From 97894eb8c8aededf95d4c09c987111e7366ad754 Mon Sep 17 00:00:00 2001 From: surajsbharadwaj Date: Thu, 23 Oct 2025 17:44:10 +0200 Subject: [PATCH 1/4] fix: remove validation for dns, allow user to set configure_dns_forwarder to false --- modules/powervs-vpc-landing-zone/variables.tf | 7 +------ solutions/standard/README.md | 2 +- solutions/standard/variables.tf | 2 +- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/modules/powervs-vpc-landing-zone/variables.tf b/modules/powervs-vpc-landing-zone/variables.tf index e45bd7d5..ce62d3c4 100644 --- a/modules/powervs-vpc-landing-zone/variables.tf +++ b/modules/powervs-vpc-landing-zone/variables.tf @@ -84,12 +84,7 @@ variable "ibm_dns_service" { label = optional(string) }) default = { - "enable" = false - } - - validation { - condition = var.ibm_dns_service.enable != var.configure_dns_forwarder - error_message = "The 'ibm_dns_service' and 'configure_dns_forwarder' cannot both be true." + enable = false } } diff --git a/solutions/standard/README.md b/solutions/standard/README.md index f6a4fde2..1e9f7f3b 100644 --- a/solutions/standard/README.md +++ b/solutions/standard/README.md @@ -69,7 +69,7 @@ This example sets up the following infrastructure: | [IC\_SCHEMATICS\_WORKSPACE\_ID](#input\_IC\_SCHEMATICS\_WORKSPACE\_ID) | leave blank if running locally. This variable will be automatically populated if running from an IBM Cloud Schematics workspace. | `string` | `""` | no | | [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt ansible playbooks that contain sensitive information. Required when SCC workload Protection is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no | | [client\_to\_site\_vpn](#input\_client\_to\_site\_vpn) | VPN configuration - the client ip pool and list of users email ids to access the environment. If enabled, then a Secret Manager instance is also provisioned with certificates generated. See optional parameters to reuse an existing Secrets manager instance. | 
object({
    enable                        = bool
    client_ip_pool                = string
    vpn_client_access_group_users = list(string)
  })
| 
{
  "client_ip_pool": "192.168.0.0/16",
  "enable": false,
  "vpn_client_access_group_users": []
}
| no | -| [configure\_dns\_forwarder](#input\_configure\_dns\_forwarder) | Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns\_forwarder\_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. | `bool` | `true` | no | +| [configure\_dns\_forwarder](#input\_configure\_dns\_forwarder) | Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns\_forwarder\_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. | `bool` | `false` | no | | [configure\_nfs\_server](#input\_configure\_nfs\_server) | Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). [File storage share and mount target](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui) in VPC will be created.. If yes, ensure 'nfs\_server\_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. | `bool` | `true` | no | | [configure\_ntp\_forwarder](#input\_configure\_ntp\_forwarder) | Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. | `bool` | `true` | no | | [dns\_forwarder\_config](#input\_dns\_forwarder\_config) | Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. | 
object({
    dns_servers = string
  })
| 
{
  "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"
}
| no | diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf index c2ba2cb6..b2321af8 100644 --- a/solutions/standard/variables.tf +++ b/solutions/standard/variables.tf @@ -205,7 +205,7 @@ variable "network_services_vsi_profile" { variable "configure_dns_forwarder" { description = "Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns_forwarder_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi." type = bool - default = true + default = false } variable "configure_ntp_forwarder" { From 9a10f59e68f295adddb986afdc9ce706187ac81a Mon Sep 17 00:00:00 2001 From: surajsbharadwaj Date: Thu, 23 Oct 2025 17:47:53 +0200 Subject: [PATCH 2/4] chore: release version --- .secrets.baseline | 2 +- ibm_catalog.json | 6 +++--- .../deploy-arch-ibm-pvs-inf-standard-openshift.md | 6 +++--- .../deploy-arch-ibm-pvs-inf-standard-plus-vsi.md | 6 +++--- .../standard/deploy-arch-ibm-pvs-inf-standard.md | 6 +++--- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4ad64b3e..406df8fb 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-10-17T09:01:30Z", + "generated_at": "2025-10-24T09:01:30Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/ibm_catalog.json