You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Chandan Purushothama (JIRA)" <ji...@apache.org> on 2013/05/15 20:05:16 UTC
[jira] [Reopened] (CLOUDSTACK-2487) NTier: Unable to create an ACL
rule on a Network Tier
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chandan Purushothama reopened CLOUDSTACK-2487:
----------------------------------------------
Kishan,
Can you provide information about how to create ACL list. Currently I don't see any API which lets me do it
mysql> select * from api where name like "%acl%";
+-----+------------------+---------+-------------------------------------------------------------------------+
| id | name | isAsync | description |
+-----+------------------+---------+-------------------------------------------------------------------------+
| 606 | createNetworkACL | 1 | Creates a ACL rule the given network (the network has to belong to VPC) |
| 607 | deleteNetworkACL | 1 | Deletes a Network ACL |
| 608 | listNetworkACLs | 1 | Lists all network ACLs |
+-----+------------------+---------+-------------------------------------------------------------------------+
Thank you,
Chandan.
3 rows in set (0.00 sec)
> NTier: Unable to create an ACL rule on a Network Tier
> -----------------------------------------------------
>
> Key: CLOUDSTACK-2487
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2487
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Assignee: Kishan Kavala
> Priority: Blocker
> Fix For: 4.2.0
>
>
> ================
> Steps to Reproduce:
> ================
> 1. Create a VPC.
> 2. Create a Network Tier
> 3. Create an ACL rule on the Network Tier
> ==========
> Observations:
> ==========
> 2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> 2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 14:03:18,673 INFO [cloud.api.ApiServer] (catalina-exec-17:null) Unable to find Vpc associated with the NetworkACL
> 2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> mysql> select * from network_acl_item;
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | id | uuid | acl_id | start_port | end_port | state | protocol | created | icmp_code | icmp_type | traffic_type | cidr | number | action |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | 1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Deny |
> | 2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Deny |
> | 3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Allow |
> | 4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Allow |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> 4 rows in set (0.00 sec)
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name | uuid | vpc_id | description |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | 1 | default_deny | 28bf460a-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Deny All |
> | 2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> mysql> select * from vpc \G
> *************************** 1. row ***************************
> id: 1
> uuid: 50b453d4-4d7f-4538-9466-922627ccab80
> name: Atoms-VPC-1
> display_text: Atoms-VPC-1
> cidr: 192.168.0.0/16
> vpc_offering_id: 1
> zone_id: 1
> state: Enabled
> domain_id: 1
> account_id: 3
> network_domain: atomsvpc1.lab.vmops.com
> removed: NULL
> created: 2013-05-13 21:44:15
> restart_required: 0
> 1 row in set (0.00 sec)
> mysql> select * from networks where id=206 \G
> *************************** 1. row ***************************
> id: 206
> name: Atoms-VPC-Net-1
> uuid: bcc163c5-c23f-4b47-a0c8-562b8460b3fe
> display_text: Atoms-VPC-Net-1
> traffic_type: Guest
> broadcast_domain_type: Vlan
> broadcast_uri: NULL
> gateway: 192.168.10.1
> cidr: 192.168.10.0/24
> mode: Dhcp
> network_offering_id: 11
> physical_network_id: 200
> data_center_id: 1
> guru_name: ExternalGuestNetworkGuru
> state: Allocated
> related: 206
> domain_id: 1
> account_id: 3
> dns1: NULL
> dns2: NULL
> guru_data: NULL
> set_fields: 0
> acl_type: Account
> network_domain: atomsvpc1.lab.vmops.com
> reservation_id: NULL
> guest_type: Isolated
> restart_required: 0
> created: 2013-05-14 20:25:44
> removed: NULL
> specify_ip_ranges: 0
> vpc_id: 1
> ip6_gateway: NULL
> ip6_cidr: NULL
> network_cidr: NULL
> display_network: 1
> network_acl_id: 1
> 1 row in set (0.00 sec)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira