Files

defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration

- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.

2025-12-12 14:57:48 -08:00

3.3 KiB

Raw Blame History

NSG Fix Applied ✅

Changes Made

1. Removed Subnet NSG from Nginx Subnet

File: terraform/modules/networking-vm/main.tf

Added subnet_nsg_enabled variable to control subnet-level NSG attachment:

Default: true (for Besu node subnets)
Nginx proxy: false (uses NIC-level NSG only)

Implementation:

resource "azurerm_subnet_network_security_group_association" "vm_subnet" {
  count                     = var.subnet_nsg_enabled ? 1 : 0
  subnet_id                 = azurerm_subnet.vm_subnet.id
  network_security_group_id = azurerm_network_security_group.vm_nsg.id
}

2. Removed P2P/RPC/Metrics Rules from Nginx Subnet NSG

File: terraform/modules/networking-vm/main.tf

Added enable_besu_rules variable to conditionally create Besu-specific rules:

Default: true (for Besu node subnets)
Nginx proxy: false (doesn't need Besu rules)

Implementation:

Used dynamic "security_rule" blocks for conditional rule creation
P2P (30303), RPC (8545/8546), and Metrics (9545) rules only created when enable_besu_rules = true

3. Updated Nginx Proxy Networking Module

File: terraform/phases/phase1/phase1-main.tf

Updated networking_admin module configuration:

module "networking_admin" {
  # ... other config ...
  subnet_nsg_enabled   = false  # Nginx proxy uses NIC-level NSG
  enable_besu_rules    = false  # Nginx proxy doesn't need Besu rules
}

Variables Added

`subnet_nsg_enabled` (bool)

Description: Whether to attach NSG to subnet
Default: true
Nginx proxy: false

`enable_besu_rules` (bool)

Description: Whether to enable Besu-specific rules (P2P/RPC/Metrics)
Default: true
Nginx proxy: false

Result

Before

❌ Subnet NSG attached with wrong rules (P2P/RPC/Metrics)
❌ NIC NSG had correct rules (HTTP/HTTPS/SSH)
⚠️ Both NSGs evaluated (unnecessary complexity)

After

✅ Subnet NSG not attached to Nginx subnet
✅ NIC NSG has correct rules (HTTP/HTTPS/SSH)
✅ Cleaner configuration (single NSG per VM)
✅ No unnecessary rules

Impact

Nginx Proxy Subnet

Subnet NSG: Not attached (removed)
NIC NSG: Active with correct rules
Rules: Only HTTP (80), HTTPS (443), SSH (22)

Besu Node Subnets

Subnet NSG: Still attached (unchanged)
Rules: SSH, P2P, RPC, Metrics (unchanged)
Behavior: No changes

Next Steps

Preview Changes:

cd terraform/phases/phase1
terraform plan

Apply Changes:
```
terraform apply
```
Verify:
- Check Azure Portal: Subnet NSG should be detached
- Verify NIC NSG still has correct rules
- Test ports 80 and 443 accessibility

Files Modified

terraform/modules/networking-vm/main.tf
- Added conditional subnet NSG association
- Added dynamic security rules for Besu rules
terraform/modules/networking-vm/variables.tf
- Added subnet_nsg_enabled variable
- Added enable_besu_rules variable
terraform/phases/phase1/phase1-main.tf
- Updated networking_admin module with new variables

Status: ✅ Changes Applied to Terraform Configuration

The configuration now properly removes the subnet NSG from the Nginx subnet and removes unnecessary Besu-specific rules.

3.3 KiB Raw Blame History