terraform-ibm-modules
diff --git a/‎.secrets.baseline‎
Lines changed: 3 additions & 3 deletions b/‎.secrets.baseline‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 6 deletions b/‎README.md‎
Lines changed: 5 additions & 6 deletions
diff --git a/‎ibm_catalog.json‎
Lines changed: 2 additions & 17 deletions b/‎ibm_catalog.json‎
Lines changed: 2 additions & 17 deletions
diff --git a/‎modules/ansible/templates-ansible/configure-scc-wp-agent/playbook-configure-scc-wp-agent.yml.tftpl‎
Lines changed: 0 additions & 1 deletion b/‎modules/ansible/templates-ansible/configure-scc-wp-agent/playbook-configure-scc-wp-agent.yml.tftpl‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎modules/pi-sap-system-type1/README.md‎
Lines changed: 1 addition & 2 deletions b/‎modules/pi-sap-system-type1/README.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎modules/pi-sap-system-type1/main.tf‎
Lines changed: 8 additions & 33 deletions b/‎modules/pi-sap-system-type1/main.tf‎
Lines changed: 8 additions & 33 deletions
diff --git a/‎modules/pi-sap-system-type1/variables.tf‎
Lines changed: 3 additions & 7 deletions b/‎modules/pi-sap-system-type1/variables.tf‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.md‎
Lines changed: 3 additions & 3 deletions b/‎reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.svg‎
Lines changed: 1 addition & 1 deletion b/‎reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.svg‎
Lines changed: 1 addition & 1 deletion
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-04-07T07:39:16Z",
+  "generated_at": "2025-05-08T17:02:08Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -102,7 +102,7 @@
         "hashed_secret": "2254481e1661d8f017a712b0d1ad9a14fd9460a3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 55,
+        "line_number": 54,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -112,7 +112,7 @@
         "hashed_secret": "2254481e1661d8f017a712b0d1ad9a14fd9460a3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 64,
+        "line_number": 60,
         "type": "Secret Keyword",
         "verified_result": null
       }
 
@@ -42,12 +42,13 @@ This repository contains deployable architecture solutions that help in deployin
 
 
 ## Solutions
+
 |                                  Variation                                  | Available on IBM Catalog | Requires Schematics Workspace ID | Creates PowerVS with VPC landing zone | Creates PowerVS HANA Instance | Creates PowerVS NW Instances | Performs PowerVS OS Config | Performs PowerVS SAP Tuning | Install SAP software |
 |:---------------------------------------------------------------------------:|:------------------------:|:--------------------------------:|:-------------------------------------:|:-----------------------------:|:----------------------------:|:--------------------------:|:---------------------------:|:--------------------:|
-| [ IBM catalog PowerVS SAP Ready ]( ./solutions/ibm-catalog/sap-ready-to-go/ ) |    :heavy_check_mark:    |        :heavy_check_mark:        |                  N/A                  |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
-| [ IBM catalog SAP S/4HANA or BW/4HANA variation ]( ./solutions/ibm-catalog/sap-s4hana-bw4hana ) |    :heavy_check_mark:    |        :heavy_check_mark:        |                  N/A                  |               1               |            1            |     :heavy_check_mark:     |      :heavy_check_mark:     |          :heavy_check_mark:         |
-|             [ PowerVS SAP Ready ]( ./solutions/sap-ready-to-go/ )             |            N/A           |                N/A               |                  N/A                  |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
-|                      [ End-to-End ]( ./solutions/e2e/ )                     |            N/A           |                N/A               |           :heavy_check_mark:          |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
+| [IBM catalog PowerVS SAP Ready]( ./solutions/ibm-catalog/sap-ready-to-go/ ) |    :heavy_check_mark:    |        :heavy_check_mark:        |                  N/A                  |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
+| [IBM catalog SAP S/4HANA or BW/4HANA variation]( ./solutions/ibm-catalog/sap-s4hana-bw4hana ) |    :heavy_check_mark:    |        :heavy_check_mark:        |                  N/A                  |               1               |            1            |     :heavy_check_mark:     |      :heavy_check_mark:     |          :heavy_check_mark:         |
+|             [PowerVS SAP Ready]( ./solutions/sap-ready-to-go/ )             |            N/A           |                N/A               |                  N/A                  |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
+|                      [End-to-End]( ./solutions/e2e/ )                     |            N/A           |                N/A               |           :heavy_check_mark:          |               1               |            0 to N            |     :heavy_check_mark:     |      :heavy_check_mark:     |          N/A         |
 
