You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Matthew Smart <ms...@smartsoftwareinc.com> on 2022/08/31 23:32:45 UTC
Permission Denied when trying to add nictovirtualmachine as Domain Admin
All,
I am having an issue trying to add a nic to an existing virtual machine.
This seems very similar to issue 6590
https://github.com/apache/cloudstack/issues/6590 . The error is the same
if I try it from the UI or cloudmonkey:
Error 530, Unable to use network with id=
53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
It doesn't matter which network or which VM I use. I do not have any
projects defined. Any ideas?
Api log:
2022-08-31 18:28:00,903 INFO [a.c.c.a.ApiServlet]
(qtp1750498848-285:ctx-e1ff1e99 ctx-7d49ea3e ctx-ac87c2e4)
(logid:a0a5f800) (userId=2 accountId=2 sessionId=null) 0:0:0:0:0:0:0:1
-- GET
signatureversion=3&apiKey=eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A&expires=2022-08-31T23%3A38%3A00%2B0000&jobid=85620fa4-c3ee-4b55-a220-2b2efbfc8240&command=queryAsyncJobResult&signature=DVfJ3fAUm9fTkGpJnZIPqqVTiuM%3D&response=json
200
{"queryasyncjobresultresponse":{"accountid":"4881765b-737e-11e6-af31-a4badb303ab0","userid":"488183c2-737e-11e6-af31-a4badb303ab0","cmd":"org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Unable
to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
denied"},"jobinstancetype":"VirtualMachine","jobinstanceid":"a13626c9-209f-4d63-b1ae-624e77863d68","created":"2022-08-31T18:27:58-0500","completed":"2022-08-31T18:27:58-0500","jobid":"85620fa4-c3ee-4b55-a220-2b2efbfc8240"}}
Management log:
2022-08-31 18:27:58,876 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Executing
AsyncJobVO: {id:25273, userId: 2, accountId: 2, instanceType:
VirtualMachine, instanceId: 22, cmd:
org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin,
cmdInfo:
{"expires":"2022-08-31T23:37:58+0000","apiKey":"eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A","signature":"G5byvIP9InHK1s301Dir4KAUYnM\u003d","httpmethod":"GET","ctxAccountId":"2","cmdEventType":"NIC.CREATE","signatureversion":"3","virtualmachineid":"a13626c9-209f-4d63-b1ae-624e77863d68","response":"json","ctxUserId":"2","networkid":"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2","ctxStartEventId":"314819","ctxDetails":"{\"interface
com.cloud.vm.VirtualMachine\":\"a13626c9-209f-4d63-b1ae-624e77863d68\",\"interface
com.cloud.network.Network\":\"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2\"}"},
cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
result: null, initMsid: 181122448243502, completeMsid: null,
lastUpdated: null, lastPolled: null, created: null, removed: null}
2022-08-31 18:27:58,899 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Unexpected
exception while executing
org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin
com.cloud.exception.PermissionDeniedException: Unable to use network
with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
at
com.cloud.network.NetworkModelImpl.checkNetworkPermissions(NetworkModelImpl.java:1681)
at
com.cloud.vm.UserVmManagerImpl.addNicToVirtualMachine(UserVmManagerImpl.java:1323)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy128.addNicToVirtualMachine(Unknown Source)
at
org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd.execute(AddNicToVMCmd.java:173)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
at
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:106)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-31 18:27:58,902 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Complete
async job-25273, jobStatus: FAILED, resultCode: 530, result:
org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Unable
to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
denied"}
--
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501
Phone: (605) 280-0383
Skype: msmart13
Email:msmart@smartsoftwareinc.com
Re: Permission Denied when trying to add nictovirtualmachine as Domain Admin
Posted by Matthew Smart <ms...@smartsoftwareinc.com>.
Abhishek,
Thanks for the quick reply. It appears that permissions have changed in later releases. As of May of this year, logged in as the domain admin, I could add nics from any network to any vm regardless of the account ownership variables. Now I cannot seem to add any nic to any vm as admin, even ones where the network and vm are both owned by the admin account. Clearly, time to read the docs again and set permissions appropriately. I am traveling the next week or so but will report back if replicating the examples you show below is not working for me.
Much Obliged,
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501
Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com
On 9/1/22 02:23, Abhishek Kumar wrote:
> Hi Matthew,
>
> In your case does the user to which VM belongs have the access to the network you are trying to add to the VM?
> I tried it in a test env and it works fine when the user has access to the network (eg, the user owns the network). But it would fail when the user doesn't have the access to the network.
>
> Below is an example. First I tried to add a user owned network using domain admin. It worked. Then I tried adding a domain-admin owned network to the VM. It failed. But smae operation worked when I added proper network permissions.
