cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alena Prokharchyk (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-3195) cannot view/delete forward rules if underlying/target VM is destroyed first
Date Tue, 25 Jun 2013 21:43:20 GMT


Alena Prokharchyk commented on CLOUDSTACK-3195:

All PF rules (as well as all other networking rules) assigned to the VM, stay with the VM
till its Expunged. Its per original design. So the VM in the Destroyed state will have PF
rules, and if Admin decides to recover it, the vm will be recovered along with all the networking

The fix to this bug would be - display all the networking rules to the end user, disgregading
the vm status. And let him remove the rule.

Its a UI bug that the rules are not being displayed; Api returns everything. But then the
UI makes subsequent call for the vm in Destroyed state, and the vm is not returned to the
end user:
{ "listportforwardingrulesresponse" : { "count":1 ,"portforwardingrule" : [  {"id":"3a6e33ad-9541-44ce-9b88-a5fe7dc31f1f","privateport":"22","privateendport":"22","protocol":"tcp","publicport":"22","publicendport":"22","virtualmachineid":"1f8942cc-4c2f-428f-b967-196d92f40d94","virtualmachinename":"1f8942cc-4c2f-428f-b967-196d92f40d94","virtualmachinedisplayname":"1f8942cc-4c2f-428f-b967-196d92f40d94","ipaddressid":"c9ccf05a-42ff-4d5b-bcb3-95d30a139e6a","ipaddress":"","state":"Active","cidrlist":"","tags":[],"vmguestip":""}
] } }

{ "listvirtualmachinesresponse" : { } }

 So the UI doesn't display the rule. The fix would be - display the rule as long as its returned
with listPortForwarding call.
> cannot view/delete forward rules if underlying/target VM is destroyed first
> ---------------------------------------------------------------------------
>                 Key: CLOUDSTACK-3195
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.1.0
>         Environment: CentOS 6.4+latest patches with official 4.1.0 RPM release from Apache
>            Reporter: Bryan Whitehead
>            Assignee: Alena Prokharchyk
> As a non-admin user, create a new Isolated network with SNAT. Build a VM using this network.
> After VM is up, In the new isolated network add a firewall rule (port 22 as example).
Next add a forward for private range 22-22 and public 22-22, choose the VM in network.
> Verify the forward and firewall rule work (ssh SNAT-IP etc).
> KEY BUG: Delete the VM in the isolated network. After the delete there will be no way
to delete or see the rule to remove the forward. (AS a NON-ADMIN user)
> Create a new VM using the same isolated network. When attempting to setup a new forward
to this VM you'll get an error about a rule already existing as a conflict - however you won't
be able to delete it.
> The admin user can see the bogus rule and delete it. Then everything works as expected.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message