You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: modules/powervs-vpc-landing-zone/README.md
+18-5
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,15 @@ This module provisions the following resources in IBM Cloud:
6
6
- A **VPC Infrastructure** with the following components:
7
7
- One VSI for one management (jump/bastion) VSI,
8
8
- One VSI for network-services configured as squid proxy, NTP and DNS servers(using Ansible Galaxy collection roles [ibm.power_linux_sap collection](https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/). This VSI also acts as central ansible execution node.
9
-
-[Client to site VPN server](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-client-to-site-overview)
| <aname="input_client_to_site_vpn"></a> [client\_to\_site\_vpn](#input\_client\_to\_site\_vpn)| VPN configuration - the client ip pool, existing instance id(guid) of the secrets manager, CRN of the uploaded VPN server certificate in secrets manager and list of users email ids to access the environment. | <pre>object({<br> enable = bool<br> client_ip_pool = string<br> secrets_manager_id = string<br> server_cert_crn = string<br> vpn_client_access_group_users = list(string)<br> })</pre> | <pre>{<br> "client_ip_pool": "192.168.0.0/16",<br> "enable": false,<br> "secrets_manager_id": "",<br> "server_cert_crn": "",<br> "vpn_client_access_group_users": [<br> ""<br> ]<br>}</pre> | no |
123
+
| <aname="input_certificate_template_name"></a> [certificate\_template\_name](#input\_certificate\_template\_name)| The name of the Certificate Template to create for a private\_cert secret engine. When `var.existing_sm_instance_guid` is not null, then it has to be the existing template name that exists in the private cert engine. |`string`|`"my-template"`| no |
124
+
| <aname="input_client_to_site_vpn"></a> [client\_to\_site\_vpn](#input\_client\_to\_site\_vpn)| VPN configuration - the client ip pool and list of users email ids to access the environment. If enabled, then a Secret Manager instance is also provisioned with certificates generated. See optional parameters to reuse existing certificate from secrets manager instance. | <pre>object({<br> enable = bool<br> client_ip_pool = string<br> vpn_client_access_group_users = list(string)<br> })</pre> | <pre>{<br> "client_ip_pool": "192.168.0.0/16",<br> "enable": true,<br> "vpn_client_access_group_users": []<br>}</pre> | no |
115
125
| <aname="input_configure_dns_forwarder"></a> [configure\_dns\_forwarder](#input\_configure\_dns\_forwarder)| Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns\_forwarder\_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. |`bool`|`false`| no |
116
126
| <aname="input_configure_nfs_server"></a> [configure\_nfs\_server](#input\_configure\_nfs\_server)| Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). [File storage share and mount target](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui) in VPC will be created.. If yes, ensure 'nfs\_server\_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. |`bool`|`false`| no |
117
127
| <aname="input_configure_ntp_forwarder"></a> [configure\_ntp\_forwarder](#input\_configure\_ntp\_forwarder)| Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. |`bool`|`false`| no |
118
128
| <aname="input_dns_forwarder_config"></a> [dns\_forwarder\_config](#input\_dns\_forwarder\_config)| Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. | <pre>object({<br> dns_servers = string<br> })</pre> | <pre>{<br> "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"<br>}</pre> | no |
129
+
| <aname="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid)| An existing Secrets Manager GUID. The existing Secret Manager instance must have private certificate engine configured. If not provided an new instance will be provisioned. |`string`|`null`| no |
130
+
| <aname="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region)| Required if value is passed into `var.existing_sm_instance_guid`. |`string`|`null`| no |
119
131
| <aname="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip)| Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. |`string`| n/a | yes |
120
132
| <aname="input_nfs_server_config"></a> [nfs\_server\_config](#input\_nfs\_server\_config)| Configuration for the NFS server. 'size' is in GB, 'iops' is maximum input/output operation performance bandwidth per second, 'mount\_path' defines the target mount point on os. Set 'configure\_nfs\_server' to false to ignore creating file storage share. | <pre>object({<br> size = number<br> iops = number<br> mount_path = string<br> })</pre> | <pre>{<br> "iops": 600,<br> "mount_path": "/nfs",<br> "size": 200<br>}</pre> | no |
121
133
| <aname="input_powervs_backup_network"></a> [powervs\_backup\_network](#input\_powervs\_backup\_network)| Name of the IBM Cloud PowerVS backup network and CIDR to create. | <pre>object({<br> name = string<br> cidr = string<br> })</pre> | <pre>{<br> "cidr": "10.52.0.0/24",<br> "name": "bkp_net"<br>}</pre> | no |
@@ -124,6 +136,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
124
136
| <aname="input_powervs_resource_group_name"></a> [powervs\_resource\_group\_name](#input\_powervs\_resource\_group\_name)| Existing IBM Cloud resource group name. |`string`| n/a | yes |
125
137
| <aname="input_powervs_zone"></a> [powervs\_zone](#input\_powervs\_zone)| IBM Cloud data center location where IBM PowerVS infrastructure will be created. |`string`| n/a | yes |
126
138
| <aname="input_prefix"></a> [prefix](#input\_prefix)| A unique identifier for resources. Must begin with a lowercase letter and end with a lowercase letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. |`string`| n/a | yes |
139
+
| <aname="input_sm_service_plan"></a> [sm\_service\_plan](#input\_sm\_service\_plan)| The service/pricing plan to use when provisioning a new Secrets Manager instance. Allowed values: `standard` and `trial`. Only used if `existing_sm_instance_guid` is set to null. |`string`|`"standard"`| no |
127
140
| <aname="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key)| Private SSH key (RSA format) used to login to IBM PowerVS instances. Should match to public SSH key referenced by 'ssh\_public\_key'. The key is not uploaded or stored. For more information about SSH keys, see [SSH keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys). |`string`| n/a | yes |
128
141
| <aname="input_ssh_public_key"></a> [ssh\_public\_key](#input\_ssh\_public\_key)| Public SSH Key for VSI creation. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). Must be a valid SSH key that does not already exist in the deployment region. |`string`| n/a | yes |
129
142
| <aname="input_tags"></a> [tags](#input\_tags)| List of tag names for the IBM Cloud PowerVS workspace |`list(string)`|`[]`| no |
0 commit comments