IBM Power Virtual Server with VPC landing zone module

The Power Virtual Server with VPC landing zone module automates the following tasks:

• Creates an IBM® Power Virtual Server (PowerVS) workspace.
• Creates an SSH key.
• Creates two private networks: a management network and a backup network.
• Creates two IBM Cloud connections with an option to reuse the connections.
• Attaches the IBM Cloud connections to a transit gateway.
• Attaches the private networks to the IBM Cloud connections.
• Installs and configures the Squid Proxy, DNS Forwarder, NTP Forwarder and NFS on specified host, and sets the host as server for these services by using Ansible roles.

The following limitations apply to the module:

• Only two IBM Cloud connections are supported
• You cannot reuse IBM Cloud connections
• Private networks in a PowerVS workspace must be in 10.0.0.0/8 range
• Only the following operating systems are supported:
  • SUSE Linux Enterprise Server (SLES) version 15 SP3
  • Red Hat Enterprise Linux (RHEL) version 8.4

For more information about IBM Power Virtual Server see the getting started IBM Cloud docs.

Reference architectures

• Power Virtual Server with VPC landing zone - PowerVS workspace full-stack variation
• Power Virtual Server with VPC landing zone - PowerVS workspace extension variation

Usage

provider "ibm" {
  region           = var.powervs_region
  zone             = var.powervs_zone
  ibmcloud_api_key = var.ibmcloud_api_key != null ? var.ibmcloud_api_key : null
}

module "power-infrastructure" {
  # Replace "main" with a GIT release version to lock into a specific release
  source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure.git?ref=main"

  powervs_zone                 = var.powervs_zone
  powervs_resource_group_name  = var.powervs_resource_group_name
  powervs_workspace_name       = var.powervs_workspace_name
  tags                         = var.tags
  powervs_image_names          = var.powervs_image_names
  powervs_sshkey_name          = var.powervs_sshkey_name
  ssh_public_key               = var.ssh_public_key
  ssh_private_key              = var.ssh_private_key
  powervs_management_network   = var.powervs_management_network
  powervs_backup_network       = var.powervs_backup_network
  transit_gateway_name         = var.transit_gateway_name
  reuse_cloud_connections      = var.reuse_cloud_connections
  cloud_connection_name_prefix = var.cloud_connection_name_prefix
  cloud_connection_count       = var.cloud_connection_count
  cloud_connection_speed       = var.cloud_connection_speed
  cloud_connection_gr          = var.cloud_connection_gr
  cloud_connection_metered     = var.cloud_connection_metered
  access_host_or_ip            = var.access_host_or_ip
  squid_config                 = var.squid_config
  dns_forwarder_config         = var.dns_forwarder_config
  ntp_forwarder_config         = var.ntp_forwarder_config
  nfs_config                   = var.nfs_config
  perform_proxy_client_setup   = var.perform_proxy_client_setup
}

Required IAM access policies

You need the following permissions to run this module.

• Account Management
  • Resource Group service
    • Viewer platform access
  • IAM Services
    • Workspace for Power Virtual Server service
    • Power Virtual Server service
      • Editor platform access
    • VPC Infrastructure Services service
      • Editor platform access
    • Transit Gateway service
      • Editor platform access
    • Direct Link service
      • Editor platform access

Examples

• IBM Cloud catalog example for Power Virtual Server with VPC landing zone Extension Variation
• IBM Cloud catalog example for Power Virtual Server with VPC landing zone Full-Stack Variation
• Standard example for Power Virtual Server with VPC landing zone

Requirements

Name	Version
terraform	>= 1.3, < 1.5
ibm	>=1.49.0
time	>= 0.9.1

Modules

Name	Source	Version
cloud_connection_attach	./submodules/power_cloudconnection_attach	n/a
cloud_connection_create	./submodules/power_cloudconnection_create	n/a
initial_validation	./submodules/initial_validation	n/a
power_management_service_dns	./submodules/power_management_services_setup	n/a
power_management_service_nfs	./submodules/power_management_services_setup	n/a
power_management_service_ntp	./submodules/power_management_services_setup	n/a
power_management_service_squid	./submodules/power_management_services_setup	n/a
power_workspace	./submodules/power_workspace	n/a