 
 
@@ -66,8 +67,6 @@ You need the following permissions to run this module.
             - `Editor` platform access
         - **Transit Gateway** service
             - `Editor` platform access
-        - **Direct Link** service
-            - `Editor` platform access
 
 ## Contributing
 
 
@@ -55,8 +55,7 @@
                         {
                             "flavors": [
                                 "standard",
-                                "standard-extend",
-                                "import"
+                                "standard-extend"
                             ],
                             "id": "2dd486c7-b317-4aaa-907b-42671485ad96-global",
                             "name": "deploy-arch-ibm-pvs-inf",
@@ -227,7 +226,6 @@
                         {
                             "key": "nfs_directory",
                             "hidden": true
-
                         },
                         {
                             "key": "powervs_sap_network_cidr"
@@ -330,12 +328,6 @@
                             ],
                             "service_name": "transit.gateway"
                         },
-                        {
-                            "role_crns": [
-                                "crn:v1:bluemix:public:iam::::role:Editor"
-                            ],
-                            "service_name": "directlink.connect"
-                        },
                         {
                             "role_crns": [
                                 "crn:v1:bluemix:public:iam::::serviceRole:Manager"
@@ -384,8 +376,7 @@
                         {
                             "flavors": [
                                 "standard",
-                                "standard-extend",
-                                "import"
+                                "standard-extend"
                             ],
                             "id": "2dd486c7-b317-4aaa-907b-42671485ad96-global",
                             "name": "deploy-arch-ibm-pvs-inf",
@@ -731,12 +722,6 @@
                             ],
                             "service_name": "transit.gateway"
                         },
-                        {
-                            "role_crns": [
-                                "crn:v1:bluemix:public:iam::::role:Editor"
-                            ],
-                            "service_name": "directlink.connect"
-                        },
                         {
                             "role_crns": [
                                 "crn:v1:bluemix:public:iam::::serviceRole:Manager"
 
@@ -8,7 +8,6 @@
 - name: Install and connect Sysdig Agent
   hosts: all
   vars:
-    wp_guid: "${SCC_WP_GUID}"
     collector_endpoint: "${COLLECTOR_ENDPOINT}"
     wp_api_endpoint: "${API_ENDPOINT}"
     access_key: "${ACCESS_KEY}"
 