>
> (sblab) 🐌 > list networks id=4caccd89-9479-4c57-bef2-b8bdd3a99229
> {
> "count": 1,
> "network": [
> {
> "account": "ACSUser",
> "acltype": "Account",
> "broadcastdomaintype": "Vlan",
> "canusefordeploy": true,
> "cidr": "10.1.1.0/24",
> "created": "2022-09-01T06:55:10+0000",
> "displaytext": "user-iso1",
> "dns1": "10.0.32.1",
> "dns2": "8.8.8.8",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "egressdefaultpolicy": false,
> "gateway": "10.1.1.1",
> "hasannotations": false,
> "id": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "ispersistent": false,
> "issystem": false,
> "name": "user-iso1",
> "netmask": "255.255.255.0",
> "networkdomain": "cs4cloud.internal",
> "networkofferingavailability": "Required",
> "networkofferingconservemode": true,
> ...
> }
> (sblab) 🐘 > list networks id=54b35a12-0947-4897-ab3b-10059c3e1398
> {
> "count": 1,
> "network": [
> {
> "account": "ACSUser",
> "acltype": "Account",
> "broadcastdomaintype": "Vlan",
> "canusefordeploy": true,
> "created": "2022-09-01T06:55:37+0000",
> "displaytext": "user-l2",
> "dns1": "10.0.32.1",
> "dns2": "8.8.8.8",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "hasannotations": false,
> "id": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "ispersistent": false,
> "issystem": false,
> "name": "user-l2",
> "networkofferingavailability": "Optional",
> "networkofferingconservemode": true,
> "networkofferingdisplaytext": "Offering for L2 networks",
> "networkofferingid": "c872ab72-5849-4bb5-8cd9-0fa346c895ab",
> "networkofferingname": "DefaultL2NetworkOffering",
> "physicalnetworkid": "e7721ec6-797d-4c45-a790-65cb0a333501",
> "receivedbytes": 0,
> "redundantrouter": false,
> "related": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "restartrequired": false,
> "sentbytes": 0,
> "service": [],
> "specifyipranges": false,
> "state": "Implemented",
> "strechedl2subnet": false,
> "tags": [],
> "traffictype": "Guest",
> "type": "L2",
> "zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
> "zonename": "ref-trl-3557-v-M7-abhishek-kumar"
> }
> ]
> }
>
> (sblab) 🐷 > deploy virtualmachine zoneid=fce252b8-5075-4077-80c0-4f027fea354d serviceofferingid=3ed0124f-7064-4680-82da-80204d3a3ddb templateid=feb21788-29be-4fb0-8618-ec0f50921838 networkids=4caccd89-9479-4c57-bef2-b8bdd3a99229
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "cpunumber": 1,
> "cpuspeed": 500,
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "448d9d04-bc0b-4576-94a9-5ece301b52e5",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "memory": 512,
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> "userid": "96793627-9833-4012-9247-fc8761330e96",
> "username": "user",
> "zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
> "zonename": "ref-trl-3557-v-M7-abhishek-kumar"
> }
> }
> (sblab) 🍀 > set username domadmin
> (sblab) 🐒 > sync
> Discovered 328 APIs
> (sblab) 🐹 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=54b35a12-0947-4897-ab3b-10059c3e1398
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "3a286118-843a-4a92-b0cc-8bdc4ecd334f",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2240",
> "deviceid": "1",
> "extradhcpoption": [],
> "id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
> "isdefault": false,
> "isolationuri": "vlan://2240",
> "macaddress": "02:00:7e:eb:00:02",
> "networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "networkname": "user-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> }
> }
> (sblab) 🦇 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
> {
> "accountid": "e879dc18-4adb-42d8-bcc6-8bda00ba93f6",
> "cmd": "org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd",
> "completed": "2022-09-01T07:13:50+0000",
> "created": "2022-09-01T07:13:50+0000",
> "jobid": "03a994d6-f001-46c8-9c37-22ae9ccede2a",
> "jobinstanceid": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "jobinstancetype": "VirtualMachine",
> "jobprocstatus": 0,
> "jobresult": {
> "errorcode": 530,
> "errortext": "Unable to use network with id= 79bda62e-5b08-434c-846c-8db806482da9, permission denied"
> },
> "jobresultcode": 530,
> "jobresulttype": "object",
> "jobstatus": 2,
> "userid": "4628e888-55b0-4230-b0be-679fe2374e7a"
> }
> 🙈 Error: async API failed for job 03a994d6-f001-46c8-9c37-22ae9ccede2a
> (sblab) 🐀 > create networkpermissions networkid=79bda62e-5b08-434c-846c-8db806482da9 accountids=9e5e5c6d-74d4-4df6-a4ad-0e575d3a2298
> {
> "success": true
> }
> (sblab) 🐟 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "bcf0f01b-b55d-42d3-9535-056315e5608c",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2240",
> "deviceid": "1",
> "extradhcpoption": [],
> "id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
> "isdefault": false,
> "isolationuri": "vlan://2240",
> "macaddress": "02:00:7e:eb:00:02",
> "networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "networkname": "user-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2231",
> "deviceid": "2",
> "extradhcpoption": [],
> "id": "c8635505-33f4-44ac-ab42-d3dc698c4da2",
> "isdefault": false,
> "isolationuri": "vlan://2231",
> "macaddress": "02:00:15:b4:00:01",
> "networkid": "79bda62e-5b08-434c-846c-8db806482da9",
> "networkname": "dom-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> }
> }
>
> Regards,
> Abhishek
> ________________________________
> From: Matthew Smart <ms...@smartsoftwareinc.com>
> Sent: 01 September 2022 05:02
> To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
> Subject: Permission Denied when trying to add nictovirtualmachine as Domain Admin
>
> All,
> I am having an issue trying to add a nic to an existing virtual machine.
