pagopa · pasqualespica · Oct 2, 2024 · Oct 2, 2024 · Oct 3, 2024 · Oct 21, 2024
@@ -0,0 +1,289 @@
+locals {
+  node_forwarder_dbg_names_suffix = false ? "-dbg-ha" : "-dbg"
+  node_forwarder_dbg_rg_name      = "${local.product}-node-forwarder-dbg-rg"
+  node_forwarder_dbg_app_settings = {
+    # Monitoring
+    APPINSIGHTS_INSTRUMENTATIONKEY                  = azurerm_application_insights.application_insights.instrumentation_key
+    APPLICATIONINSIGHTS_CONNECTION_STRING           = format("InstrumentationKey=%s", azurerm_application_insights.application_insights.instrumentation_key)
+    APPINSIGHTS_PROFILERFEATURE_VERSION             = "1.0.0"
+    APPINSIGHTS_SNAPSHOTFEATURE_VERSION             = "1.0.0"
+    APPLICATIONINSIGHTS_CONFIGURATION_CONTENT       = ""
+    ApplicationInsightsAgent_EXTENSION_VERSION      = "~3"
+    DiagnosticServices_EXTENSION_VERSION            = "~3"
+    InstrumentationEngine_EXTENSION_VERSION         = "disabled"
+    SnapshotDebugger_EXTENSION_VERSION              = "disabled"
+    XDT_MicrosoftApplicationInsights_BaseExtensions = "disabled"
+    XDT_MicrosoftApplicationInsights_Mode           = "recommended"
+    XDT_MicrosoftApplicationInsights_PreemptSdk     = "disabled"
+    TIMEOUT_DELAY                                   = 300
+    # Integration with private DNS (see more: https://docs.microsoft.com/en-us/answers/questions/85359/azure-app-service-unable-to-resolve-hostname-of-vi.html)
+    WEBSITE_ADD_SITENAME_BINDINGS_IN_APPHOST_CONFIG = "1"
+    WEBSITE_RUN_FROM_PACKAGE                        = "1"
+    WEBSITE_DNS_SERVER                              = "168.63.129.16"
+    WEBSITE_ENABLE_SYNC_UPDATE_SITE                 = true
+    # Spring Environment
+    DEFAULT_LOGGING_LEVEL = var.node_forwarder_logging_level
+    APP_LOGGING_LEVEL     = var.node_forwarder_logging_level
+    JAVA_OPTS             = "" // mTLS debug
+
+    # Cert configuration
+    CERTIFICATE_CRT = data.azurerm_key_vault_secret.certificate_crt_node_forwarder.value
+    CERTIFICATE_KEY = data.azurerm_key_vault_secret.certificate_key_node_forwarder.value
+
+    WEBSITES_ENABLE_APP_SERVICE_STORAGE = false
+    WEBSITES_PORT                       = 8080
+    # WEBSITE_SWAP_WARMUP_PING_PATH       = "/actuator/health"
+    # WEBSITE_SWAP_WARMUP_PING_STATUSES   = "200"
+    DOCKER_REGISTRY_SERVER_URL      = "https://${data.azurerm_container_registry.container_registry.login_server}"
+    DOCKER_REGISTRY_SERVER_USERNAME = data.azurerm_container_registry.container_registry.admin_username
+    DOCKER_REGISTRY_SERVER_PASSWORD = data.azurerm_container_registry.container_registry.admin_password
+
+    # Connection Pool
+    MAX_CONNECTIONS           = 120
+    MAX_CONNECTIONS_PER_ROUTE = 60
+    CONN_TIMEOUT              = 8
+
+  }
+
+
+}
+
+resource "azurerm_resource_group" "node_forwarder_dbg_rg" {
+  name     = format("%s-node-forwarder-dbg-rg", local.product)
+  location = var.location
+
+  tags = var.tags
+}
+
+
+# Subnet to host the node forwarder
+module "node_forwarder_dbg_snet" {
+  count                                         = false ? 0 : 1
+  source                                        = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.69.1"
+  name                                          = format("%s-node-forwarder-dbg-snet", local.product)
+  address_prefixes                              = var.node_fw_dbg_snet_cidr
+  resource_group_name                           = azurerm_resource_group.rg_vnet.name
+  virtual_network_name                          = module.vnet.name
+  private_link_service_network_policies_enabled = true
+
+  delegation = {
+    name = "default"
+    service_delegation = {
+      name    = "Microsoft.Web/serverFarms"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
+
+
+
+module "node_forwarder_dbg_ha_snet" {
+  source                                        = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.69.1"
+  count                                         = false ? 1 : 0
+  name                                          = "${local.project}-node-forwarder-ha-dbg-snet"
+  address_prefixes                              = var.node_fw_dbg_snet_cidr
+  resource_group_name                           = azurerm_resource_group.rg_vnet.name
+  virtual_network_name                          = module.vnet.name
+  private_link_service_network_policies_enabled = true
+
+  delegation = {
+    name = "default"
+    service_delegation = {
+      name    = "Microsoft.Web/serverFarms"
+      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
+    }
+  }
+}
+
+resource "azurerm_subnet_nat_gateway_association" "nodefw_dbg_ha_snet_nat_association" {
+  count          = false ? 1 : 0
+  subnet_id      = module.node_forwarder_dbg_ha_snet[0].id
+  nat_gateway_id = module.nat_gw[0].id
+}
+
+resource "azurerm_subnet_nat_gateway_association" "nodefw_dbg_snet_nat_association" {
+  count          = false ? 0 : 1
+  subnet_id      = module.node_forwarder_dbg_snet[0].id
+  nat_gateway_id = module.nat_gw[0].id
+}
+
+
+module "node_forwarder_dbg_app_service" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v7.69.1"
+
+  count = 1
+
+  vnet_integration    = true
+  resource_group_name = "${local.product}-node-forwarder-dbg-rg"
+  location            = var.location
+
+  # App service plan vars
+  plan_name = "${local.project}-plan-node-forwarder${local.node_forwarder_dbg_names_suffix}"