b/ibm_catalog.json index 360ba7e2..41e4b784 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -502,7 +502,7 @@ { "diagram": { "caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg", "type": "image/svg+xml" }, "description": "The Power Virtual Server with VPC landing zone as variation 'Create a new architecture' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured." @@ -1148,7 +1148,7 @@ { "diagram": { "caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg", "type": "image/svg+xml" }, "description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation of 'Create a new architecture' option deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured." @@ -1556,7 +1556,7 @@ { "diagram": { "caption": "Power Virtual Server with VPC landing zone 'Quickstart OpenShift' variation", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg", "type": "image/svg+xml" }, "description": "The Power Virtual Server with VPC landing zone as variation 'Quickstart OpenShift' deploys VPC services and an Openshift Cluster on PowerVS and interconnects them.\n \nRequired and optional management components are configured." diff --git a/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md b/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md index 05fb9618..886d154c 100644 --- a/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md +++ b/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md @@ -1,7 +1,7 @@ --- copyright: years: 2024, 2025 -lastupdated: "2025-10-17" +lastupdated: "2025-10-24" keywords: subcollection: deployable-reference-architectures authors: @@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf use-case: ITServiceManagement industry: Technology content-type: reference-architecture -version: v10.2.0 +version: v10.2.1 compliance: --- @@ -27,7 +27,7 @@ compliance: {: toc-content-type="reference-architecture"} {: toc-industry="Technology"} {: toc-use-case="ITServiceManagement"} -{: toc-version="v10.2.0"} +{: toc-version="v10.2.1"} The Quickstart OpenShift deployment on Power Virtual Server with a VPC landing zone uses the Red Hat IPI installer to set up an OpenShift cluster. Before the deployment begins, it provisions VPC services and creates a Power Virtual Server workspace, which together form the landing zone used to access and manage the cluster. diff --git a/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md b/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md index 53525d9b..c6048e06 100644 --- a/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md +++ b/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md @@ -1,7 +1,7 @@ --- copyright: years: 2024, 2025 -lastupdated: "2025-10-17" +lastupdated: "2025-10-24" keywords: subcollection: deployable-reference-architectures authors: @@ -16,7 +16,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf use-case: ITServiceManagement industry: Technology content-type: reference-architecture -version: v10.2.0 +version: v10.2.1 compliance: --- @@ -28,7 +28,7 @@ compliance: {: toc-content-type="reference-architecture"} {: toc-industry="Technology"} {: toc-use-case="ITServiceManagement"} -{: toc-version="v10.2.0"} +{: toc-version="v10.2.1"} Quickstart deployment of the Power Virtual Server with VPC landing zone creates VPC services, a Power Virtual Server workspace, and interconnects them. It also deploys a Power Virtual Server of chosen T-shirt size or custom configuration. Supported Os are Aix, IBM i, and Linux images. diff --git a/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md b/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md index 3ecc058f..d93d4dd5 100644 --- a/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md +++ b/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md @@ -1,7 +1,7 @@ --- copyright: years: 2024, 2025 -lastupdated: "2025-10-17" +lastupdated: "2025-10-24" keywords: subcollection: deployable-reference-architectures authors: @@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf use-case: ITServiceManagement industry: Technology content-type: reference-architecture -version: v10.2.0 +version: v10.2.1 compliance: SAPCertified --- @@ -28,7 +28,7 @@ compliance: SAPCertified {: toc-industry="Technology"} {: toc-use-case="ITServiceManagement"} {: toc-compliance="SAPCertified"} -{: toc-version="v10.2.0"} +{: toc-version="v10.2.1"} The Standard deployment of the Power Virtual Server with VPC landing zone creates VPC services and a Power Virtual Server workspace and interconnects them. From 933b0c50903c3a416ca87164fd037576057e1ba2 Mon Sep 17 00:00:00 2001 From: surajsbharadwaj Date: Thu, 23 Oct 2025 18:58:54 +0200 Subject: [PATCH 3/4] chore: update region for validation --- .../standard-plus-vsi/catalogValidationValues.