Resources

Name	Type
time_sleep.wait_for_squid_setup_to_complete	resource

Inputs

Name	Description	Type	Default	Required
access_host_or_ip	The public IP address or hostname for the access host. The address is used to reach the target or server_host IP address and to configure the DNS, NTP, NFS, and Squid proxy services. Set it to null if you do not want to configure any services.	string	null	no
cloud_connection_count	Required number of Cloud connections to create or reuse. The maximum number of connections is two per location.	number	2	no
cloud_connection_gr	Whether to enable global routing for this IBM Cloud connection. You can specify this value when you create a connection.	bool	null	no
cloud_connection_metered	Whether to enable metering for this IBM Cloud connection. You can specify this value when you create a connection.	bool	null	no
cloud_connection_name_prefix	If null or empty string, default cloud connection name will be -conn-1.	string	null	no
cloud_connection_speed	Speed in megabits per second. Supported values are 50, 100, 200, 500, 1000, 2000, 5000, 10000. Required when you create a connection.	number	5000	no
dns_forwarder_config	Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS.	object({ dns_enable = bool server_host_or_ip = string dns_servers = string })	{ "dns_enable": "false", "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;", "server_host_or_ip": "" }	no
nfs_config	Configuration for the shared NFS file system (for example, for the installation media). Creates a filesystem of disk size specified, mounts and NFS exports it.	object({ nfs_enable = bool server_host_or_ip = string nfs_file_system = list(object({ name = string mount_path = string size = number })) })	{ "nfs_enable": "false", "nfs_file_system": [ { "mount_path": "/nfs", "name": "nfs", "size": 1000 } ], "server_host_or_ip": "" }	no
ntp_forwarder_config	Configuration for the NTP forwarder to an NTP service that is not reachable directly from PowerVS.	object({ ntp_enable = bool server_host_or_ip = string })	{ "ntp_enable": "false", "server_host_or_ip": "" }	no
perform_proxy_client_setup	Proxy configuration to allow internet access for a VM or LPAR.	object( { squid_client_ips = list(string) squid_server_ip = string squid_port = string no_proxy_hosts = string } )	null	no
powervs_backup_network	Name of the IBM Cloud PowerVS backup network and CIDR to create.	object({ name = string cidr = string })	{ "cidr": "10.52.0.0/24", "name": "bkp_net" }	no
powervs_image_names	List of Images to be imported into cloud account from catalog images.	list(string)	[ "SLES15-SP3-SAP", "SLES15-SP3-SAP-NETWEAVER", "RHEL8-SP4-SAP", "RHEL8-SP4-SAP-NETWEAVER" ]	no
powervs_management_network	Name of the IBM Cloud PowerVS management subnet and CIDR to create.	object({ name = string cidr = string })	{ "cidr": "10.51.0.0/24", "name": "mgmt_net" }	no
powervs_resource_group_name	Existing IBM Cloud resource group name.	string	n/a	yes
powervs_sshkey_name	Name of the PowerVS SSH key to create.	string	"ssh-key-pvs"	no
powervs_workspace_name	Name of the PowerVS workspace to create.	string	"power-workspace"	no
powervs_zone	IBM Cloud PowerVS zone.	string	n/a	yes
reuse_cloud_connections	When true, IBM Cloud connections are reused (if attached to the transit gateway).	bool	false	no
squid_config	Configuration for the Squid proxy setup.	object({ squid_enable = bool server_host_or_ip = string squid_port = string })	{ "server_host_or_ip": "", "squid_enable": "false", "squid_port": "3128" }	no
ssh_private_key	Private SSH key (RSA format) used to login to IBM PowerVS instances. Should match to uploaded public SSH key referenced by 'ssh_public_key'. Entered data must be in heredoc strings format (https://www.terraform.io/language/expressions/strings#heredoc-strings). The key is not uploaded or stored.	string	n/a	yes
ssh_public_key	Public SSH Key for the PowerVM to create.	string	n/a	yes
tags	List of tag names for the IBM Cloud PowerVS Workspace.	list(string)	null	no
transit_gateway_name	Name of the existing transit gateway. Required when you create new IBM Cloud connections. Set it to null if reusing cloud connections	string	n/a	yes

Outputs

Name	Description
access_host_or_ip	Access host for created PowerVS infrastructure.
cloud_connection_count	Number of cloud connections configured in created PowerVS infrastructure.
dns_host_or_ip	DNS forwarder host for created PowerVS infrastructure.
nfs_host_or_ip_path	NFS host for created PowerVS infrastructure.
ntp_host_or_ip	NTP host for created PowerVS infrastructure.
powervs_backup_network_name	Name of backup network in created PowerVS infrastructure.
powervs_management_network_name	Name of management network in created PowerVS infrastructure.
powervs_resource_group_name	IBM Cloud resource group where PowerVS infrastructure is created.
powervs_sshkey_name	SSH public key name in created PowerVS infrastructure.
powervs_workspace_name	PowerVS infrastructure workspace name.
powervs_zone	Zone where PowerVS infrastructure is created.
proxy_host_or_ip_port	Proxy host for created PowerVS infrastructure.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.