+
+  # App service plan
+  name                = "${local.project}-app-node-forwarder${local.node_forwarder_dbg_names_suffix}"
+  client_cert_enabled = false
+  always_on           = var.node_forwarder_always_on
+  health_check_path   = "/actuator/info"
+
+  app_settings = local.node_forwarder_dbg_app_settings
+
+  docker_image     = "${data.azurerm_container_registry.container_registry.login_server}/pagopanodeforwarder"
+  docker_image_tag = "latest"
+
+  allowed_subnets = [module.apim_snet.id]
+  allowed_ips     = []
+
+  sku_name = "P3v3"
+
+  subnet_id                    = false ? module.node_forwarder_dbg_ha_snet[0].id : module.node_forwarder_dbg_snet[0].id
+  health_check_maxpingfailures = 10
+
+  zone_balancing_enabled = var.node_forwarder_zone_balancing_enabled
+
+  tags = var.tags
+}
+
+module "node_forwarder_dbg_slot_staging" {
+  count = var.env_short != "d" ? 1 : 0
+
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot?ref=v7.60.0"
+
+  # App service plan
+  app_service_id   = module.node_forwarder_dbg_app_service[0].id
+  app_service_name = module.node_forwarder_dbg_app_service[0].name
+
+  # App service
+  name                = "staging"
+  resource_group_name = local.node_forwarder_dbg_rg_name
+  location            = var.location
+
+  always_on         = true
+  health_check_path = "/actuator/info"
+
+  # App settings
+  app_settings     = local.node_forwarder_dbg_app_settings
+  docker_image     = "${data.azurerm_container_registry.container_registry.login_server}/pagopanodeforwarder"
+  docker_image_tag = "latest"
+
+  allowed_subnets = [module.apim_snet.id]
+  allowed_ips     = []
+  subnet_id       = false ? module.node_forwarder_dbg_ha_snet[0].id : module.node_forwarder_dbg_snet[0].id
+
+  tags = var.tags
+}
+
+resource "azurerm_monitor_autoscale_setting" "node_forwarder_dbg_app_service_autoscale" {
+  name                = "${local.project}-autoscale-node-forwarder-dbg-ha"
+  resource_group_name = local.node_forwarder_dbg_rg_name
+  location            = var.location
+  target_resource_id  = module.node_forwarder_dbg_app_service[0].plan_id
+  enabled             = var.node_forwarder_autoscale_enabled
+
+  # default profile on REQUESTs
+  profile {
+    name = "default"
+
+    capacity {
+      default = 5
+      minimum = 3
+      maximum = 10
+    }
+
+    rule {
+      metric_trigger {
+        metric_name              = "Requests"
+        metric_resource_id       = module.node_forwarder_dbg_app_service[0].id
+        metric_namespace         = "microsoft.web/sites"
+        time_grain               = "PT1M"
+        statistic                = "Average"
+        time_window              = "PT5M"
+        time_aggregation         = "Average"
+        operator                 = "GreaterThan"
+        threshold                = 3000
+        divide_by_instance_count = false
+      }
+
+      scale_action {
+        direction = "Increase"
+        type      = "ChangeCount"
+        value     = "2"
+        cooldown  = "PT5M"
+      }
+    }
+
+    rule {
+      metric_trigger {
+        metric_name              = "Requests"
+        metric_resource_id       = module.node_forwarder_dbg_app_service[0].id
+        metric_namespace         = "microsoft.web/sites"
+        time_grain               = "PT1M"
+        statistic                = "Average"
+        time_window              = "PT5M"
+        time_aggregation         = "Average"
+        operator                 = "LessThan"
+        threshold                = 2500
+        divide_by_instance_count = false
+      }
+
+      scale_action {
+        direction = "Decrease"
+        type      = "ChangeCount"
+        value     = "1"
+        cooldown  = "PT20M"
+      }
+    }
+
+    # Supported metrics for Microsoft.Web/sites
+    # 👀 https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-web-sites-metrics
+    rule {
+      metric_trigger {
+        metric_name              = "HttpResponseTime"
+        metric_resource_id       = module.node_forwarder_dbg_app_service[0].id
+        metric_namespace         = "microsoft.web/sites"
+        time_grain               = "PT1M"
+        statistic                = "Average"
+        time_window              = "PT5M"
+        time_aggregation         = "Average"
+        operator                 = "GreaterThan"
+        threshold                = 3 #sec
+        divide_by_instance_count = false
+      }
+
+      scale_action {
+        direction = "Increase"
+        type      = "ChangeCount"
+        value     = "2"
+        cooldown  = "PT5M"
+      }
+    }
+
+    rule {
+      metric_trigger {
+        metric_name              = "HttpResponseTime"
+        metric_resource_id       = module.node_forwarder_dbg_app_service[0].id
+        metric_namespace         = "microsoft.web/sites"
+        time_grain               = "PT1M"
+        statistic                = "Average"
+        time_window              = "PT5M"
+        time_aggregation         = "Average"
+        operator                 = "LessThan"
+        threshold                = 2 #sec
+        divide_by_instance_count = false
+      }
+
+      scale_action {
+        direction = "Decrease"
+        type      = "ChangeCount"
+        value     = "1"
+        cooldown  = "PT20M"
+      }
+    }
+
+  }
+
+}
+
+
+
+
@@ -29,6 +29,7 @@ terraform {
 }
 