> This seems very similar to issue 6590
> https://github.com/apache/cloudstack/issues/6590 . The error is the same
> if I try it from the UI or cloudmonkey:
> Error 530, Unable to use network with id=
> 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
>
> It doesn't matter which network or which VM I use. I do not have any
> projects defined. Any ideas?
>
> Api log:
> 2022-08-31 18:28:00,903 INFO [a.c.c.a.ApiServlet]
> (qtp1750498848-285:ctx-e1ff1e99 ctx-7d49ea3e ctx-ac87c2e4)
> (logid:a0a5f800) (userId=2 accountId=2 sessionId=null) 0:0:0:0:0:0:0:1
> -- GET
> signatureversion=3&apiKey=eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A&expires=2022-08-31T23%3A38%3A00%2B0000&jobid=85620fa4-c3ee-4b55-a220-2b2efbfc8240&command=queryAsyncJobResult&signature=DVfJ3fAUm9fTkGpJnZIPqqVTiuM%3D&response=json
> 200
> {"queryasyncjobresultresponse":{"accountid":"4881765b-737e-11e6-af31-a4badb303ab0","userid":"488183c2-737e-11e6-af31-a4badb303ab0","cmd":"org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Unable
> to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
> denied"},"jobinstancetype":"VirtualMachine","jobinstanceid":"a13626c9-209f-4d63-b1ae-624e77863d68","created":"2022-08-31T18:27:58-0500","completed":"2022-08-31T18:27:58-0500","jobid":"85620fa4-c3ee-4b55-a220-2b2efbfc8240"}}
>
> Management log:
> 2022-08-31 18:27:58,876 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Executing
> AsyncJobVO: {id:25273, userId: 2, accountId: 2, instanceType:
> VirtualMachine, instanceId: 22, cmd:
> org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin,
> cmdInfo:
> {"expires":"2022-08-31T23:37:58+0000","apiKey":"eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A","signature":"G5byvIP9InHK1s301Dir4KAUYnM\u003d","httpmethod":"GET","ctxAccountId":"2","cmdEventType":"NIC.CREATE","signatureversion":"3","virtualmachineid":"a13626c9-209f-4d63-b1ae-624e77863d68","response":"json","ctxUserId":"2","networkid":"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2","ctxStartEventId":"314819","ctxDetails":"{\"interface
> com.cloud.vm.VirtualMachine\":\"a13626c9-209f-4d63-b1ae-624e77863d68\",\"interface
> com.cloud.network.Network\":\"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2\"}"},
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 181122448243502, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null, removed: null}
> 2022-08-31 18:27:58,899 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Unexpected
> exception while executing
> org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin
> com.cloud.exception.PermissionDeniedException: Unable to use network
> with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
> at
> com.cloud.network.NetworkModelImpl.checkNetworkPermissions(NetworkModelImpl.java:1681)
> at
> com.cloud.vm.UserVmManagerImpl.addNicToVirtualMachine(UserVmManagerImpl.java:1323)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
> at com.sun.proxy.$Proxy128.addNicToVirtualMachine(Unknown Source)
> at
> org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd.execute(AddNicToVMCmd.java:173)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
> at
> com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:106)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> 2022-08-31 18:27:58,902 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Complete
> async job-25273, jobStatus: FAILED, resultCode: 530, result:
> org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Unable
> to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
> denied"}
>
>
> --
> Matthew Smart
> President
> Smart Software Solutions Inc.
> 108 S Pierre St.
> Pierre, SD 57501
>
> Phone: (605) 280-0383
> Skype: msmart13
> Email:msmart@smartsoftwareinc.com
>
>
>
>
Re: Permission Denied when trying to add nictovirtualmachine as ROOT Admin
Posted by Matthew Smart <ms...@smartsoftwareinc.com>.
I have been traveling and just got a chance to return to this issue.
Again, I want to allow the Root Admin account to add nics from different
networks to any virtual machine. 'Create network permissions' from the
API to try to add the ROOT Admin account to a network's permissions
fails because it says that the ROOT Admin is not a member of the domain.
That account is a member of the ROOT domain and all other domains are
listed hierarchically beneath ROOT (EG ROOT/dev, ROOT/prod, ... etc)
fwiw. I don't want to further complicate my automation by creating and
keeping track of an individual Domain Admin account for each of my
domains. I have found a workaround I can live with by just creating the
requisite row in the network_permissions table in the db for the ROOT
Admin account for each network.
Is there a pressing reason why the ROOT Admin should have rights to do
pretty much everything else but not add nics to vms on different
networks? Does the roadmap call for a further curtailing of ROOT Admin
permissions? If not, would giving ROOT admin implicit network
permissions be a feature that could be requested?
Thanks,
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501
Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com
On 9/1/22 02:23, Abhishek Kumar wrote:
> Hi Matthew,
>
> In your case does the user to which VM belongs have the access to the network you are trying to add to the VM?
