diff --git a/modules/powervs-vpc-landing-zone/client2sitevpn.tf b/modules/powervs-vpc-landing-zone/client2sitevpn.tf index 44061c3c..81078075 100644 --- a/modules/powervs-vpc-landing-zone/client2sitevpn.tf +++ b/modules/powervs-vpc-landing-zone/client2sitevpn.tf @@ -64,7 +64,7 @@ resource "ibm_resource_instance" "secrets_manager" { service = "secrets-manager" plan = var.sm_service_plan location = local.sm_region - resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"] + resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"] tags = var.tags parameters = { "allowed_network" : "public-and-private" @@ -132,7 +132,7 @@ module "client_to_site_vpn" { count = var.client_to_site_vpn.enable ? 1 : 0 vpn_gateway_name = "${var.prefix}-vpc-pvs-vpn" - resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"] + resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"] access_group_name = "${var.prefix}-client-to-site-vpn-access-group" subnet_ids = [for subnet in module.landing_zone.subnet_data : subnet.id if subnet.name == "${var.prefix}-edge-vpn-zone-1"] client_ip_pool = var.client_to_site_vpn.client_ip_pool diff --git a/modules/powervs-vpc-landing-zone/main.tf b/modules/powervs-vpc-landing-zone/main.tf index d47e2674..1148310c 100644 --- a/modules/powervs-vpc-landing-zone/main.tf +++ b/modules/powervs-vpc-landing-zone/main.tf @@ -4,6 +4,9 @@ locals { external_access_ip = var.external_access_ip != null && var.external_access_ip != "" ? length(regexall("/", var.external_access_ip)) > 0 ? var.external_access_ip : "${var.external_access_ip}/32" : "" + # Openshift IPI requires VPC resources, PowerVS resources, and TGW to be in the same resource group + second_rg_name = var.powervs_resource_group_name != null ? "slz-edge-rg" : "ocp-rg" + tgw_rg_name = var.powervs_resource_group_name != null ? "slz-service-rg" : "ocp-rg" override_json_string = templatefile("${path.module}/presets/slz-preset.json.tftpl", { external_access_ip = local.external_access_ip, @@ -11,7 +14,9 @@ locals { network_services_vsi_profile = var.network_services_vsi_profile, transit_gateway_global = var.transit_gateway_global, enable_monitoring = var.enable_monitoring, - sles_image = var.vpc_intel_images.sles_image + sles_image = var.vpc_intel_images.sles_image, + second_rg_name = local.second_rg_name, + tgw_rg_name = local.tgw_rg_name } ) } @@ -110,7 +115,7 @@ module "vpc_file_share_alb" { count = var.configure_nfs_server ? 1 : 0 vpc_zone = "${lookup(local.ibm_powervs_zone_cloud_region_map, var.powervs_zone, null)}-1" - resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-slz-edge-rg"] + resource_group_id = module.landing_zone.resource_group_data["${var.prefix}-${local.second_rg_name}"] file_share_name = "${var.prefix}-file-share-nfs" file_share_size = var.nfs_server_config.size file_share_iops = var.nfs_server_config.iops diff --git a/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl b/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl index f79be82e..212e367e 100644 --- a/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl +++ b/modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl @@ -6,7 +6,7 @@ "use_prefix": true }, { - "name": "slz-edge-rg", + "name": "${second_rg_name}", "create": true, "use_prefix": true } @@ -116,7 +116,7 @@ "add_route": true }, "enable_transit_gateway": true, - "transit_gateway_resource_group": "slz-service-rg", + "transit_gateway_resource_group": "${tgw_rg_name}", "transit_gateway_global": ${transit_gateway_global}, "transit_gateway_connections": ["edge"], "security_groups": [ @@ -433,7 +433,7 @@ { "name": "vpe-sg", "vpc_name": "edge", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "show": false, "rules": [ { @@ -468,7 +468,7 @@ "vpcs": [ { "prefix": "edge", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "clean_default_sg_acl": false, "flow_logs_bucket_name": "atracker-bucket", "default_security_group_rules": [ @@ -550,7 +550,7 @@ "image_name": "${rhel_image}", "machine_type": "cx2-2x4", "vpc_name": "edge", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "enable_floating_ip": true, "boot_volume_encryption_key_name": "slz-vsi-volume-key", "ssh_keys": ["ssh-key"], @@ -564,7 +564,7 @@ "image_name": "${rhel_image}", "machine_type": "${network_services_vsi_profile}", "vpc_name": "edge", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "enable_floating_ip": false, "boot_volume_encryption_key_name": "slz-vsi-volume-key", "ssh_keys": ["ssh-key"], @@ -580,7 +580,7 @@ "image_name": "${sles_image}", "machine_type": "bx2-2x8", "vpc_name": "edge", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "enable_floating_ip": false, "boot_volume_encryption_key_name": "slz-vsi-volume-key", "ssh_keys": ["ssh-key"], @@ -595,7 +595,7 @@ { "service_name": "cos", "service_type": "cloud-object-storage", - "resource_group": "slz-edge-rg", + "resource_group": "${second_rg_name}", "vpcs": [ { "name": "edge",