@@ -49,7 +49,6 @@ The Power Virtual Server for SAP module automates the following tasks:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt OS registration parameters. Only required with customer provided linux subscription (pi\_os\_registration). Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | `null` | no |
-| <a name="input_os_image_distro"></a> [os\_image\_distro](#input\_os\_image\_distro) | Image distribution that's used for all instances(HANA, NetWeaver). Only required for hotfix of networks getting attached in random order. Will be removed in future releases. | `string` | `""` | no |
 | <a name="input_pi_hana_instance"></a> [pi\_hana\_instance](#input\_pi\_hana\_instance) | PowerVS SAP HANA instance hostname (non FQDN). Will get the form of <var.prefix>-<var.pi\_hana\_instance.name>. Max length of final hostname must be <= 13 characters.'sap\_profile\_id' Must be one of the supported profiles. See [here](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-power-vs). File system sizes are automatically calculated. Override automatic calculation by setting values in optional 'pi\_hana\_instance\_custom\_storage\_config' parameter. 'additional\_storage\_config' additional File systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>object({<br/>    name           = string<br/>    image_id       = string<br/>    sap_profile_id = string<br/>    additional_storage_config = list(object({<br/>      name  = string<br/>      size  = string<br/>      count = string<br/>      tier  = string<br/>      mount = string<br/>    }))<br/>  })</pre> | <pre>{<br/>  "additional_storage_config": [<br/>    {<br/>      "count": "1",<br/>      "mount": "/usr/sap",<br/>      "name": "usrsap",<br/>      "size": "50",<br/>      "tier": "tier3"<br/>    }<br/>  ],<br/>  "image_id": "insert_value_here",<br/>  "name": "hana",<br/>  "sap_profile_id": "ush1-4x256"<br/>}</pre> | no |
 | <a name="input_pi_hana_instance_custom_storage_config"></a> [pi\_hana\_instance\_custom\_storage\_config](#input\_pi\_hana\_instance\_custom\_storage\_config) | Custom file systems to be created and attached to PowerVS SAP HANA instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>list(object({<br/>    name  = string<br/>    size  = string<br/>    count = string<br/>    tier  = string<br/>    mount = string<br/>  }))</pre> | <pre>[<br/>  {<br/>    "count": "",<br/>    "mount": "",<br/>    "name": "",<br/>    "size": "",<br/>    "tier": ""<br/>  }<br/>]</pre> | no |
 | <a name="input_pi_instance_init_linux"></a> [pi\_instance\_init\_linux](#input\_pi\_instance\_init\_linux) | Configures a PowerVS linux instance to have internet access by setting proxy on it, updates os and create filesystems using ansible collection [ibm.power\_linux\_sap collection](https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/) where 'bastion\_host\_ip' is public IP of bastion/jump host to access the 'ansible\_host\_or\_ip' private IP of ansible node. This ansible host must have access to the power virtual server instance and ansible host OS must be RHEL distribution. | <pre>object(<br/>    {<br/>      enable             = bool<br/>      bastion_host_ip    = string<br/>      ansible_host_or_ip = string<br/>      ssh_private_key    = string<br/>      custom_os_registration = optional(object({<br/>        username = string<br/>        password = string<br/>      }))<br/>    }<br/>  )</pre> | n/a | yes |
@@ -62,7 +61,7 @@ The Power Virtual Server for SAP module automates the following tasks:
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Unique prefix for resources to be created (e.g., SAP system name). | `string` | n/a | yes |
 | <a name="input_sap_domain"></a> [sap\_domain](#input\_sap\_domain) | SAP network domain name. | `string` | `"sap.com"` | no |
 | <a name="input_sap_network_services_config"></a> [sap\_network\_services\_config](#input\_sap\_network\_services\_config) | Configures network services NTP, NFS and DNS on PowerVS instance. Requires 'pi\_instance\_init\_linux' to be specified. | <pre>object(<br/>    {<br/>      squid = object({ enable = bool, squid_server_ip_port = string, no_proxy_hosts = string })<br/>      nfs   = object({ enable = bool, nfs_server_path = string, nfs_client_path = string, opts = string, fstype = string })<br/>      dns   = object({ enable = bool, dns_server_ip = string })<br/>      ntp   = object({ enable = bool, ntp_server_ip = string })<br/>    }<br/>  )</pre> | <pre>{<br/>  "dns": {<br/>    "dns_server_ip": "",<br/>    "enable": false<br/>  },<br/>  "nfs": {<br/>    "enable": false,<br/>    "fstype": "",<br/>    "nfs_client_path": "",<br/>    "nfs_server_path": "",<br/>    "opts": ""<br/>  },<br/>  "ntp": {<br/>    "enable": false,<br/>    "ntp_server_ip": ""<br/>  },<br/>  "squid": {<br/>    "enable": false,<br/>    "no_proxy_hosts": "",<br/>    "squid_server_ip_port": ""<br/>  }<br/>}</pre> | no |
-| <a name="input_scc_wp_instance"></a> [scc\_wp\_instance](#input\_scc\_wp\_instance) | SCC Workload Protection instance to connect to. Leave empty to not use it. | <pre>object({<br/>    guid               = string,<br/>    access_key         = string,<br/>    api_endpoint       = string,<br/>    ingestion_endpoint = string<br/>  })</pre> | <pre>{<br/>  "access_key": "",<br/>  "api_endpoint": "",<br/>  "guid": "",<br/>  "ingestion_endpoint": ""<br/>}</pre> | no |
+| <a name="input_scc_wp_instance"></a> [scc\_wp\_instance](#input\_scc\_wp\_instance) | SCC Workload Protection instance to connect to. Set enable to false to not use it. | <pre>object({<br/>    enable             = bool<br/>    guid               = string,<br/>    access_key         = string,<br/>    api_endpoint       = string,<br/>    ingestion_endpoint = string<br/>  })</pre> | <pre>{<br/>  "access_key": "",<br/>  "api_endpoint": "",<br/>  "enable": false,<br/>  "guid": "",<br/>  "ingestion_endpoint": ""<br/>}</pre> | no |
 