 provider "azurerm" {
+  skip_provider_registration = true
   features {}
 }
 

@@ -865,6 +865,12 @@ variable "node_fw_ha_snet_cidr" {
   description = "(Required) node forwarder ha subnet cidr block"
 }
 
+variable "node_fw_dbg_snet_cidr" {
+  type        = list(string)
+  default     = null
+  description = "(Required) node forwarder debug ha subnet cidr block"
+}
+
 # nat gateway
 variable "nat_gateway_enabled" {
   type        = bool

@@ -42,6 +42,10 @@
 | <a name="module_logos_donation_flows_sa"></a> [logos\_donation\_flows\_sa](#module\_logos\_donation\_flows\_sa) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.50.0 |
 | <a name="module_nat_gw"></a> [nat\_gw](#module\_nat\_gw) | git::https://github.com/pagopa/terraform-azurerm-v3.git//nat_gateway | v7.50.0 |
 | <a name="module_node_forwarder_app_service"></a> [node\_forwarder\_app\_service](#module\_node\_forwarder\_app\_service) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.69.1 |
+| <a name="module_node_forwarder_dbg_app_service"></a> [node\_forwarder\_dbg\_app\_service](#module\_node\_forwarder\_dbg\_app\_service) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service | v7.69.1 |
+| <a name="module_node_forwarder_dbg_ha_snet"></a> [node\_forwarder\_dbg\_ha\_snet](#module\_node\_forwarder\_dbg\_ha\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
+| <a name="module_node_forwarder_dbg_slot_staging"></a> [node\_forwarder\_dbg\_slot\_staging](#module\_node\_forwarder\_dbg\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.60.0 |
+| <a name="module_node_forwarder_dbg_snet"></a> [node\_forwarder\_dbg\_snet](#module\_node\_forwarder\_dbg\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
 | <a name="module_node_forwarder_ha_snet"></a> [node\_forwarder\_ha\_snet](#module\_node\_forwarder\_ha\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
 | <a name="module_node_forwarder_slot_staging"></a> [node\_forwarder\_slot\_staging](#module\_node\_forwarder\_slot\_staging) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service_slot | v7.60.0 |
 | <a name="module_node_forwarder_snet"></a> [node\_forwarder\_snet](#module\_node\_forwarder\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.69.1 |
@@ -171,6 +175,7 @@
 | [azurerm_monitor_action_group.pm_opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource |
 | [azurerm_monitor_autoscale_setting.node_forwarder_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
+| [azurerm_monitor_autoscale_setting.node_forwarder_dbg_app_service_autoscale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_autoscale_setting) | resource |
 | [azurerm_monitor_diagnostic_setting.activity_log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
 | [azurerm_monitor_metric_alert.app_service_over_cpu_usage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
 | [azurerm_monitor_metric_alert.app_service_over_mem_usage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource |
@@ -236,6 +241,7 @@
 | [azurerm_resource_group.managed_identities_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.msg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_resource_group.node_forwarder_dbg_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.node_forwarder_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
@@ -254,6 +260,8 @@
 | [azurerm_storage_container.donation_logo9](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
