diff --git a/src/next-core/06_node_forwarder_debugging.tf b/src/next-core/06_node_forwarder_debugging.tf
new file mode 100644
index 0000000000..c022044895
--- /dev/null
+++ b/src/next-core/06_node_forwarder_debugging.tf
@@ -0,0 +1,289 @@
+locals {
+ node_forwarder_dbg_names_suffix = false ? "-dbg-ha" : "-dbg"
+ node_forwarder_dbg_rg_name = "${local.product}-node-forwarder-dbg-rg"
+ node_forwarder_dbg_app_settings = {
+ # Monitoring
+ APPINSIGHTS_INSTRUMENTATIONKEY = azurerm_application_insights.application_insights.instrumentation_key
+ APPLICATIONINSIGHTS_CONNECTION_STRING = format("InstrumentationKey=%s", azurerm_application_insights.application_insights.instrumentation_key)
+ APPINSIGHTS_PROFILERFEATURE_VERSION = "1.0.0"
+ APPINSIGHTS_SNAPSHOTFEATURE_VERSION = "1.0.0"
+ APPLICATIONINSIGHTS_CONFIGURATION_CONTENT = ""
+ ApplicationInsightsAgent_EXTENSION_VERSION = "~3"
+ DiagnosticServices_EXTENSION_VERSION = "~3"
+ InstrumentationEngine_EXTENSION_VERSION = "disabled"
+ SnapshotDebugger_EXTENSION_VERSION = "disabled"
+ XDT_MicrosoftApplicationInsights_BaseExtensions = "disabled"
+ XDT_MicrosoftApplicationInsights_Mode = "recommended"
+ XDT_MicrosoftApplicationInsights_PreemptSdk = "disabled"
+ TIMEOUT_DELAY = 300
+ # Integration with private DNS (see more: https://docs.microsoft.com/en-us/answers/questions/85359/azure-app-service-unable-to-resolve-hostname-of-vi.html)
+ WEBSITE_ADD_SITENAME_BINDINGS_IN_APPHOST_CONFIG = "1"
+ WEBSITE_RUN_FROM_PACKAGE = "1"
+ WEBSITE_DNS_SERVER = "168.63.129.16"
+ WEBSITE_ENABLE_SYNC_UPDATE_SITE = true
+ # Spring Environment
+ DEFAULT_LOGGING_LEVEL = var.node_forwarder_logging_level
+ APP_LOGGING_LEVEL = var.node_forwarder_logging_level
+ JAVA_OPTS = "" // mTLS debug
+
+ # Cert configuration
+ CERTIFICATE_CRT = data.azurerm_key_vault_secret.certificate_crt_node_forwarder.value
+ CERTIFICATE_KEY = data.azurerm_key_vault_secret.certificate_key_node_forwarder.value
+
+ WEBSITES_ENABLE_APP_SERVICE_STORAGE = false
+ WEBSITES_PORT = 8080
+ # WEBSITE_SWAP_WARMUP_PING_PATH = "/actuator/health"
+ # WEBSITE_SWAP_WARMUP_PING_STATUSES = "200"
+ DOCKER_REGISTRY_SERVER_URL = "https://${data.azurerm_container_registry.container_registry.login_server}"
+ DOCKER_REGISTRY_SERVER_USERNAME = data.azurerm_container_registry.container_registry.admin_username
+ DOCKER_REGISTRY_SERVER_PASSWORD = data.azurerm_container_registry.container_registry.admin_password
+
+ # Connection Pool
+ MAX_CONNECTIONS = 120
+ MAX_CONNECTIONS_PER_ROUTE = 60
+ CONN_TIMEOUT = 8
+
+ }
+
+
+}
+
+resource "azurerm_resource_group" "node_forwarder_dbg_rg" {
+ name = format("%s-node-forwarder-dbg-rg", local.product)
+ location = var.location
+
+ tags = var.tags
+}
+
+
+# Subnet to host the node forwarder
+module "node_forwarder_dbg_snet" {
+ count = false ? 0 : 1
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.69.1"
+ name = format("%s-node-forwarder-dbg-snet", local.product)
+ address_prefixes = var.node_fw_dbg_snet_cidr
+ resource_group_name = azurerm_resource_group.rg_vnet.name
+ virtual_network_name = module.vnet.name
+ private_link_service_network_policies_enabled = true
+
+ delegation = {
+ name = "default"
+ service_delegation = {
+ name = "Microsoft.Web/serverFarms"
+ actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+ }
+ }
+}
+
+
+
+module "node_forwarder_dbg_ha_snet" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.69.1"
+ count = false ? 1 : 0
+ name = "${local.project}-node-forwarder-ha-dbg-snet"
+ address_prefixes = var.node_fw_dbg_snet_cidr
+ resource_group_name = azurerm_resource_group.rg_vnet.name
+ virtual_network_name = module.vnet.name
+ private_link_service_network_policies_enabled = true
+
+ delegation = {
+ name = "default"
+ service_delegation = {
+ name = "Microsoft.Web/serverFarms"
+ actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+ }
+ }
+}
+
+resource "azurerm_subnet_nat_gateway_association" "nodefw_dbg_ha_snet_nat_association" {
+ count = false ? 1 : 0
+ subnet_id = module.node_forwarder_dbg_ha_snet[0].id
+ nat_gateway_id = module.nat_gw[0].id
+}
+
+resource "azurerm_subnet_nat_gateway_association" "nodefw_dbg_snet_nat_association" {
+ count = false ? 0 : 1
+ subnet_id = module.node_forwarder_dbg_snet[0].id
+ nat_gateway_id = module.nat_gw[0].id
+}
+
+
+module "node_forwarder_dbg_app_service" {
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v7.69.1"
+
+ count = 1
+
+ vnet_integration = true
+ resource_group_name = "${local.product}-node-forwarder-dbg-rg"
+ location = var.location
+
+ # App service plan vars
+ plan_name = "${local.project}-plan-node-forwarder${local.node_forwarder_dbg_names_suffix}"
+
+ # App service plan
+ name = "${local.project}-app-node-forwarder${local.node_forwarder_dbg_names_suffix}"
+ client_cert_enabled = false
+ always_on = var.node_forwarder_always_on
+ health_check_path = "/actuator/info"
+
+ app_settings = local.node_forwarder_dbg_app_settings
+
+ docker_image = "${data.azurerm_container_registry.container_registry.login_server}/pagopanodeforwarder"
+ docker_image_tag = "latest"
+
+ allowed_subnets = [module.apim_snet.id]
+ allowed_ips = []
+
+ sku_name = "P3v3"
+
+ subnet_id = false ? module.node_forwarder_dbg_ha_snet[0].id : module.node_forwarder_dbg_snet[0].id
+ health_check_maxpingfailures = 10
+
+ zone_balancing_enabled = var.node_forwarder_zone_balancing_enabled
+
+ tags = var.tags
+}
+
+module "node_forwarder_dbg_slot_staging" {
+ count = var.env_short != "d" ? 1 : 0
+
+ source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot?ref=v7.60.0"
+
+ # App service plan
+ app_service_id = module.node_forwarder_dbg_app_service[0].id
+ app_service_name = module.node_forwarder_dbg_app_service[0].name
+
+ # App service
+ name = "staging"
+ resource_group_name = local.node_forwarder_dbg_rg_name
+ location = var.location
+
+ always_on = true
+ health_check_path = "/actuator/info"
+
+ # App settings
+ app_settings = local.node_forwarder_dbg_app_settings
+ docker_image = "${data.azurerm_container_registry.container_registry.login_server}/pagopanodeforwarder"
+ docker_image_tag = "latest"
+
+ allowed_subnets = [module.apim_snet.id]
+ allowed_ips = []
+ subnet_id = false ? module.node_forwarder_dbg_ha_snet[0].id : module.node_forwarder_dbg_snet[0].id
+
+ tags = var.tags
+}
+
+resource "azurerm_monitor_autoscale_setting" "node_forwarder_dbg_app_service_autoscale" {
+ name = "${local.project}-autoscale-node-forwarder-dbg-ha"
+ resource_group_name = local.node_forwarder_dbg_rg_name
+ location = var.location
+ target_resource_id = module.node_forwarder_dbg_app_service[0].plan_id
+ enabled = var.node_forwarder_autoscale_enabled
+
+ # default profile on REQUESTs
+ profile {
+ name = "default"
+
+ capacity {
+ default = 5
+ minimum = 3
+ maximum = 10
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.node_forwarder_dbg_app_service[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 3000
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Requests"
+ metric_resource_id = module.node_forwarder_dbg_app_service[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 2500
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT20M"
+ }
+ }
+
+ # Supported metrics for Microsoft.Web/sites