> I tried it in a test env and it works fine when the user has access to the network (eg, the user owns the network). But it would fail when the user doesn't have the access to the network.
>
> Below is an example. First I tried to add a user owned network using domain admin. It worked. Then I tried adding a domain-admin owned network to the VM. It failed. But smae operation worked when I added proper network permissions.
>
> (sblab) 🐌 > list networks id=4caccd89-9479-4c57-bef2-b8bdd3a99229
> {
> "count": 1,
> "network": [
> {
> "account": "ACSUser",
> "acltype": "Account",
> "broadcastdomaintype": "Vlan",
> "canusefordeploy": true,
> "cidr": "10.1.1.0/24",
> "created": "2022-09-01T06:55:10+0000",
> "displaytext": "user-iso1",
> "dns1": "10.0.32.1",
> "dns2": "8.8.8.8",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "egressdefaultpolicy": false,
> "gateway": "10.1.1.1",
> "hasannotations": false,
> "id": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "ispersistent": false,
> "issystem": false,
> "name": "user-iso1",
> "netmask": "255.255.255.0",
> "networkdomain": "cs4cloud.internal",
> "networkofferingavailability": "Required",
> "networkofferingconservemode": true,
> ...
> }
> (sblab) 🐘 > list networks id=54b35a12-0947-4897-ab3b-10059c3e1398
> {
> "count": 1,
> "network": [
> {
> "account": "ACSUser",
> "acltype": "Account",
> "broadcastdomaintype": "Vlan",
> "canusefordeploy": true,
> "created": "2022-09-01T06:55:37+0000",
> "displaytext": "user-l2",
> "dns1": "10.0.32.1",
> "dns2": "8.8.8.8",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "hasannotations": false,
> "id": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "ispersistent": false,
> "issystem": false,
> "name": "user-l2",
> "networkofferingavailability": "Optional",
> "networkofferingconservemode": true,
> "networkofferingdisplaytext": "Offering for L2 networks",
> "networkofferingid": "c872ab72-5849-4bb5-8cd9-0fa346c895ab",
> "networkofferingname": "DefaultL2NetworkOffering",
> "physicalnetworkid": "e7721ec6-797d-4c45-a790-65cb0a333501",
> "receivedbytes": 0,
> "redundantrouter": false,
> "related": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "restartrequired": false,
> "sentbytes": 0,
> "service": [],
> "specifyipranges": false,
> "state": "Implemented",
> "strechedl2subnet": false,
> "tags": [],
> "traffictype": "Guest",
> "type": "L2",
> "zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
> "zonename": "ref-trl-3557-v-M7-abhishek-kumar"
> }
> ]
> }
>
> (sblab) 🐷 > deploy virtualmachine zoneid=fce252b8-5075-4077-80c0-4f027fea354d serviceofferingid=3ed0124f-7064-4680-82da-80204d3a3ddb templateid=feb21788-29be-4fb0-8618-ec0f50921838 networkids=4caccd89-9479-4c57-bef2-b8bdd3a99229
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "cpunumber": 1,
> "cpuspeed": 500,
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "448d9d04-bc0b-4576-94a9-5ece301b52e5",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "memory": 512,
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> "userid": "96793627-9833-4012-9247-fc8761330e96",
> "username": "user",
> "zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
> "zonename": "ref-trl-3557-v-M7-abhishek-kumar"
> }
> }
> (sblab) 🍀 > set username domadmin
> (sblab) 🐒 > sync
> Discovered 328 APIs
> (sblab) 🐹 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=54b35a12-0947-4897-ab3b-10059c3e1398
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "3a286118-843a-4a92-b0cc-8bdc4ecd334f",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2240",
> "deviceid": "1",
> "extradhcpoption": [],
> "id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
> "isdefault": false,
> "isolationuri": "vlan://2240",
> "macaddress": "02:00:7e:eb:00:02",
> "networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "networkname": "user-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> }
> }
> (sblab) 🦇 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
> {
> "accountid": "e879dc18-4adb-42d8-bcc6-8bda00ba93f6",
> "cmd": "org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd",
> "completed": "2022-09-01T07:13:50+0000",
> "created": "2022-09-01T07:13:50+0000",
> "jobid": "03a994d6-f001-46c8-9c37-22ae9ccede2a",
> "jobinstanceid": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "jobinstancetype": "VirtualMachine",
> "jobprocstatus": 0,
> "jobresult": {
> "errorcode": 530,
> "errortext": "Unable to use network with id= 79bda62e-5b08-434c-846c-8db806482da9, permission denied"
> },
> "jobresultcode": 530,
> "jobresulttype": "object",
> "jobstatus": 2,
> "userid": "4628e888-55b0-4230-b0be-679fe2374e7a"
> }
> 🙈 Error: async API failed for job 03a994d6-f001-46c8-9c37-22ae9ccede2a
> (sblab) 🐀 > create networkpermissions networkid=79bda62e-5b08-434c-846c-8db806482da9 accountids=9e5e5c6d-74d4-4df6-a4ad-0e575d3a2298
> {
> "success": true
> }
> (sblab) 🐟 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
> {
> "virtualmachine": {
> "account": "ACSUser",
> "affinitygroup": [],
> "created": "2022-09-01T07:12:40+0000",
> "details": {
> "dataDiskController": "osdefault",
> "rootDiskController": "osdefault"
> },
> "displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "domain": "ROOT",
> "domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
> "guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
> "haenable": false,
> "hasannotations": false,
> "hypervisor": "VMware",
> "id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "isdynamicallyscalable": false,
> "jobid": "bcf0f01b-b55d-42d3-9535-056315e5608c",
> "jobstatus": 0,
> "lastupdated": "2022-09-01T07:12:49+0000",
> "name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
> "nic": [
> {
> "broadcasturi": "vlan://2240",
> "deviceid": "1",
> "extradhcpoption": [],
> "id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
> "isdefault": false,
> "isolationuri": "vlan://2240",
> "macaddress": "02:00:7e:eb:00:02",
> "networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
> "networkname": "user-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2231",
> "deviceid": "2",
> "extradhcpoption": [],
> "id": "c8635505-33f4-44ac-ab42-d3dc698c4da2",
> "isdefault": false,
> "isolationuri": "vlan://2231",
> "macaddress": "02:00:15:b4:00:01",
> "networkid": "79bda62e-5b08-434c-846c-8db806482da9",
> "networkname": "dom-l2",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "L2"
> },
> {
> "broadcasturi": "vlan://2227",
> "deviceid": "0",
> "extradhcpoption": [],
> "gateway": "10.1.1.1",
> "id": "b1811c73-ec60-4c50-91c3-0b562c496284",
> "ipaddress": "10.1.1.227",
> "isdefault": true,
> "isolationuri": "vlan://2227",
> "macaddress": "02:00:18:83:00:04",
> "netmask": "255.255.255.0",
> "networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
> "networkname": "user-iso1",
> "secondaryip": [],
> "traffictype": "Guest",
> "type": "Isolated"
> }
> ],
> ...
> }
> }
>
> Regards,
> Abhishek
> ________________________________
> From: Matthew Smart <ms...@smartsoftwareinc.com>
> Sent: 01 September 2022 05:02
> To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
> Subject: Permission Denied when trying to add nictovirtualmachine as Domain Admin
>
> All,
> I am having an issue trying to add a nic to an existing virtual machine.
> This seems very similar to issue 6590
> https://github.com/apache/cloudstack/issues/6590 . The error is the same
> if I try it from the UI or cloudmonkey:
> Error 530, Unable to use network with id=
> 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
>
> It doesn't matter which network or which VM I use. I do not have any
> projects defined. Any ideas?
>
> Api log:
> 2022-08-31 18:28:00,903 INFO [a.c.c.a.ApiServlet]
> (qtp1750498848-285:ctx-e1ff1e99 ctx-7d49ea3e ctx-ac87c2e4)
> (logid:a0a5f800) (userId=2 accountId=2 sessionId=null) 0:0:0:0:0:0:0:1
> -- GET
> signatureversion=3&apiKey=eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A&expires=2022-08-31T23%3A38%3A00%2B0000&jobid=85620fa4-c3ee-4b55-a220-2b2efbfc8240&command=queryAsyncJobResult&signature=DVfJ3fAUm9fTkGpJnZIPqqVTiuM%3D&response=json
> 200
> {"queryasyncjobresultresponse":{"accountid":"4881765b-737e-11e6-af31-a4badb303ab0","userid":"488183c2-737e-11e6-af31-a4badb303ab0","cmd":"org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Unable
> to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
> denied"},"jobinstancetype":"VirtualMachine","jobinstanceid":"a13626c9-209f-4d63-b1ae-624e77863d68","created":"2022-08-31T18:27:58-0500","completed":"2022-08-31T18:27:58-0500","jobid":"85620fa4-c3ee-4b55-a220-2b2efbfc8240"}}
>
> Management log:
> 2022-08-31 18:27:58,876 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Executing
> AsyncJobVO: {id:25273, userId: 2, accountId: 2, instanceType:
> VirtualMachine, instanceId: 22, cmd:
> org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin,
> cmdInfo:
> {"expires":"2022-08-31T23:37:58+0000","apiKey":"eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A","signature":"G5byvIP9InHK1s301Dir4KAUYnM\u003d","httpmethod":"GET","ctxAccountId":"2","cmdEventType":"NIC.CREATE","signatureversion":"3","virtualmachineid":"a13626c9-209f-4d63-b1ae-624e77863d68","response":"json","ctxUserId":"2","networkid":"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2","ctxStartEventId":"314819","ctxDetails":"{\"interface
> com.cloud.vm.VirtualMachine\":\"a13626c9-209f-4d63-b1ae-624e77863d68\",\"interface
> com.cloud.network.Network\":\"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2\"}"},
> cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
> result: null, initMsid: 181122448243502, completeMsid: null,
> lastUpdated: null, lastPolled: null, created: null, removed: null}
> 2022-08-31 18:27:58,899 ERROR [c.c.a.ApiAsyncJobDispatcher]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Unexpected
> exception while executing
> org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin
> com.cloud.exception.PermissionDeniedException: Unable to use network
> with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
> at
> com.cloud.network.NetworkModelImpl.checkNetworkPermissions(NetworkModelImpl.java:1681)
> at
> com.cloud.vm.UserVmManagerImpl.addNicToVirtualMachine(UserVmManagerImpl.java:1323)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
> at com.sun.proxy.$Proxy128.addNicToVirtualMachine(Unknown Source)
> at
> org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd.execute(AddNicToVMCmd.java:173)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
> at
> com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:106)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
> at
> org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
> at
> org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
> at
> org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> 2022-08-31 18:27:58,902 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
> (API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Complete
> async job-25273, jobStatus: FAILED, resultCode: 530, result:
> org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Unable
> to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
> denied"}
>
>
> --
> Matthew Smart
> President
> Smart Software Solutions Inc.
