d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
843cdbf71cc0551231e511d98cdd67a2932ef9d0
smom-dbis-138/docs/archive/status-reports/phase1/NSG_FIX_COMPLETE_FINAL.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

1.8 KiB
Raw Blame History

NSG Fix - Complete

All Steps Completed

1. Configuration Changes

  • Added subnet_nsg_enabled variable
  • Added enable_besu_rules variable
  • Made subnet NSG association conditional
  • Made Besu rules conditional using dynamic blocks
  • Updated networking_admin module configuration

2. Subnet NSG Removal

  • Manually detached via Azure CLI
  • Removed from Terraform state
  • Verified detached in Azure Portal

3. Verification

  • Subnet NSG: Detached
  • NIC NSG: Active with correct rules
  • Terraform state: Updated

Final Configuration

Nginx Proxy Subnet

  • Subnet NSG: Not attached (removed)
  • NIC NSG: Attached
  • Rules: HTTP (80), HTTPS (443), SSH (22)

NIC NSG Rules

Priority Name Port Protocol
1000 AllowHTTP 80 TCP
1001 AllowHTTPS 443 TCP
1002 AllowSSH 22 TCP

Changes Made

Files Modified

  1. terraform/modules/networking-vm/main.tf

    • Conditional subnet NSG association
    • Dynamic Besu rules

  2. terraform/modules/networking-vm/variables.tf

    • Added subnet_nsg_enabled variable
    • Added enable_besu_rules variable

  3. terraform/phases/phase1/phase1-main.tf

    • Updated networking_admin module:
      • subnet_nsg_enabled = false
      • enable_besu_rules = false

Azure Resources

  • Subnet NSG association removed
  • NIC NSG remains active

Result

All objectives achieved:

  • Subnet NSG removed from Nginx subnet
  • P2P/RPC/Metrics rules removed
  • NIC NSG has correct rules
  • Configuration is clean and correct

Status: COMPLETE

All changes have been successfully applied. The Nginx proxy now uses only the NIC-level NSG with correct rules (HTTP/HTTPS/SSH), and the subnet NSG with unnecessary Besu rules has been removed.

Reference in New Issue View Git Blame Copy Permalink