+ # 👀 https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-web-sites-metrics
+ rule {
+ metric_trigger {
+ metric_name = "HttpResponseTime"
+ metric_resource_id = module.node_forwarder_dbg_app_service[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 3 #sec
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "2"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "HttpResponseTime"
+ metric_resource_id = module.node_forwarder_dbg_app_service[0].id
+ metric_namespace = "microsoft.web/sites"
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 2 #sec
+ divide_by_instance_count = false
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT20M"
+ }
+ }
+
+ }
+
+}
+
+
+
+
diff --git a/src/next-core/99_main.tf b/src/next-core/99_main.tf
index 46804b7ad9..1d2b6e829f 100644
--- a/src/next-core/99_main.tf
+++ b/src/next-core/99_main.tf
@@ -29,6 +29,7 @@ terraform {
}
provider "azurerm" {
+ skip_provider_registration = true
features {}
}
diff --git a/src/next-core/99_variables.tf b/src/next-core/99_variables.tf
index 51266ac2b5..a0d8ff8d8b 100644
--- a/src/next-core/99_variables.tf
+++ b/src/next-core/99_variables.tf
@@ -865,6 +865,12 @@ variable "node_fw_ha_snet_cidr" {
description = "(Required) node forwarder ha subnet cidr block"
}
+variable "node_fw_dbg_snet_cidr" {
+ type = list(string)
+ default = null
+ description = "(Required) node forwarder debug ha subnet cidr block"
+}
+
# nat gateway
variable "nat_gateway_enabled" {
type = bool
diff --git a/src/next-core/README.md b/src/next-core/README.md
index 8e9bfaadd4..147385343c 100644
--- a/src/next-core/README.md
+++ b/src/next-core/README.md
@@ -42,6 +42,10 @@
| [logos\_donation\_flows\_sa](#module\_logos\_donation\_flows\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.50.0 |
| [nat\_gw](#module\_nat\_gw) | git::https://github.com/pagopa/terraform-azurerm-v3.git//nat_gateway | v7.50.0 |
| [node\_forwarder\_app\_service](#module\_node\_forwarder\_app\_service) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.69.1 |
+| [node\_forwarder\_dbg\_app\_service](#module\_node\_forwarder\_dbg\_app\_service) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.69.1 |
+| [node\_forwarder\_dbg\_ha\_snet](#module\_node\_forwarder\_dbg\_ha\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
+| [node\_forwarder\_dbg\_slot\_staging](#module\_node\_forwarder\_dbg\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.60.0 |
+| [node\_forwarder\_dbg\_snet](#module\_node\_forwarder\_dbg\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
| [node\_forwarder\_ha\_snet](#module\_node\_forwarder\_ha\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
| [node\_forwarder\_slot\_staging](#module\_node\_forwarder\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.60.0 |
| [node\_forwarder\_snet](#module\_node\_forwarder\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
@@ -171,6 +175,7 @@
| [azurerm_monitor_action_group.pm_opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
| [azurerm_monitor_autoscale_setting.node_forwarder_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
+| [azurerm_monitor_autoscale_setting.node_forwarder_dbg_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
| [azurerm_monitor_diagnostic_setting.activity_log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
| [azurerm_monitor_metric_alert.app_service_over_cpu_usage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
| [azurerm_monitor_metric_alert.app_service_over_mem_usage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
@@ -236,6 +241,7 @@
