terraform-ibm-modules
diff --git a/‎.secrets.baseline‎
Lines changed: 4 additions & 4 deletions b/‎.secrets.baseline‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cra-config.yaml‎
Lines changed: 4 additions & 2 deletions b/‎cra-config.yaml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎ibm_catalog.json‎
Lines changed: 64 additions & 45 deletions b/‎ibm_catalog.json‎
Lines changed: 64 additions & 45 deletions
diff --git a/‎modules/powervs-vpc-landing-zone/README.md‎
Lines changed: 13 additions & 3 deletions b/‎modules/powervs-vpc-landing-zone/README.md‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎modules/powervs-vpc-landing-zone/client2sitevpn.tf‎
Lines changed: 1 addition & 1 deletion b/‎modules/powervs-vpc-landing-zone/client2sitevpn.tf‎
Lines changed: 1 addition & 1 deletion
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-10-31T13:54:05Z",
+  "generated_at": "2024-11-26T11:58:55Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -82,23 +82,23 @@
         "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 43,
+        "line_number": 46,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "a67ef662b9a11a96b15936764d77e118c9f155dd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 56,
+        "line_number": 59,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "6aa42ddb8d86de967d322e6fdde293bf1344c852",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 71,
+        "line_number": 74,
         "type": "Secret Keyword",
         "verified_result": null
       }
 
@@ -1,13 +1,15 @@
 version: "v1"
 CRA_TARGETS:
   - CRA_TARGET: "solutions/standard"
-    PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"  # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
+    PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3" # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json"
     CRA_ENVIRONMENT_VARIABLES:
       TF_VAR_prefix: "cra-infra"
       TF_VAR_powervs_zone: "syd05"
       TF_VAR_powervs_resource_group_name: "Default"
       TF_VAR_external_access_ip: "0.0.0.0/0"
-      TF_VAR_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDb8qoH4U47+79ssT6FdsOIxxZY8/oxWc66WPwqHfpjCgDRP3Rc1uq2YEKIRJba2DzNFnf+byinH0O9hwjKZ/3l7HxNtvQZXdCnT79TOT/wGbcHBV8ZUTBkUOx67ryS0F5bKDdMDWdsWkMXkRb8AAsJWLAeuFsfMYQjMBLmvrMsRRB6GG+97jF18ghqHjuBTX1FNF9fcytEaz7WfP8KrgSYRcQOauIVlMJyOmh3gZl84u14SXwQKhQrdvqt47ZErKH+fbsgxfOvvmYgr5RktKjbmi+lyBkxRM7//BaKcPw5saThf1MiEesJxIqyL16DW9LXdWei74xHNuF65K03y975Qr9CtPkr1rGgxwU2ksqLy1NN5TnF4erd1VSuLZ5BLov7JRJ2K17ttt0agp9VmkjRFIivOek=
+      TF_VAR_ssh_public_key:
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDb8qoH4U47+79ssT6FdsOIxxZY8/oxWc66WPwqHfpjCgDRP3Rc1uq2YEKIRJba2DzNFnf+byinH0O9hwjKZ/3l7HxNtvQZXdCnT79TOT/wGbcHBV8ZUTBkUOx67ryS0F5bKDdMDWdsWkMXkRb8AAsJWLAeuFsfMYQjMBLmvrMsRRB6GG+97jF18ghqHjuBTX1FNF9fcytEaz7WfP8KrgSYRcQOauIVlMJyOmh3gZl84u14SXwQKhQrdvqt47ZErKH+fbsgxfOvvmYgr5RktKjbmi+lyBkxRM7//BaKcPw5saThf1MiEesJxIqyL16DW9LXdWei74xHNuF65K03y975Qr9CtPkr1rGgxwU2ksqLy1NN5TnF4erd1VSuLZ5BLov7JRJ2K17ttt0agp9VmkjRFIivOek=
         some-user@testing-box"
       TF_VAR_ssh_private_key: "some_key"
+      TF_VAR_enable_monitoring: true
@@ -216,30 +216,34 @@
               "key": "powervs_image_names",
               "required": true
             },
+            {
+              "key": "enable_monitoring",
+              "required": true
+            },
             {
               "key": "powervs_custom_images",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "json_editor"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "json_editor"
               }
             },
             {
               "key": "powervs_custom_image_cos_configuration",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "json_editor"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "json_editor"
               }
             },
             {
               "key": "powervs_custom_image_cos_service_credentials",
               "type": "multiline_secure_value",
               "display_name": "Multiline secure value",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "multiline_secure_value"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "multiline_secure_value"
               }
             },
             {
@@ -272,6 +276,9 @@
             {
               "key": "tags"
             },
+            {
+              "key": "existing_monitoring_instance_crn"
+            },
             {
               "key": "sm_service_plan"
             },
@@ -406,6 +413,9 @@
             {
