feat: split monitoring instance and host

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-10-04T13:14:02Z",
+  "generated_at": "2025-10-17T09:01:30Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -116,7 +116,7 @@
         "hashed_secret": "9ceaacf8f9b3c35bd235b307d91a5bf7cff2c669",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 81,
+        "line_number": 82,
         "type": "Secret Keyword",
         "verified_result": null
       }

ibm_catalog.json

@@ -323,6 +323,9 @@
             {
               "key": "enable_monitoring"
             },
+            {
+              "key": "enable_monitoring_host"
+            },
             {
               "key": "existing_monitoring_instance_crn"
             },
@@ -505,7 +508,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Create a new architecture' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured."
@@ -972,6 +975,9 @@
             {
               "key": "enable_monitoring"
             },
+            {
+              "key": "enable_monitoring_host"
+            },
             {
               "key": "existing_monitoring_instance_crn"
             },
@@ -1154,7 +1160,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation of 'Create a new architecture' option deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured."
@@ -1565,7 +1571,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart OpenShift' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Quickstart OpenShift' deploys VPC services and an Openshift Cluster on PowerVS and interconnects them.\n \nRequired and optional management components are configured."

modules/powervs-vpc-landing-zone/README.md

@@ -76,6 +76,7 @@ module "powervs-vpc-landing-zone" {
   existing_sm_instance_guid                    = var.existing_sm_instance_guid                    #(optional.  default null)
   existing_sm_instance_region                  = var.existing_sm_instance_region                  #(optional.  default null)
   enable_monitoring                            = var.enable_monitoring                            #(optional.  default false)
+  enable_monitoring_host                       = var.enable_monitoring_host                            #(optional.  default false)
   existing_monitoring_instance_crn             = var.existing_monitoring_instance_crn             #(optional.  default null)
   enable_scc_wp                                = var.enable_scc_wp                                #(optional.  default false)
   ansible_vault_password                       = var.ansible_vault_password                       #(optional.  default null)
@@ -147,9 +148,10 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="input_configure_nfs_server"></a> [configure\_nfs\_server](#input\_configure\_nfs\_server) | Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). [File storage share and mount target](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui) in VPC will be created.. If yes, ensure 'nfs\_server\_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. | `bool` | `false` | no |
 | <a name="input_configure_ntp_forwarder"></a> [configure\_ntp\_forwarder](#input\_configure\_ntp\_forwarder) | Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. | `bool` | `false` | no |
 | <a name="input_dns_forwarder_config"></a> [dns\_forwarder\_config](#input\_dns\_forwarder\_config) | Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. | <pre>object({<br/>    dns_servers = string<br/>  })</pre> | <pre>{<br/>  "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"<br/>}</pre> | no |
-| <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance and an Intel Monitoring Instance to host the services. If you already have an existing monitoring instance then specify in optional parameter 'existing\_monitoring\_instance\_crn'. | `bool` | `false` | no |
+| <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance. If you already have an existing monitoring instance, set this to true and specify in optional parameter 'existing\_monitoring\_instance\_crn'. | `bool` | `false` | no |
+| <a name="input_enable_monitoring_host"></a> [enable\_monitoring\_host](#input\_enable\_monitoring\_host) | Specify whether to create an additional Intel Instance that can be used to configure additional monitoring services. | `bool` | `false` | no |
 | <a name="input_enable_scc_wp"></a> [enable\_scc\_wp](#input\_enable\_scc\_wp) | Set to true to enable SCC Workload Protection and install and configure the SCC Workload Protection agent on all VSIs and PowerVS instances in this deployment. | `bool` | `false` | no |
-| <a name="input_existing_monitoring_instance_crn"></a> [existing\_monitoring\_instance\_crn](#input\_existing\_monitoring\_instance\_crn) | Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable\_monitoring' is true. | `string` | `null` | no |
+| <a name="input_existing_monitoring_instance_crn"></a> [existing\_monitoring\_instance\_crn](#input\_existing\_monitoring\_instance\_crn) | Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable\_monitoring\_host' is true. | `string` | `null` | no |
 | <a name="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid) | An existing Secrets Manager GUID. If not provided a new instance will be provisioned. | `string` | `null` | no |
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Required if value is passed into `var.existing_sm_instance_guid`. | `string` | `null` | no |
 | <a name="input_external_access_ip"></a> [external\_access\_ip](#input\_external\_access\_ip) | Specify the source IP address or CIDR for login through SSH to the environment after deployment. Access to the environment will be allowed only from this IP address. Can be set to 'null' if you choose to use client to site vpn. | `string` | n/a | yes |
@@ -181,7 +183,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
 | <a name="output_ansible_host_or_ip"></a> [ansible\_host\_or\_ip](#output\_ansible\_host\_or\_ip) | Central Ansible node private IP address. |
 | <a name="output_dns_host_or_ip"></a> [dns\_host\_or\_ip](#output\_dns\_host\_or\_ip) | DNS forwarder host for created PowerVS infrastructure. |
 | <a name="output_kms_key_map"></a> [kms\_key\_map](#output\_kms\_key\_map) | Map of ids and keys for KMS keys created |
-| <a name="output_monitoring_instance"></a> [monitoring\_instance](#output\_monitoring\_instance) | Details of the IBM Cloud Monitoring Instance: CRN, location, guid, monitoring\_host\_ip. |
+| <a name="output_monitoring_instance"></a> [monitoring\_instance](#output\_monitoring\_instance) | Details of the IBM Cloud Monitoring Instance: CRN, location, guid, monitoring\_host\_ip. monitoring\_host\_ip is an empty string if enable\_monitoring\_host is disabled. |
 | <a name="output_network_load_balancer"></a> [network\_load\_balancer](#output\_network\_load\_balancer) | Details of network load balancer. |
 | <a name="output_network_services_config"></a> [network\_services\_config](#output\_network\_services\_config) | Complete configuration of network management services. |
 | <a name="output_nfs_host_or_ip_path"></a> [nfs\_host\_or\_ip\_path](#output\_nfs\_host\_or\_ip\_path) | NFS host for created PowerVS infrastructure. |