| [azurerm_resource_group.managed_identities_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.msg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_resource_group.node_forwarder_dbg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.node_forwarder_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -254,6 +260,8 @@
| [azurerm_storage_container.donation_logo9](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
| [azurerm_storage_management_policy.backups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy) | resource |
| [azurerm_subnet.tools_cae_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+| [azurerm_subnet_nat_gateway_association.nodefw_dbg_ha_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
+| [azurerm_subnet_nat_gateway_association.nodefw_dbg_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.nodefw_ha_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_network_security_group_association.apim_snet_sg_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
| [azurerm_subnet_route_table_association.rt_sia_for_appgw_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource |
@@ -460,6 +468,7 @@
| [node\_forwarder\_logging\_level](#input\_node\_forwarder\_logging\_level) | Logging level of Node Forwarder | `string` | `"INFO"` | no |
| [node\_forwarder\_sku](#input\_node\_forwarder\_sku) | (Required) The SKU for the plan. Possible values include B1, B2, B3, D1, F1, I1, I2, I3, I1v2, I2v2, I3v2, I4v2, I5v2, I6v2, P1v2, P2v2, P3v2, P0v3, P1v3, P2v3, P3v3, P1mv3, P2mv3, P3mv3, P4mv3, P5mv3, S1, S2, S3, SHARED, EP1, EP2, EP3, WS1, WS2, WS3, and Y1. | `string` | `"P3v3"` | no |
| [node\_forwarder\_zone\_balancing\_enabled](#input\_node\_forwarder\_zone\_balancing\_enabled) | (Optional) enables the load balancing for node forwarder app service plan | `bool` | `true` | no |
+| [node\_fw\_dbg\_snet\_cidr](#input\_node\_fw\_dbg\_snet\_cidr) | (Required) node forwarder debug ha subnet cidr block | `list(string)` | `null` | no |
| [node\_fw\_ha\_snet\_cidr](#input\_node\_fw\_ha\_snet\_cidr) | (Required) node forwarder ha subnet cidr block | `list(string)` | `null` | no |
| [nodo\_pagamenti\_ec](#input\_nodo\_pagamenti\_ec) | EC' black list nodo pagamenti (separate comma list). | `string` | `","` | no |
| [nodo\_pagamenti\_psp](#input\_nodo\_pagamenti\_psp) | PSP' white list nodo pagamenti (separate comma list) . | `string` | `","` | no |
diff --git a/src/next-core/env/prod/terraform.tfvars b/src/next-core/env/prod/terraform.tfvars
index c74986a557..ca9415b983 100644
--- a/src/next-core/env/prod/terraform.tfvars
+++ b/src/next-core/env/prod/terraform.tfvars
@@ -736,6 +736,7 @@ eventhubs_04 = [
node_forwarder_zone_balancing_enabled = true
node_forwarder_sku = "P3v3"
node_fw_ha_snet_cidr = ["10.1.157.0/24"]
+node_fw_dbg_snet_cidr = ["10.1.195.0/24"]
devops_agent_zones = [1, 2, 3]
devops_agent_balance_zones = false
azdo_agent_vm_image_name = "pagopa-p-azdo-agent-ubuntu2204-image-v4"
diff --git a/src/next-core/env/uat/terraform.tfvars b/src/next-core/env/uat/terraform.tfvars
index a2a4fed1b4..ca6a91f183 100644
--- a/src/next-core/env/uat/terraform.tfvars
+++ b/src/next-core/env/uat/terraform.tfvars
@@ -678,6 +678,7 @@ node_forwarder_logging_level = "DEBUG"
node_forwarder_zone_balancing_enabled = false
node_forwarder_sku = "P1v3"
node_fw_ha_snet_cidr = ["10.1.157.0/24"]
+node_fw_dbg_snet_cidr = ["10.1.195.0/24"]
azdo_agent_vm_image_name = "pagopa-u-azdo-agent-ubuntu2204-image-v3"
# public app gateway
@@ -768,7 +769,7 @@ apicfg_selfcare_integ_service_path_value = "pagopa-api-config-selfcare-integrati
# monitoring
law_sku = "PerGB2018"
law_retention_in_days = 30
-law_daily_quota_gb = 30
+law_daily_quota_gb = 50