> 108 S Pierre St.
> Pierre, SD 57501
>
> Phone: (605) 280-0383
> Skype: msmart13
> Email:msmart@smartsoftwareinc.com
>
>
>
>
Re: Permission Denied when trying to add nictovirtualmachine as Domain Admin
Posted by Abhishek Kumar <Ab...@shapeblue.com>.
Hi Matthew,
In your case does the user to which VM belongs have the access to the network you are trying to add to the VM?
I tried it in a test env and it works fine when the user has access to the network (eg, the user owns the network). But it would fail when the user doesn't have the access to the network.
Below is an example. First I tried to add a user owned network using domain admin. It worked. Then I tried adding a domain-admin owned network to the VM. It failed. But smae operation worked when I added proper network permissions.
(sblab) 🐌 > list networks id=4caccd89-9479-4c57-bef2-b8bdd3a99229
{
"count": 1,
"network": [
{
"account": "ACSUser",
"acltype": "Account",
"broadcastdomaintype": "Vlan",
"canusefordeploy": true,
"cidr": "10.1.1.0/24",
"created": "2022-09-01T06:55:10+0000",
"displaytext": "user-iso1",
"dns1": "10.0.32.1",
"dns2": "8.8.8.8",
"domain": "ROOT",
"domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
"egressdefaultpolicy": false,
"gateway": "10.1.1.1",
"hasannotations": false,
"id": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
"ispersistent": false,
"issystem": false,
"name": "user-iso1",
"netmask": "255.255.255.0",
"networkdomain": "cs4cloud.internal",
"networkofferingavailability": "Required",
"networkofferingconservemode": true,
...
}
(sblab) 🐘 > list networks id=54b35a12-0947-4897-ab3b-10059c3e1398
{
"count": 1,
"network": [
{
"account": "ACSUser",
"acltype": "Account",
"broadcastdomaintype": "Vlan",
"canusefordeploy": true,
"created": "2022-09-01T06:55:37+0000",
"displaytext": "user-l2",
"dns1": "10.0.32.1",
"dns2": "8.8.8.8",
"domain": "ROOT",
"domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
"hasannotations": false,
"id": "54b35a12-0947-4897-ab3b-10059c3e1398",
"ispersistent": false,
"issystem": false,
"name": "user-l2",
"networkofferingavailability": "Optional",
"networkofferingconservemode": true,
"networkofferingdisplaytext": "Offering for L2 networks",
"networkofferingid": "c872ab72-5849-4bb5-8cd9-0fa346c895ab",
"networkofferingname": "DefaultL2NetworkOffering",
"physicalnetworkid": "e7721ec6-797d-4c45-a790-65cb0a333501",
"receivedbytes": 0,
"redundantrouter": false,
"related": "54b35a12-0947-4897-ab3b-10059c3e1398",
"restartrequired": false,
"sentbytes": 0,
"service": [],
"specifyipranges": false,
"state": "Implemented",
"strechedl2subnet": false,
"tags": [],
"traffictype": "Guest",
"type": "L2",
"zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
"zonename": "ref-trl-3557-v-M7-abhishek-kumar"
}
]
}
(sblab) 🐷 > deploy virtualmachine zoneid=fce252b8-5075-4077-80c0-4f027fea354d serviceofferingid=3ed0124f-7064-4680-82da-80204d3a3ddb templateid=feb21788-29be-4fb0-8618-ec0f50921838 networkids=4caccd89-9479-4c57-bef2-b8bdd3a99229
{
"virtualmachine": {
"account": "ACSUser",
"affinitygroup": [],
"cpunumber": 1,
"cpuspeed": 500,
"created": "2022-09-01T07:12:40+0000",
"details": {
"dataDiskController": "osdefault",
"rootDiskController": "osdefault"
},
"displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"domain": "ROOT",
"domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
"guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
"haenable": false,
"hasannotations": false,
"hypervisor": "VMware",
"id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"isdynamicallyscalable": false,
"jobid": "448d9d04-bc0b-4576-94a9-5ece301b52e5",
"jobstatus": 0,
"lastupdated": "2022-09-01T07:12:49+0000",
"memory": 512,
"name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"nic": [
{
"broadcasturi": "vlan://2227",
"deviceid": "0",
"extradhcpoption": [],
"gateway": "10.1.1.1",
"id": "b1811c73-ec60-4c50-91c3-0b562c496284",
"ipaddress": "10.1.1.227",
"isdefault": true,
"isolationuri": "vlan://2227",
"macaddress": "02:00:18:83:00:04",
"netmask": "255.255.255.0",
"networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
"networkname": "user-iso1",
"secondaryip": [],
"traffictype": "Guest",
"type": "Isolated"
}
],
...