 ### Outputs
 
 
@@ -23,22 +23,6 @@ locals {
   server_type             = contains(local.p10_unsupported_regions, var.pi_region) ? "s922" : "s1022"
 }
 
-#####################################################
-# Networks getting attached in random order hotfix
-#####################################################
-
-locals {
-  cloud_init   = <<EOT
-#cloud-config
-
-runcmd:
-  - echo net.ipv4.conf.all.rp_filter=2 >> /etc/sysctl.conf
-  - sysctl -w net.ipv4.conf.all.rp_filter=2
-EOT
-  pi_user_data = var.os_image_distro == "RHEL" ? local.cloud_init : null
-}
-
-
 ##########################################################################################################
 # Deploy SAP HANA Instance
 ##########################################################################################################
@@ -68,7 +52,6 @@ module "pi_hana_instance" {
   pi_storage_config          = module.pi_hana_storage_calculation.pi_hana_storage_config
   pi_instance_init_linux     = var.pi_instance_init_linux
   pi_network_services_config = var.sap_network_services_config
-  pi_user_data               = local.pi_user_data
   ansible_vault_password     = var.ansible_vault_password
 }
 
@@ -119,7 +102,6 @@ module "pi_netweaver_primary_instance" {
   pi_storage_config          = local.pi_netweaver_primary_instance_storage_config
   pi_instance_init_linux     = var.pi_instance_init_linux
   pi_network_services_config = var.sap_network_services_config
-  pi_user_data               = local.pi_user_data
   ansible_vault_password     = var.ansible_vault_password
 }
 
@@ -168,7 +150,6 @@ module "pi_netweaver_secondary_instances" {
   pi_storage_config          = var.pi_netweaver_instance.storage_config
   pi_instance_init_linux     = var.pi_instance_init_linux
   pi_network_services_config = var.sap_network_services_config
-  pi_user_data               = local.pi_user_data
   ansible_vault_password     = var.ansible_vault_password
 }
 
@@ -247,21 +228,11 @@ module "ansible_sap_instance_init" {
 #######################################################################
 # Ansible Install Sysdig agent and connect to SCC Workload Protection
 #######################################################################
-
-locals {
-  enable_scc_wp = var.scc_wp_instance.guid != "" && var.scc_wp_instance.ingestion_endpoint != "" && var.scc_wp_instance.api_endpoint != "" && var.scc_wp_instance.access_key != ""
-  scc_wp_playbook_template_vars = {
-    SCC_WP_GUID : var.scc_wp_instance.guid,
-    COLLECTOR_ENDPOINT : var.scc_wp_instance.ingestion_endpoint,
-    API_ENDPOINT : var.scc_wp_instance.api_endpoint,
-    ACCESS_KEY : var.scc_wp_instance.access_key
-  }
-}
 module "configure_scc_wp_agent" {
 
   source     = "../ansible"
   depends_on = [module.ansible_sap_instance_init]
-  count      = local.enable_scc_wp ? 1 : 0
+  count      = var.scc_wp_instance.enable ? 1 : 0
 
   bastion_host_ip        = var.pi_instance_init_linux.bastion_host_ip
   ansible_host_or_ip     = var.pi_instance_init_linux.ansible_host_or_ip
@@ -272,9 +243,13 @@ module "configure_scc_wp_agent" {
   src_script_template_name = "configure-scc-wp-agent/ansible_configure_scc_wp_agent.sh.tftpl"
   dst_script_file_name     = "${var.prefix}-configure_scc_wp_agent.sh"
 
