cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kishan Kavala (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-2487) NTier: Unable to create an ACL rule on a Network Tier
Date Wed, 15 May 2013 07:25:16 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13658139#comment-13658139
] 

Kishan Kavala commented on CLOUDSTACK-2487:
-------------------------------------------

Default ACL cannot be modified. I updated the error message to clearly say "Default ACL cannot
be modified".
To create an acl rule, first ACL list has to be created. acl rule can be adding to the user
created acl list.
                
> NTier: Unable to create an ACL rule on a Network Tier
> -----------------------------------------------------
>
>                 Key: CLOUDSTACK-2487
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2487
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>            Reporter: Chandan Purushothama
>            Assignee: Kishan Kavala
>            Priority: Blocker
>             Fix For: 4.2.0
>
>
> ================
> Steps to Reproduce:
> ================
> 1. Create a VPC.
> 2. Create a Network Tier
> 3. Create an ACL rule on the Network Tier
> ==========
> Observations:
> ==========
> 2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START===
 10.216.133.86 -- GET  command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> 2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null)
Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 14:03:18,673 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) Unable to
find Vpc associated with the NetworkACL
> 2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END===
 10.216.133.86 -- GET  command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> mysql> select * from  network_acl_item;
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | id | uuid                                 | acl_id | start_port | end_port | state
 | protocol | created             | icmp_code | icmp_type | traffic_type | cidr      | number
| action |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> |  1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 |      1 |       NULL |     NULL | Active
| all      | 2013-05-13 11:23:07 |      NULL |      NULL | Ingress      | 0.0.0.0/0 |    
 1 | Deny   |
> |  2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 |      1 |       NULL |     NULL | Active
| all      | 2013-05-13 11:23:07 |      NULL |      NULL | Egress       | 0.0.0.0/0 |    
 2 | Deny   |
> |  3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 |      2 |       NULL |     NULL | Active
| all      | 2013-05-13 11:23:07 |      NULL |      NULL | Ingress      | 0.0.0.0/0 |    
 1 | Allow  |
> |  4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 |      2 |       NULL |     NULL | Active
| all      | 2013-05-13 11:23:07 |      NULL |      NULL | Egress       | 0.0.0.0/0 |    
 2 | Allow  |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> 4 rows in set (0.00 sec)
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name          | uuid                                 | vpc_id | description  
                |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> |  1 | default_deny  | 28bf460a-bbfa-11e2-98e5-06d4460004b1 |      0 | Default Network
ACL Deny All  |
> |  2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 |      0 | Default Network
ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> mysql> select * from vpc \G
> *************************** 1. row ***************************
>               id: 1
>             uuid: 50b453d4-4d7f-4538-9466-922627ccab80
>             name: Atoms-VPC-1
>     display_text: Atoms-VPC-1
>             cidr: 192.168.0.0/16
>  vpc_offering_id: 1
>          zone_id: 1
>            state: Enabled
>        domain_id: 1
>       account_id: 3
>   network_domain: atomsvpc1.lab.vmops.com
>          removed: NULL
>          created: 2013-05-13 21:44:15
> restart_required: 0
> 1 row in set (0.00 sec)
> mysql> select * from networks where id=206 \G
> *************************** 1. row ***************************
>                    id: 206
>                  name: Atoms-VPC-Net-1
>                  uuid: bcc163c5-c23f-4b47-a0c8-562b8460b3fe
>          display_text: Atoms-VPC-Net-1
>          traffic_type: Guest
> broadcast_domain_type: Vlan
>         broadcast_uri: NULL
>               gateway: 192.168.10.1
>                  cidr: 192.168.10.0/24
>                  mode: Dhcp
>   network_offering_id: 11
>   physical_network_id: 200
>        data_center_id: 1
>             guru_name: ExternalGuestNetworkGuru
>                 state: Allocated
>               related: 206
>             domain_id: 1
>            account_id: 3
>                  dns1: NULL
>                  dns2: NULL
>             guru_data: NULL
>            set_fields: 0
>              acl_type: Account
>        network_domain: atomsvpc1.lab.vmops.com
>        reservation_id: NULL
>            guest_type: Isolated
>      restart_required: 0
>               created: 2013-05-14 20:25:44
>               removed: NULL
>     specify_ip_ranges: 0
>                vpc_id: 1
>           ip6_gateway: NULL
>              ip6_cidr: NULL
>          network_cidr: NULL
>       display_network: 1
>        network_acl_id: 1
> 1 row in set (0.00 sec)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message