"userid": "96793627-9833-4012-9247-fc8761330e96",
"username": "user",
"zoneid": "fce252b8-5075-4077-80c0-4f027fea354d",
"zonename": "ref-trl-3557-v-M7-abhishek-kumar"
}
}
(sblab) 🍀 > set username domadmin
(sblab) 🐒 > sync
Discovered 328 APIs
(sblab) 🐹 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=54b35a12-0947-4897-ab3b-10059c3e1398
{
"virtualmachine": {
"account": "ACSUser",
"affinitygroup": [],
"created": "2022-09-01T07:12:40+0000",
"details": {
"dataDiskController": "osdefault",
"rootDiskController": "osdefault"
},
"displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"domain": "ROOT",
"domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
"guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
"haenable": false,
"hasannotations": false,
"hypervisor": "VMware",
"id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"isdynamicallyscalable": false,
"jobid": "3a286118-843a-4a92-b0cc-8bdc4ecd334f",
"jobstatus": 0,
"lastupdated": "2022-09-01T07:12:49+0000",
"name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"nic": [
{
"broadcasturi": "vlan://2240",
"deviceid": "1",
"extradhcpoption": [],
"id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
"isdefault": false,
"isolationuri": "vlan://2240",
"macaddress": "02:00:7e:eb:00:02",
"networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
"networkname": "user-l2",
"secondaryip": [],
"traffictype": "Guest",
"type": "L2"
},
{
"broadcasturi": "vlan://2227",
"deviceid": "0",
"extradhcpoption": [],
"gateway": "10.1.1.1",
"id": "b1811c73-ec60-4c50-91c3-0b562c496284",
"ipaddress": "10.1.1.227",
"isdefault": true,
"isolationuri": "vlan://2227",
"macaddress": "02:00:18:83:00:04",
"netmask": "255.255.255.0",
"networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
"networkname": "user-iso1",
"secondaryip": [],
"traffictype": "Guest",
"type": "Isolated"
}
],
...
}
}
(sblab) 🦇 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
{
"accountid": "e879dc18-4adb-42d8-bcc6-8bda00ba93f6",
"cmd": "org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd",
"completed": "2022-09-01T07:13:50+0000",
"created": "2022-09-01T07:13:50+0000",
"jobid": "03a994d6-f001-46c8-9c37-22ae9ccede2a",
"jobinstanceid": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"jobinstancetype": "VirtualMachine",
"jobprocstatus": 0,
"jobresult": {
"errorcode": 530,
"errortext": "Unable to use network with id= 79bda62e-5b08-434c-846c-8db806482da9, permission denied"
},
"jobresultcode": 530,
"jobresulttype": "object",
"jobstatus": 2,
"userid": "4628e888-55b0-4230-b0be-679fe2374e7a"
}
🙈 Error: async API failed for job 03a994d6-f001-46c8-9c37-22ae9ccede2a
(sblab) 🐀 > create networkpermissions networkid=79bda62e-5b08-434c-846c-8db806482da9 accountids=9e5e5c6d-74d4-4df6-a4ad-0e575d3a2298
{
"success": true
}
(sblab) 🐟 > add nictovirtualmachine virtualmachineid=b7ec5047-9d02-42b2-91d0-bfd3e4f1e410 networkid=79bda62e-5b08-434c-846c-8db806482da9
{
"virtualmachine": {
"account": "ACSUser",
"affinitygroup": [],
"created": "2022-09-01T07:12:40+0000",
"details": {
"dataDiskController": "osdefault",
"rootDiskController": "osdefault"
},
"displayname": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"domain": "ROOT",
"domainid": "65609c23-2826-11ed-bf3a-1e00750002ea",
"guestosid": "6582ae97-2826-11ed-bf3a-1e00750002ea",
"haenable": false,
"hasannotations": false,
"hypervisor": "VMware",
"id": "b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"isdynamicallyscalable": false,
"jobid": "bcf0f01b-b55d-42d3-9535-056315e5608c",
"jobstatus": 0,
"lastupdated": "2022-09-01T07:12:49+0000",
"name": "VM-b7ec5047-9d02-42b2-91d0-bfd3e4f1e410",
"nic": [
{
"broadcasturi": "vlan://2240",
"deviceid": "1",
"extradhcpoption": [],
"id": "9d79cb1e-2c6e-4c2f-9e08-1a1e1870c23c",
"isdefault": false,
"isolationuri": "vlan://2240",
"macaddress": "02:00:7e:eb:00:02",
"networkid": "54b35a12-0947-4897-ab3b-10059c3e1398",
"networkname": "user-l2",
"secondaryip": [],
"traffictype": "Guest",
"type": "L2"
},
{
"broadcasturi": "vlan://2231",
"deviceid": "2",
"extradhcpoption": [],
"id": "c8635505-33f4-44ac-ab42-d3dc698c4da2",
"isdefault": false,
"isolationuri": "vlan://2231",
"macaddress": "02:00:15:b4:00:01",
"networkid": "79bda62e-5b08-434c-846c-8db806482da9",
"networkname": "dom-l2",
"secondaryip": [],
"traffictype": "Guest",
"type": "L2"
},
{
"broadcasturi": "vlan://2227",
"deviceid": "0",
"extradhcpoption": [],
"gateway": "10.1.1.1",
"id": "b1811c73-ec60-4c50-91c3-0b562c496284",
"ipaddress": "10.1.1.227",
"isdefault": true,
"isolationuri": "vlan://2227",
"macaddress": "02:00:18:83:00:04",
"netmask": "255.255.255.0",
"networkid": "4caccd89-9479-4c57-bef2-b8bdd3a99229",
"networkname": "user-iso1",
"secondaryip": [],
"traffictype": "Guest",
"type": "Isolated"
}
],
...