               "key": "powervs_images"
             },
+            {
+              "key": "monitoring_instance"
+            },
             {
               "key": "schematics_workspace_id"
             }
@@ -480,36 +490,32 @@
                 "description": "No"
               },
               {
-                "title": "Number of VPCs",
-                "description": "1"
-              },
-              {
-                "title": "Number of Intel VSIs",
+                "title": "Number of Intel Virtual Server Instance",
                 "description": "2"
               },
               {
-                "title": "Separate VPC for management",
-                "description": "Yes"
+                "title": "Number of VPCs",
+                "description": "1"
               },
               {
-                "title": "Separate VPC for Network Services",
-                "description": "Yes"
+                "title": "Number of Power Virtual Server Workspace",
+                "description": "1"
               },
               {
                 "title": "Increases security with Key Management",
                 "description": "Yes"
               },
-              {
-                "title": "Power Virtual Server Workspace",
-                "description": "PowerVS Workspace with all required components"
-              },
               {
                 "title": "Internet proxy on VPC",
                 "description": "Proxy service to reach public internet from PowerVS Workspace"
               },
               {
                 "title": "Additional management configurations on VPC",
                 "description": "NFS as service, NTP forwarder, and DNS forwarder reachable from PowerVS Workspace"
+              },
+              {
+                "title": "Monitoring Instance and Monitoring Intel VSI Host",
+                "description": "Optional"
               }
             ],
             "diagrams": [
@@ -570,6 +576,10 @@
                   "displayname": "London 06 (lon06)",
                   "value": "lon06"
                 },
+                {
+                  "displayname": "Madrid 02 (mad02)",
+                  "value": "mad02"
+                },
                 {
                   "displayname": "Osaka 21 (osa21)",
                   "value": "osa21"
@@ -750,6 +760,10 @@
                 "type": "resource_group"
               }
             },
+            {
+              "key": "enable_monitoring",
+              "required": true
+            },
             {
               "key": "custom_profile_instance_boot_image",
               "type": "string",
@@ -862,6 +876,9 @@
             {
               "key": "tags"
             },
+            {
+              "key": "existing_monitoring_instance_crn"
+            },
             {
               "key": "external_access_ip",
               "default_value": "0.0.0.0/0"
@@ -1012,6 +1029,9 @@
             {
               "key": "powervs_storage_configuration"
             },
+            {
+              "key": "monitoring_instance"
+            },
             {
               "key": "schematics_workspace_id"
             }
@@ -1086,36 +1106,32 @@
                 "description": "Yes, 1 instance"
               },
               {
-                "title": "Number of VPCs",
-                "description": "1"
-              },
-              {
-                "title": "Number of Intel VSIs",
+                "title": "Number of Intel Virtual Server Instance",
                 "description": "2"
               },
               {
-                "title": "Separate VPC for management",
-                "description": "Yes"
+                "title": "Number of VPCs",
+                "description": "1"
               },
               {
-                "title": "Separate VPC for Network Services",
-                "description": "Yes"
+                "title": "Number of Power Virtual Server Workspace",
+                "description": "1"
               },
               {
                 "title": "Increases security with Key Management",
                 "description": "Yes"
               },
-              {
-                "title": "Power Virtual Server Workspace",
-                "description": "PowerVS Workspace with all required components"
-              },
               {
                 "title": "Internet proxy on VPC",
                 "description": "Proxy service to reach public internet from PowerVS Workspace"
               },
               {
                 "title": "Additional management configurations on VPC",
-                "description": "NFS server, NTP forwarder, and DNS forwarder reachable from PowerVS Workspace"
+                "description": "NFS as service, NTP forwarder, and DNS forwarder reachable from PowerVS Workspace"
+              },
+              {
+                "title": "Monitoring Instance and Monitoring Intel VSI Host",
+                "description": "Optional"
               }
             ],
             "diagrams": [
@@ -1604,27 +1620,27 @@
             {
               "key": "powervs_custom_images",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "json_editor"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "json_editor"
               }
             },
             {
               "key": "powervs_custom_image_cos_configuration",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "json_editor"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "json_editor"
               }
             },
             {
               "key": "powervs_custom_image_cos_service_credentials",
               "type": "multiline_secure_value",
               "display_name": "Multiline secure value",
               "custom_config": {
-                  "grouping": "deployment",
-                  "original_grouping": "deployment",
-                  "type": "multiline_secure_value"
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "multiline_secure_value"
               }
             },
             {
@@ -1701,6 +1717,9 @@
             {
               "key": "powervs_images"
             },
+            {
+              "key": "monitoring_instance"
+            },
             {
               "key": "schematics_workspace_id"
             }
 
@@ -4,8 +4,9 @@
 
 This module provisions the following resources in IBM Cloud:
 - A **VPC Infrastructure** with the following components:
-    - One VSI for one management (jump/bastion) VSI,
+    - One VSI for management (jump/bastion) VSI,
     - One VSI for network-services configured as squid proxy, NTP and DNS servers(using Ansible Galaxy collection roles [ibm.power_linux_sap collection](https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/). This VSI also acts as central ansible execution node.
+    - Optional VSI for Monitoring host
     - Optional [Client to site VPN server](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-client-to-site-overview)
     - Optional [File storage share](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui)
     - Optional [Application load balancer](https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers&interface=ui)
@@ -16,7 +17,9 @@ This module provisions the following resources in IBM Cloud:
     - Activity tracker
     - Optional Secrets Manager Instance Instance with private certificate.
 
+
 - A local or global **transit gateway**
+- An optional IBM Cloud Monitoring Instance
 
 - A **Power Virtual Server** workspace with the following network topology:
     - Creates two private networks: a management network and a backup network.
@@ -73,6 +76,8 @@ module "powervs-vpc-landing-zone" {
   existing_sm_instance_region                  = var.existing_sm_instance_region                  #(optional.  default check vars)
   certificate_template_name                    = var.certificate_template_name                    #(optional.  default check vars)
   network_services_vsi_profile                 = var.network_services_vsi_profile                 #(optional.  default check vars)
+  enable_monitoring                            = var.enable_monitoring                            #(optional.  default true)
+  existing_monitoring_instance_crn             = var.existing_monitoring_instance_crn             #(optional.  default null)
 }
 ```
 
@@ -101,9 +106,10 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_client_to_site_vpn"></a> [client\_to\_site\_vpn](#module\_client\_to\_site\_vpn) | terraform-ibm-modules/client-to-site-vpn/ibm | 1.7.23 |
+| <a name="module_client_to_site_vpn"></a> [client\_to\_site\_vpn](#module\_client\_to\_site\_vpn) | terraform-ibm-modules/client-to-site-vpn/ibm | 1.7.24 |
+| <a name="module_configure_monitoring_host"></a> [configure\_monitoring\_host](#module\_configure\_monitoring\_host) | ./submodules/ansible | n/a |
 | <a name="module_configure_network_services"></a> [configure\_network\_services](#module\_configure\_network\_services) | ./submodules/ansible | n/a |
-| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module | 6.2.2 |
+| <a name="module_landing_zone"></a> [landing\_zone](#module\_landing\_zone) | terraform-ibm-modules/landing-zone/ibm//patterns//vsi//module | 6.4.0 |
 | <a name="module_powervs_workspace"></a> [powervs\_workspace](#module\_powervs\_workspace) | terraform-ibm-modules/powervs-workspace/ibm | 2.2.0 |
 | <a name="module_private_secret_engine"></a> [private\_secret\_engine](#module\_private\_secret\_engine) | terraform-ibm-modules/secrets-manager-private-cert-engine/ibm | 1.3.4 |
 | <a name="module_secrets_manager_group"></a> [secrets\_manager\_group](#module\_secrets\_manager\_group) | terraform-ibm-modules/secrets-manager-secret-group/ibm | 1.2.2 |
@@ -116,6 +122,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 |------|------|
 | [ibm_is_vpc_address_prefix.vpn_address_prefix](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_address_prefix) | resource |
 | [ibm_is_vpc_routing_table.transit](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_routing_table) | resource |
+| [ibm_resource_instance.monitoring_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [ibm_resource_instance.secrets_manager](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 
 ### Inputs
@@ -128,6 +135,8 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="input_configure_nfs_server"></a> [configure\_nfs\_server](#input\_configure\_nfs\_server) | Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). [File storage share and mount target](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui) in VPC will be created.. If yes, ensure 'nfs\_server\_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. | `bool` | `false` | no |
 | <a name="input_configure_ntp_forwarder"></a> [configure\_ntp\_forwarder](#input\_configure\_ntp\_forwarder) | Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. | `bool` | `false` | no |
 | <a name="input_dns_forwarder_config"></a> [dns\_forwarder\_config](#input\_dns\_forwarder\_config) | Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. | <pre>object({<br/>    dns_servers = string<br/>  })</pre> | <pre>{<br/>  "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"<br/>}</pre> | no |
+| <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance and an Intel Monitoring Instance to host the services. If you already have an existing monitoring instance then specify in optional parameter 'existing\_monitoring\_instance\_crn'. | `bool` | `true` | no |
+| <a name="input_existing_monitoring_instance_crn"></a> [existing\_monitoring\_instance\_crn](#input\_existing\_monitoring\_instance\_crn) | Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable\_monitoring' is true. | `string` | `null` | no |
 | <a name="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid) | An existing Secrets Manager GUID. The existing Secret Manager instance must have private certificate engine configured. If not provided an new instance will be provisioned. | `string` | `null` | no |
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
@@ -155,6 +164,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="output_access_host_or_ip"></a> [access\_host\_or\_ip](#output\_access\_host\_or\_ip) | Access host(jump/bastion) for created PowerVS infrastructure. |
 | <a name="output_ansible_host_or_ip"></a> [ansible\_host\_or\_ip](#output\_ansible\_host\_or\_ip) | Central Ansible node private IP address. |
 | <a name="output_dns_host_or_ip"></a> [dns\_host\_or\_ip](#output\_dns\_host\_or\_ip) | DNS forwarder host for created PowerVS infrastructure. |
+| <a name="output_monitoring_instance"></a> [monitoring\_instance](#output\_monitoring\_instance) | Details of the IBM Cloud Monitoring Instance: CRN, location, guid |
 | <a name="output_network_services_config"></a> [network\_services\_config](#output\_network\_services\_config) | Complete configuration of network management services. |
 | <a name="output_nfs_host_or_ip_path"></a> [nfs\_host\_or\_ip\_path](#output\_nfs\_host\_or\_ip\_path) | NFS host for created PowerVS infrastructure. |
 | <a name="output_ntp_host_or_ip"></a> [ntp\_host\_or\_ip](#output\_ntp\_host\_or\_ip) | NTP host for created PowerVS infrastructure. |
 
@@ -122,7 +122,7 @@ module "secrets_manager_private_certificate" {
 # Create client to site VPN Server
 module "client_to_site_vpn" {
   source    = "terraform-ibm-modules/client-to-site-vpn/ibm"
-  version   = "1.7.23"
+  version   = "1.7.24"
   providers = { ibm = ibm.ibm-is }
   count     = var.client_to_site_vpn.enable ? 1 : 0