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/standard-plus-vsi/catalogValidationValues.json.template b/solutions/standard-plus-vsi/catalogValidationValues.json.template index 3971bb9f..66c06bf7 100644 --- a/solutions/standard-plus-vsi/catalogValidationValues.json.template +++ b/solutions/standard-plus-vsi/catalogValidationValues.json.template @@ -1,6 +1,6 @@ { "ibmcloud_api_key": $VALIDATION_APIKEY, - "powervs_zone": "dal10", + "powervs_zone": "dal12", "prefix": "qs-val", "tshirt_size": { "tshirt_size":"aix_xs", From ac17ded650d950af04f9882e3cd12f64c87438f6 Mon Sep 17 00:00:00 2001 From: surajsbharadwaj Date: Thu, 23 Oct 2025 19:42:50 +0200 Subject: [PATCH 4/4] fix: revert default for configure_dns_forwarder --- solutions/standard/README.md | 2 +- solutions/standard/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/standard/README.md b/solutions/standard/README.md index 1e9f7f3b..f6a4fde2 100644 --- a/solutions/standard/README.md +++ b/solutions/standard/README.md @@ -69,7 +69,7 @@ This example sets up the following infrastructure: | [IC\_SCHEMATICS\_WORKSPACE\_ID](#input\_IC\_SCHEMATICS\_WORKSPACE\_ID) | leave blank if running locally. This variable will be automatically populated if running from an IBM Cloud Schematics workspace. | `string` | `""` | no | | [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt ansible playbooks that contain sensitive information. Required when SCC workload Protection is enabled. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no | | [client\_to\_site\_vpn](#input\_client\_to\_site\_vpn) | VPN configuration - the client ip pool and list of users email ids to access the environment. If enabled, then a Secret Manager instance is also provisioned with certificates generated. See optional parameters to reuse an existing Secrets manager instance. | 
object({
    enable                        = bool
    client_ip_pool                = string
    vpn_client_access_group_users = list(string)
  })
| 
{
  "client_ip_pool": "192.168.0.0/16",
  "enable": false,
  "vpn_client_access_group_users": []
}
| no | -| [configure\_dns\_forwarder](#input\_configure\_dns\_forwarder) | Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns\_forwarder\_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. | `bool` | `false` | no | +| [configure\_dns\_forwarder](#input\_configure\_dns\_forwarder) | Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns\_forwarder\_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi. | `bool` | `true` | no | | [configure\_nfs\_server](#input\_configure\_nfs\_server) | Specify if NFS server will be configured. This will allow you easily to share files between PowerVS instances (e.g., SAP installation files). [File storage share and mount target](https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-create&interface=ui) in VPC will be created.. If yes, ensure 'nfs\_server\_config' optional variable is set properly below. Default value is '200GB' which will be mounted on specified directory in network-service vsi. | `bool` | `true` | no | | [configure\_ntp\_forwarder](#input\_configure\_ntp\_forwarder) | Specify if NTP forwarder will be configured. This will allow you to synchronize time between IBM PowerVS instances. NTP forwarder will be installed on the network-services vsi. | `bool` | `true` | no | | [dns\_forwarder\_config](#input\_dns\_forwarder\_config) | Configuration for the DNS forwarder to a DNS service that is not reachable directly from PowerVS. | 
object({
    dns_servers = string
  })
| 
{
  "dns_servers": "161.26.0.7; 161.26.0.8; 9.9.9.9;"
}
| no | diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf index b2321af8..c2ba2cb6 100644 --- a/solutions/standard/variables.tf +++ b/solutions/standard/variables.tf @@ -205,7 +205,7 @@ variable "network_services_vsi_profile" { variable "configure_dns_forwarder" { description = "Specify if DNS forwarder will be configured. This will allow you to use central DNS servers (e.g. IBM Cloud DNS servers) sitting outside of the created IBM PowerVS infrastructure. If yes, ensure 'dns_forwarder_config' optional variable is set properly. DNS forwarder will be installed on the network-services vsi." type = bool - default = false + default = true } variable "configure_ntp_forwarder" {