}
}
Regards,
Abhishek
________________________________
From: Matthew Smart <ms...@smartsoftwareinc.com>
Sent: 01 September 2022 05:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: Permission Denied when trying to add nictovirtualmachine as Domain Admin
All,
I am having an issue trying to add a nic to an existing virtual machine.
This seems very similar to issue 6590
https://github.com/apache/cloudstack/issues/6590 . The error is the same
if I try it from the UI or cloudmonkey:
Error 530, Unable to use network with id=
53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
It doesn't matter which network or which VM I use. I do not have any
projects defined. Any ideas?
Api log:
2022-08-31 18:28:00,903 INFO [a.c.c.a.ApiServlet]
(qtp1750498848-285:ctx-e1ff1e99 ctx-7d49ea3e ctx-ac87c2e4)
(logid:a0a5f800) (userId=2 accountId=2 sessionId=null) 0:0:0:0:0:0:0:1
-- GET
signatureversion=3&apiKey=eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A&expires=2022-08-31T23%3A38%3A00%2B0000&jobid=85620fa4-c3ee-4b55-a220-2b2efbfc8240&command=queryAsyncJobResult&signature=DVfJ3fAUm9fTkGpJnZIPqqVTiuM%3D&response=json
200
{"queryasyncjobresultresponse":{"accountid":"4881765b-737e-11e6-af31-a4badb303ab0","userid":"488183c2-737e-11e6-af31-a4badb303ab0","cmd":"org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Unable
to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
denied"},"jobinstancetype":"VirtualMachine","jobinstanceid":"a13626c9-209f-4d63-b1ae-624e77863d68","created":"2022-08-31T18:27:58-0500","completed":"2022-08-31T18:27:58-0500","jobid":"85620fa4-c3ee-4b55-a220-2b2efbfc8240"}}
Management log:
2022-08-31 18:27:58,876 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Executing
AsyncJobVO: {id:25273, userId: 2, accountId: 2, instanceType:
VirtualMachine, instanceId: 22, cmd:
org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin,
cmdInfo:
{"expires":"2022-08-31T23:37:58+0000","apiKey":"eHyz1TC3ZcmUd2mHc60UZU_KMO17QTXrG5a84vn0tYwbVvr7AtKLil8O0egC2UUBVPh1nD_QbQG_4zCV-Jeg_A","signature":"G5byvIP9InHK1s301Dir4KAUYnM\u003d","httpmethod":"GET","ctxAccountId":"2","cmdEventType":"NIC.CREATE","signatureversion":"3","virtualmachineid":"a13626c9-209f-4d63-b1ae-624e77863d68","response":"json","ctxUserId":"2","networkid":"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2","ctxStartEventId":"314819","ctxDetails":"{\"interface
com.cloud.vm.VirtualMachine\":\"a13626c9-209f-4d63-b1ae-624e77863d68\",\"interface
com.cloud.network.Network\":\"53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2\"}"},
cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
result: null, initMsid: 181122448243502, completeMsid: null,
lastUpdated: null, lastPolled: null, created: null, removed: null}
2022-08-31 18:27:58,899 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Unexpected
exception while executing
org.apache.cloudstack.api.command.admin.vm.AddNicToVMCmdByAdmin
com.cloud.exception.PermissionDeniedException: Unable to use network
with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission denied
at
com.cloud.network.NetworkModelImpl.checkNetworkPermissions(NetworkModelImpl.java:1681)
at
com.cloud.vm.UserVmManagerImpl.addNicToVirtualMachine(UserVmManagerImpl.java:1323)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:107)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:52)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy128.addNicToVirtualMachine(Unknown Source)
at
org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd.execute(AddNicToVMCmd.java:173)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:163)
at
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:106)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:620)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
at
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:568)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-08-31 18:27:58,902 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-2:ctx-90af3c61 job-25273) (logid:85620fa4) Complete
async job-25273, jobStatus: FAILED, resultCode: 530, result:
org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Unable
to use network with id= 53e901ca-d9ac-40b6-bfe2-8bc7b581c8f2, permission
denied"}
--
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501
Phone: (605) 280-0383
Skype: msmart13
Email:msmart@smartsoftwareinc.com