 | [azurerm_storage_management_policy.backups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy) | resource |
 | [azurerm_subnet.tools_cae_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+| [azurerm_subnet_nat_gateway_association.nodefw_dbg_ha_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
+| [azurerm_subnet_nat_gateway_association.nodefw_dbg_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_nat_gateway_association.nodefw_ha_snet_nat_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
 | [azurerm_subnet_network_security_group_association.apim_snet_sg_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
 | [azurerm_subnet_route_table_association.rt_sia_for_appgw_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource |
@@ -460,6 +468,7 @@
 | <a name="input_node_forwarder_logging_level"></a> [node\_forwarder\_logging\_level](#input\_node\_forwarder\_logging\_level) | Logging level of Node Forwarder | `string` | `"INFO"` | no |
 | <a name="input_node_forwarder_sku"></a> [node\_forwarder\_sku](#input\_node\_forwarder\_sku) | (Required) The SKU for the plan. Possible values include B1, B2, B3, D1, F1, I1, I2, I3, I1v2, I2v2, I3v2, I4v2, I5v2, I6v2, P1v2, P2v2, P3v2, P0v3, P1v3, P2v3, P3v3, P1mv3, P2mv3, P3mv3, P4mv3, P5mv3, S1, S2, S3, SHARED, EP1, EP2, EP3, WS1, WS2, WS3, and Y1. | `string` | `"P3v3"` | no |
 | <a name="input_node_forwarder_zone_balancing_enabled"></a> [node\_forwarder\_zone\_balancing\_enabled](#input\_node\_forwarder\_zone\_balancing\_enabled) | (Optional) enables the load balancing for node forwarder app service plan | `bool` | `true` | no |
+| <a name="input_node_fw_dbg_snet_cidr"></a> [node\_fw\_dbg\_snet\_cidr](#input\_node\_fw\_dbg\_snet\_cidr) | (Required) node forwarder debug ha subnet cidr block | `list(string)` | `null` | no |
 | <a name="input_node_fw_ha_snet_cidr"></a> [node\_fw\_ha\_snet\_cidr](#input\_node\_fw\_ha\_snet\_cidr) | (Required) node forwarder ha subnet cidr block | `list(string)` | `null` | no |
 | <a name="input_nodo_pagamenti_ec"></a> [nodo\_pagamenti\_ec](#input\_nodo\_pagamenti\_ec) | EC' black list nodo pagamenti (separate comma list). | `string` | `","` | no |
 | <a name="input_nodo_pagamenti_psp"></a> [nodo\_pagamenti\_psp](#input\_nodo\_pagamenti\_psp) | PSP' white list nodo pagamenti (separate comma list) . | `string` | `","` | no |

@@ -736,6 +736,7 @@ eventhubs_04 = [
 node_forwarder_zone_balancing_enabled = true
 node_forwarder_sku                    = "P3v3"
 node_fw_ha_snet_cidr                  = ["10.1.157.0/24"]
+node_fw_dbg_snet_cidr                 = ["10.1.195.0/24"]
 devops_agent_zones                    = [1, 2, 3]
 devops_agent_balance_zones            = false
 azdo_agent_vm_image_name              = "pagopa-p-azdo-agent-ubuntu2204-image-v4"

@@ -678,6 +678,7 @@ node_forwarder_logging_level          = "DEBUG"
 node_forwarder_zone_balancing_enabled = false
 node_forwarder_sku                    = "P1v3"
 node_fw_ha_snet_cidr                  = ["10.1.157.0/24"]
+node_fw_dbg_snet_cidr                 = ["10.1.195.0/24"]
 azdo_agent_vm_image_name              = "pagopa-u-azdo-agent-ubuntu2204-image-v3"
 
 # public app gateway
@@ -768,7 +769,7 @@ apicfg_selfcare_integ_service_path_value = "pagopa-api-config-selfcare-integrati
 # monitoring
 law_sku               = "PerGB2018"
 law_retention_in_days = 30
-law_daily_quota_gb    = 30
+law_daily_quota_gb    = 50