cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-3064) Able to create VM from different account of the same domain without using Affinity group even the Zone is dedicated to an Account.
Date Thu, 27 Jun 2013 19:00:21 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694954#comment-13694954
] 

ASF subversion and git services commented on CLOUDSTACK-3064:
-------------------------------------------------------------

Commit 0d788681809f720f8ad55eb27c995d7f09ed7106 in branch refs/heads/master from [~saksham]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=0d78868 ]

CLOUDSTACK-3064: Able to create an instance from different account of the same domain without
using affinity group even if the zone is dedicated to an account. The check to make sure that
explicit resources are not picked up for non-explicit deployment was present only at the domain
level for zones. Added a check at account level too.

                
> Able to create VM from different account of the same domain without using Affinity group
even the Zone is dedicated to an Account.
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3064
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3064
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Install and Setup
>    Affects Versions: 4.2.0
>            Reporter: Kiran Koneti
>            Assignee: Saksham Srivastava
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> Below are the Steps followed.
> 1)Installed the CS and created multiple domains and accounts. 
> 2)Under the Domain Kiran I have two users kiran1(domain Admin) and kiran2(normal user)
> 3)While creating a Zone in the initial steps dedicated the Zone to kiran1 account.
> 4)After the zone is created I tried to create aVM from the root domain user admin without
using the affinity and with using the affinity group.
> 5)In both the scenarios the Vm creation failed with the correct error message.
> 6)Then I logged in using the account kiran2 under the domain Kiran.
> 7) I was able to create a the VM successfully using the account kiran2.
> Expected Result:
> The VM creation should be failed as the Zone is dedicated to the Account Kiran.
> The db table observations are as below:
> The user details of the account  kiran2 is as follows
> mysql> select * from user where id=4\G;
> *************************** 1. row ***************************
>                       id: 4
>                     uuid: d3af9081-bc4a-4da7-9fb1-c7672cf99522
>                 username: kiran2
>                 password: JSdBejexsnWkFaQF82rBk0V65tQ=:jAin6YPIi3UQQfs6+EjtW/y7Hcj6giGCWsG/2Aie5OA=
>               account_id: 4
>                firstname: kiran
>                 lastname: 2
>                    email: kirank@gmail.com
>                    state: enabled
>                  api_key: NULL
>               secret_key: NULL
>                  created: 2013-06-19 11:30:22
>                  removed: NULL
>                 timezone: NULL
>       registration_token: NULL
>            is_registered: 0
> incorrect_login_attempts: 0
>                  default: 0
> 1 row in set (0.00 sec)
> This Specifies that the account id of kiran2 is 4.
> The dedicated resources table is as below:
> mysql> select * from dedicated_resources;
> +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+
> | id | uuid                                 | data_center_id | pod_id | cluster_id |
host_id | domain_id | account_id |
> +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+
> |  1 | f0fa47dd-c11f-4d3d-a1a1-ae49c4e849bd |              1 |   NULL |       NULL |
   NULL |         2 |          3 |
> +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+
> 1 row in set (0.00 sec)
> We can see the Zone is dedicated to the account 3 which is kiran1.
> The VM_instance table is as below:
> mysql> select * from vm_instance where id=5\G;
> *************************** 1. row ***************************
>                  id: 5
>                name: kiran21
>                uuid: 64c67210-10f9-4ee1-b79f-04e3e89c9062
>       instance_name: i-4-5-VM
>               state: Running
>      vm_template_id: 202
>         guest_os_id: 12
> private_mac_address: 02:00:03:20:00:01
>  private_ip_address: 10.1.1.121
>              pod_id: 1
>      data_center_id: 1
>             host_id: 1
>        last_host_id: 1
>            proxy_id: NULL
>   proxy_assign_time: NULL
>        vnc_password: VIW4Bj9v/CMIgW9rkduIN0Pgp8Umij0KMZt61u+RjPo=
>          ha_enabled: 0
>       limit_cpu_use: 0
>        update_count: 3
>         update_time: 2013-06-19 12:32:51
>             created: 2013-06-19 12:20:49
>             removed: NULL
>                type: User
>             vm_type: User
>          account_id: 4
>           domain_id: 2
> service_offering_id: 1
>      reservation_id: 3b3a4444-23d7-4aab-82a5-8311d123098d
>     hypervisor_type: VMware
>    disk_offering_id: NULL
>                 cpu: NULL
>                 ram: NULL
>               owner: 4
>               speed: 500
>           host_name: kiran21
>        display_name: kiran21
>       desired_state: NULL
>          display_vm: 1
> 1 row in set (0.00 sec)
> We can See the VM is created using the account_type is 4 which is kiran2.
> The affinity group table is as below:
> mysql> select * from affinity_group;
> +----+------+--------------------+--------------------------------------+-------------+-----------+------------+
> | id | name | type               | uuid                                 | description
| domain_id | account_id |
> +----+------+--------------------+--------------------------------------+-------------+-----------+------------+
> |  1 | Eff1 | ExplicitDedication | 24af64b3-18ac-46c8-8111-55e26093153a | NULL      
 |         1 |          2 |
> +----+------+--------------------+--------------------------------------+-------------+-----------+------------+
> 1 row in set (0.00 sec)
> We can see that there is no affinity group created for the account 4(kiran2) or account3(kiran1)
> My setup details:
> I have a single Zone-->Pod-->Cluster-->Host setup which is dedicated to the
account3(kiran1).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message