modules/powervs-vpc-landing-zone/main.tf

@@ -13,7 +13,7 @@ locals {
       network_services_vsi_profile = var.network_services_vsi_profile,
       user_data                    = var.user_data != null ? replace(var.user_data, "\n", "\\n") : null
       transit_gateway_global       = var.transit_gateway_global,
-      enable_monitoring            = var.enable_monitoring,
+      enable_monitoring_host       = var.enable_monitoring_host,
       sles_image                   = var.vpc_intel_images.sles_image,
       second_rg_name               = local.second_rg_name,
       tgw_rg_name                  = local.tgw_rg_name

modules/powervs-vpc-landing-zone/monitoring.tf

@@ -19,7 +19,7 @@ locals {
     crn                = var.enable_monitoring && var.existing_monitoring_instance_crn == null ? resource.ibm_resource_instance.monitoring_instance[0].crn : var.existing_monitoring_instance_crn != null ? var.existing_monitoring_instance_crn : ""
     location           = var.enable_monitoring && var.existing_monitoring_instance_crn == null ? resource.ibm_resource_instance.monitoring_instance[0].location : var.existing_monitoring_instance_crn != null ? split(":", var.existing_monitoring_instance_crn)[5] : ""
     guid               = var.enable_monitoring && var.existing_monitoring_instance_crn == null ? resource.ibm_resource_instance.monitoring_instance[0].guid : var.existing_monitoring_instance_crn != null ? split(":", var.existing_monitoring_instance_crn)[7] : ""
-    monitoring_host_ip = local.monitoring_vsi_ip
+    monitoring_host_ip = var.enable_monitoring_host ? local.monitoring_vsi_ip : ""
   }
 }
 
@@ -32,7 +32,7 @@ module "configure_monitoring_host" {
 
   source     = "./submodules/ansible"
   depends_on = [module.configure_network_services]
-  count      = var.enable_monitoring ? 1 : 0
+  count      = var.enable_monitoring_host ? 1 : 0
 
   bastion_host_ip        = local.access_host_or_ip
   ansible_host_or_ip     = local.network_services_vsi_ip

modules/powervs-vpc-landing-zone/outputs.tf

@@ -156,7 +156,7 @@ output "powervs_images" {
 ########################################################################
 
 output "monitoring_instance" {
-  description = "Details of the IBM Cloud Monitoring Instance: CRN, location, guid, monitoring_host_ip."
+  description = "Details of the IBM Cloud Monitoring Instance: CRN, location, guid, monitoring_host_ip. monitoring_host_ip is an empty string if enable_monitoring_host is disabled."
   value       = local.monitoring_instance
 }
 

modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl

@@ -836,7 +836,7 @@
             "user_data" : "${user_data}"
             %{ endif }
         }
-        %{ if "${enable_monitoring}" == true }
+        %{ if "${enable_monitoring_host}" == true }
         ,
         {
             "name": "monitoring",

modules/powervs-vpc-landing-zone/variables.tf

@@ -29,8 +29,8 @@ variable "vpc_intel_images" {
     error_message = "The rhel_image attribute of vpc_intel_images must not be empty. Please specify an OS image name to be used for creating management and network services VSI instances."
   }
   validation {
-    condition     = var.enable_monitoring ? (var.vpc_intel_images.sles_image != "" ? true : false) : true
-    error_message = "The sles_image attribute of var.vpc_intel_images cannot be empty when enable_monitoring is set to true. Please provide a valid SLES OS stock image name to create monitoring VSI."
+    condition     = var.enable_monitoring_host ? (var.vpc_intel_images.sles_image != "" ? true : false) : true
+    error_message = "The sles_image attribute of var.vpc_intel_images cannot be empty when enable_monitoring_host is set to true. Please provide a valid SLES OS stock image name to create monitoring VSI."
   }
 }
 
@@ -321,13 +321,24 @@ variable "existing_sm_instance_region" {
 #####################################################
 
 variable "enable_monitoring" {
-  description = "Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance and an Intel Monitoring Instance to host the services. If you already have an existing monitoring instance then specify in optional parameter 'existing_monitoring_instance_crn'."
+  description = "Specify whether Monitoring will be enabled. This includes the creation of an IBM Cloud Monitoring Instance. If you already have an existing monitoring instance, set this to true and specify in optional parameter 'existing_monitoring_instance_crn'."
   type        = bool
   default     = false
 }
 
+variable "enable_monitoring_host" {
+  description = "Specify whether to create an additional Intel Instance that can be used to configure additional monitoring services."
+  type        = bool
+  default     = false
+
+  validation {
+    condition     = var.enable_monitoring_host ? var.enable_monitoring && var.enable_monitoring_host : true
+    error_message = "enable_monitoring must be set to true to set enable_monitoring_host to true."
+  }
+}
+
 variable "existing_monitoring_instance_crn" {
-  description = "Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable_monitoring' is true. "
+  description = "Existing CRN of IBM Cloud Monitoring Instance. If value is null, then an IBM Cloud Monitoring Instance will not be created but an intel VSI instance will be created if 'enable_monitoring_host' is true. "
   type        = string
   default     = null
 }

reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-09"
+lastupdated: "2025-10-17"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.1.0
+version: v10.2.0
 compliance:
 
 ---
@@ -27,7 +27,7 @@ compliance:
 {: toc-content-type="reference-architecture"}
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
-{: toc-version="v10.1.0"}
+{: toc-version="v10.2.0"}
 
 The Quickstart OpenShift deployment on Power Virtual Server with a VPC landing zone uses the Red Hat IPI installer to set up an OpenShift cluster. Before the deployment begins, it provisions VPC services and creates a Power Virtual Server workspace, which together form the landing zone used to access and manage the cluster.
 

reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-09"
+lastupdated: "2025-10-17"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -16,7 +16,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.1.0
+version: v10.2.0
 compliance:
 
 ---
@@ -28,7 +28,7 @@ compliance:
 {: toc-content-type="reference-architecture"}
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
-{: toc-version="v10.1.0"}
+{: toc-version="v10.2.0"}
 
 Quickstart deployment of the Power Virtual Server with VPC landing zone creates VPC services, a Power Virtual Server workspace, and interconnects them. It also deploys a Power Virtual Server of chosen T-shirt size or custom configuration. Supported Os are Aix, IBM i, and Linux images.
 

reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-09"
+lastupdated: "2025-10-17"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.1.0
+version: v10.2.0
 compliance: SAPCertified
 
 ---
@@ -28,7 +28,7 @@ compliance: SAPCertified
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
 {: toc-compliance="SAPCertified"}
-{: toc-version="v10.1.0"}
+{: toc-version="v10.2.0"}
 
 The Standard deployment of the Power Virtual Server with VPC landing zone creates VPC services and a Power Virtual Server workspace and interconnects them.