                          #
 ############################################################
 
@@ -101,7 +102,13 @@ main::install_packages() {
       done
     done
 
-    ansible-galaxy collection install -r '/root/.ansible/collections/ansible_collections/ibm/power_linux_sap/requirements.yml' --upgrade
+    # Use the actual user's home directory for ansible collections
+    ANSIBLE_USER_HOME=$(getent passwd "${SUDO_USER:-$USER}" | cut -d: -f6)
+    if [ -f "${ANSIBLE_USER_HOME}/.ansible/collections/ansible_collections/ibm/power_linux_sap/requirements.yml" ]; then
+      ansible-galaxy collection install -r "${ANSIBLE_USER_HOME}/.ansible/collections/ansible_collections/ibm/power_linux_sap/requirements.yml" --upgrade
+    elif [ -f '/root/.ansible/collections/ansible_collections/ibm/power_linux_sap/requirements.yml' ]; then
+      ansible-galaxy collection install -r '/root/.ansible/collections/ansible_collections/ibm/power_linux_sap/requirements.yml' --upgrade
+    fi
     main::log_info "All packages installed successfully"
   fi
 

modules/powervs-vpc-landing-zone/submodules/ansible/ansible_node_packages.sh

@@ -1,7 +1,7 @@
 locals {
   src_ansible_templates_dir  = "${path.module}/templates-ansible"
   ansible_node_config_script = "${path.module}/ansible_node_packages.sh"
-  dst_files_dir              = "/root/terraform_files"
+  dst_files_dir              = "/home/vpcuser/terraform_files"
 
   src_script_tftpl_path    = "${local.src_ansible_templates_dir}/${var.src_script_template_name}"
   dst_script_file_path     = "${local.dst_files_dir}/${var.dst_script_file_name}"
@@ -17,7 +17,7 @@ resource "random_id" "filename" {
 }
 
 locals {
-  private_key_file = "/root/.ssh/id_rsa_${substr(random_id.filename.b64_url, 0, 4)}"
+  private_key_file = "/home/vpcuser/.ssh/id_rsa_${substr(random_id.filename.b64_url, 0, 4)}"
 }
 ##############################################################
 # 1. Execute shell script to install ansible roles/collections
@@ -28,7 +28,7 @@ resource "terraform_data" "setup_ansible_host" {
 
   connection {
     type         = "ssh"
-    user         = "root"
+    user         = "vpcuser"
     bastion_host = var.bastion_host_ip
     host         = var.ansible_host_or_ip
     private_key  = var.ssh_private_key
@@ -38,7 +38,7 @@ resource "terraform_data" "setup_ansible_host" {
 
   # Create terraform scripts directory
   provisioner "remote-exec" {
-    inline = ["mkdir -p ${local.dst_files_dir}", "chmod 777 ${local.dst_files_dir}", ]
+    inline = ["sudo mkdir -p ${local.dst_files_dir}", "sudo chmod 777 ${local.dst_files_dir}", ]
   }
 
   # Copy ansible_node_packages.sh shell file to ansible host
@@ -50,8 +50,8 @@ resource "terraform_data" "setup_ansible_host" {
   # Execute ansible_node_packages.sh shell script to configure ansible host
   provisioner "remote-exec" {
     inline = [
-      "chmod +x ${local.dst_files_dir}/ansible_node_packages.sh",
-      "${local.dst_files_dir}/ansible_node_packages.sh",
+      "sudo chmod +x ${local.dst_files_dir}/ansible_node_packages.sh",
+      "sudo ${local.dst_files_dir}/ansible_node_packages.sh",
     ]
   }
 }
@@ -70,7 +70,7 @@ resource "terraform_data" "execute_playbooks" {
 
   connection {
     type         = "ssh"
-    user         = "root"
+    user         = "vpcuser"
     bastion_host = var.bastion_host_ip
     host         = var.ansible_host_or_ip
     private_key  = var.ssh_private_key
@@ -82,7 +82,7 @@ resource "terraform_data" "execute_playbooks" {
 
   # Create terraform scripts directory
   provisioner "remote-exec" {
-    inline = ["mkdir -p ${local.dst_files_dir}", "chmod 777 ${local.dst_files_dir}", ]
+    inline = ["sudo mkdir -p ${local.dst_files_dir}", "sudo chmod 777 ${local.dst_files_dir}", ]
   }
 
