cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sailaja Mada (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-2585) Failed to apply new PF rules after deleting the existing PF Rule
Date Mon, 20 May 2013 11:41:16 GMT
Sailaja Mada created CLOUDSTACK-2585:
----------------------------------------

             Summary: Failed to apply new PF rules after deleting the existing PF Rule 
                 Key: CLOUDSTACK-2585
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Network Controller
    Affects Versions: 4.2.0
            Reporter: Sailaja Mada
            Priority: Critical


Setup: Advanced Networking Zone with Nexus VMWARE Cluster 

Steps:

1. Create Guest network with Cisco VNMC provider as Firewall/PF/SourceNAT/Static NAT provider
offering

2. Deploy VM using this guest network

3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to 53 (UDP) rule

4. Create 10.x cidr firewall rule from Source NAT IP

5. Delete (22-22) PF rule from the public IP

6. Try to create new PF rule (22-22) or any other.  

Observation:
It failed to  apply new PF rules after deleting the existing PF Rule 

Exception:

2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-359:null)
SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102
com.cloud.utils.exception.ExecutionException: Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102
        at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370)
        at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028)
        at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573)
        at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508)
        at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100)
        at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:679)
2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-359:null) Seq
5-1754464294: Response Received:
2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (DirectAgent-359:null) Seq 5-1754464294:
Processing:  { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand
failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102","wait":0}}] }
2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (Job-Executor-81:job-48) Seq 5-1754464294:
Received:  { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } }
2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-81:job-48) Details
from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetPortForwardingRulesCommand
failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102
2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement] (Job-Executor-81:job-48)
Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand
failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102.
2013-05-20 16:45:33,648 WARN  [network.rules.RulesManagerImpl] (Job-Executor-81:job-48) Failed
to apply port forwarding rules for ip due to
com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable:
Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand
failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
with same order 102.
        at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754)
        at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565)
        at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504)
        at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509)
        at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846)
        at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029)
        at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
        at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
        at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:679)
2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-81:job-48) Access
to Rule[16-PortForwarding-Add] granted to Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f





--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message