-  src_playbook_template_name  = "configure-scc-wp-agent/playbook-configure-scc-wp-agent.yml.tftpl"
-  dst_playbook_file_name      = "${var.prefix}-playbook-configure-scc-wp-agent.yml"
-  playbook_template_vars      = local.scc_wp_playbook_template_vars
+  src_playbook_template_name = "configure-scc-wp-agent/playbook-configure-scc-wp-agent.yml.tftpl"
+  dst_playbook_file_name     = "${var.prefix}-playbook-configure-scc-wp-agent.yml"
+  playbook_template_vars = {
+    COLLECTOR_ENDPOINT : var.scc_wp_instance.ingestion_endpoint,
+    API_ENDPOINT : var.scc_wp_instance.api_endpoint,
+    ACCESS_KEY : var.scc_wp_instance.access_key
+  }
   src_inventory_template_name = "pi-instance-inventory.tftpl"
   dst_inventory_file_name     = "${var.prefix}-scc-wp-inventory"
   inventory_template_vars     = { "pi_instance_management_ip" : join("\n", [module.pi_hana_instance.pi_instance_primary_ip], var.pi_netweaver_instance.instance_count > 0 ? module.pi_netweaver_primary_instance[*].pi_instance_primary_ip : [], var.pi_netweaver_instance.instance_count > 1 ? module.pi_netweaver_secondary_instances[*].pi_instance_primary_ip : []) }
 
@@ -193,14 +193,16 @@ variable "sap_domain" {
 }
 
 variable "scc_wp_instance" {
-  description = "SCC Workload Protection instance to connect to. Leave empty to not use it."
+  description = "SCC Workload Protection instance to connect to. Set enable to false to not use it."
   type = object({
+    enable             = bool
     guid               = string,
     access_key         = string,
     api_endpoint       = string,
     ingestion_endpoint = string
   })
   default = {
+    enable             = false
     guid               = "",
     access_key         = "",
     api_endpoint       = "",
@@ -212,9 +214,3 @@ variable "scc_wp_instance" {
     error_message = "Ansible vault password must not be empty or null when SCC workload instance is enabled. Value must be set for ansible_vault_password variable."
   }
 }
-
-variable "os_image_distro" {
-  description = "Image distribution that's used for all instances(HANA, NetWeaver). Only required for hotfix of networks getting attached in random order. Will be removed in future releases."
-  type        = string
-  default     = ""
-}
@@ -2,7 +2,7 @@
 
 copyright:
   years: 2024, 2025
-lastupdated: "2025-04-16"
+lastupdated: "2025-05-07"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -17,7 +17,7 @@ use-case: ITServiceManagement
 industry: Technology
 compliance: SAPCertified
 content-type: reference-architecture
-version: v4.1.0
+version: v4.2.0
 related_links:
   - title: 'SAP in IBM Cloud documentation'
     url: 'https://cloud.ibm.com/docs/sap'
@@ -39,7 +39,7 @@ related_links:
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
 {: toc-compliance="SAPCertified"}
-{: toc-version="v4.1.0"}
+{: toc-version="v4.2.0"}
 
 The SAP-ready PowerVS variation of the Power Virtual Server for SAP HANA creates a basic and expandable SAP system landscape. The variation builds on the foundation of the VPC landing zone and Power Virtual Server with VPC landing zone. PowerVS instances for SAP HANA and SAP NetWeaver are deployed and pre-configured for SAP installation.