   # Copy and create ansible playbook template file on ansible host
@@ -93,7 +93,7 @@ resource "terraform_data" "execute_playbooks" {
 
   # Copy and create ansible inventory template file on ansible host
   provisioner "file" {
-    content     = templatefile(local.src_inventory_tftpl_path, var.inventory_template_vars)
+    content     = templatefile(local.src_inventory_tftpl_path, merge(var.inventory_template_vars, { target_type = var.target_type }))
     destination = local.dst_inventory_file_path
   }
 
@@ -112,8 +112,8 @@ resource "terraform_data" "execute_playbooks" {
   # Write ssh user's ssh private key
   provisioner "remote-exec" {
     inline = [
-      "mkdir -p /root/.ssh/",
-      "chmod 700 /root/.ssh",
+      "mkdir -p /home/vpcuser/.ssh/",
+      "chmod 700 /home/vpcuser/.ssh",
       "echo '${var.ssh_private_key}' > ${local.private_key_file}",
       "chmod 600 ${local.private_key_file}",
     ]
@@ -122,15 +122,15 @@ resource "terraform_data" "execute_playbooks" {
   # Execute bash shell script to run ansible playbooks
   provisioner "remote-exec" {
     inline = [
-      "chmod +x ${local.dst_script_file_path}",
-      local.dst_script_file_path,
+      "sudo chmod +x ${local.dst_script_file_path}",
+      "sudo ${local.dst_script_file_path}",
     ]
   }
 
   # Again delete private ssh key
   provisioner "remote-exec" {
     inline = [
-      "rm -rf ${local.private_key_file}"
+      "sudo rm -rf ${local.private_key_file}"
     ]
   }
 }
@@ -141,7 +141,7 @@ resource "terraform_data" "execute_playbooks_with_vault" {
 
   connection {
     type         = "ssh"
-    user         = "root"
+    user         = "vpcuser"
     bastion_host = var.bastion_host_ip
     host         = var.ansible_host_or_ip
     private_key  = var.ssh_private_key
@@ -153,13 +153,14 @@ resource "terraform_data" "execute_playbooks_with_vault" {
 
   # Create terraform scripts directory
   provisioner "remote-exec" {
-    inline = ["mkdir -p ${local.dst_files_dir}", "chmod 777 ${local.dst_files_dir}", ]
+    inline = ["sudo mkdir -p ${local.dst_files_dir}", "sudo chmod 777 ${local.dst_files_dir}", ]
   }
 
   # Copy and create ansible playbook template file on ansible host
   provisioner "file" {
     content     = templatefile(local.src_playbook_tftpl_path, var.playbook_template_vars)
     destination = local.dst_playbook_file_path
+
   }
 
   #########  Encrypting the ansible playbook file with sensitive information using ansible vault  #########
@@ -172,7 +173,7 @@ resource "terraform_data" "execute_playbooks_with_vault" {
 
   # Copy and create ansible inventory template file on ansible host
   provisioner "file" {
-    content     = templatefile(local.src_inventory_tftpl_path, var.inventory_template_vars)
+    content     = templatefile(local.src_inventory_tftpl_path, merge(var.inventory_template_vars, { target_type = var.target_type }))
     destination = local.dst_inventory_file_path
   }
 
@@ -191,8 +192,8 @@ resource "terraform_data" "execute_playbooks_with_vault" {
   # Write ssh user's ssh private key
   provisioner "remote-exec" {
     inline = [
-      "mkdir -p /root/.ssh/",
-      "chmod 700 /root/.ssh",
+      "mkdir -p /home/vpcuser/.ssh/",
+      "chmod 700 /home/vpcuser/.ssh",
       "echo '${var.ssh_private_key}' > ${local.private_key_file}",
       "chmod 600 ${local.private_key_file}",
     ]
@@ -201,8 +202,8 @@ resource "terraform_data" "execute_playbooks_with_vault" {
   # Execute bash shell script to run ansible playbooks
   provisioner "remote-exec" {
     inline = [
-      "chmod +x ${local.dst_script_file_path}",
-      local.dst_script_file_path,
+      "sudo chmod +x ${local.dst_script_file_path}",
+      "sudo ${local.dst_script_file_path}",
     ]
   }
 
@@ -215,9 +216,3 @@ resource "terraform_data" "execute_playbooks_with_vault" {
     ]
   }
 }
-
-
-moved {
-  from = terraform_data.setup_ansible_host
-  to   = terraform_data.setup_ansible_host[0]
-}