From a67becce4bd5105cafa758c1caefec5d72636ce4 Mon Sep 17 00:00:00 2001 From: Samuel Laferriere <9342524+samlaf@users.noreply.github.com> Date: Wed, 1 Jul 2026 17:21:51 +0800 Subject: [PATCH] feat(deploy_tee): open summit consensus port 18551 in the node NSG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Validators dial each other on 18551 (commonware-p2p) to form quorum; the NSG previously opened 22/80/443/7878/8080/9090/8545/8546 but not 18551, so a multi-node cohort could never reach consensus. Opened as TCP to "*" like the other service ports — commonware authenticates peers by pubkey, so consensus admission is app-layer, and a static IP allowlist would break validators that join dynamically later. --- deploy_tee/pulumi/seismic_node/__main__.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy_tee/pulumi/seismic_node/__main__.py b/deploy_tee/pulumi/seismic_node/__main__.py index 1e19d50..b8cd655 100644 --- a/deploy_tee/pulumi/seismic_node/__main__.py +++ b/deploy_tee/pulumi/seismic_node/__main__.py @@ -70,6 +70,11 @@ def _require_str(value: str | None) -> str: (9090, "prometheus"), (8545, "reth-rpc"), (8546, "reth-ws"), + # Summit consensus P2P (commonware-p2p, TCP). Left open like + # the other service ports — commonware authenticates peers by pubkey (only + # the validator set completes the handshake), so admission is app-layer, and + # a static IP allowlist would break validators that join dynamically later. + (18551, "summit-consensus"), ] # --------------------------------------------------------------------