You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Chandan Purushothama (JIRA)" <ji...@apache.org> on 2013/07/12 01:09:50 UTC

[jira] [Closed] (CLOUDSTACK-2496) NTier: Even If one ACL item fails to get programmed on the VPC VR, all the remaining ACL items in the container fail to get programmed on the VPC VR

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-2496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chandan Purushothama closed CLOUDSTACK-2496.
--------------------------------------------


Closing the bug based on Kishan's comments
                
> NTier: Even If one ACL item fails to get programmed on the VPC VR, all the remaining ACL items in the container fail to get programmed on the VPC VR
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2496
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2496
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>            Reporter: Chandan Purushothama
>            Assignee: Kishan Kavala
>             Fix For: 4.2.0
>
>
> ===========
> Observations:
> ===========
> Multiple ACL Rules are stuck in "Add" state.
> mysql> select * from network_acl_item where state="Add";
> +----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
> | id | uuid                                 | acl_id | start_port | end_port | state | protocol | created             | icmp_code | icmp_type | traffic_type | cidr             | number | action |
> +----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
> | 11 | 12b84275-d2d1-4845-80ee-02f9594338cf |      1 |         81 |       82 | Add   | 51       | 2013-05-14 22:02:45 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |      9 | Allow  |
> | 12 | 582d0151-9a01-4070-a231-5b53fe4b52cc |      1 |         82 |       83 | Add   | 50       | 2013-05-14 22:08:53 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     10 | Allow  |
> | 13 | 28119c8a-6099-42ef-94cb-762471d77192 |      1 |         83 |       84 | Add   | 47       | 2013-05-14 22:09:59 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     11 | Allow  |
> | 14 | b7e5a82b-a952-4e4c-b572-06758bc067f1 |      1 |         84 |       85 | Add   | 40       | 2013-05-14 22:10:51 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     12 | Allow  |
> | 15 | 7abb418f-86c5-4786-9f0c-aab4fe84174b |      1 |         85 |       86 | Add   | 132      | 2013-05-14 22:12:46 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     13 | Allow  |
> | 16 | 4366b81f-788d-424f-964a-45194a491354 |      1 |         86 |       87 | Add   | 33       | 2013-05-14 22:13:10 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     14 | Allow  |
> | 17 | 24aba3f4-db6c-4f67-9c93-b2596201d5b6 |      1 |         99 |      100 | Add   | 92       | 2013-05-14 22:16:36 |      NULL |      NULL | Ingress      | 10.223.195.44/32 |     15 | Allow  |
> +----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
> 7 rows in set (0.00 sec)
> On the VPC VR, On every ACL Rule creation, the programming fails during the first rule and doesn't attempt to program the remaining ACL Rules on the VPC VR.
> May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:56:67:10.223.131.170/32
> May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:44:45:10.223.195.44/32
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::17:79:80:10.223.195.44/32
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::tcp:22:23:10.223.195.44/32
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::udp:23:24:10.223.195.44/32
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::all:0:0:0.0.0.0/0
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: deleting backup for guest network: 192.168.10.1/24
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::51:81:82:10.223.195.44/32
> May 14 14:04:37 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::51:81:82:10.223.195.44/32
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:10:47 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:11:53 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules for guest network: 192.168.10.1/24
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:12:44 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:14:38 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:15:04 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24
> May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
> May 14 14:18:27 r-3-NTIER cloud: Error adding iptables entry for guest network : 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
> May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest network : 192.168.10.1/24
> May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for guest network: 192.168.10.1/24
> May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest network: 192.168.10.1/24

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira