You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sailaja Mada (JIRA)" <ji...@apache.org> on 2013/05/14 08:27:15 UTC
[jira] [Updated] (CLOUDSTACK-2475) Failed to create PF rules with
Cisco VNMC as the port pool object name is exceeding the max limit
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Mada updated CLOUDSTACK-2475:
-------------------------------------
Description:
Setup: Advanced Networking Zone with VMWARE Cluster
Steps :
1. Configure VMWARE Cluster with Nexus 1000v
2. Add Network Service provider CiscoVnmc and add Cisco VNMC and ASA firewall devices to CS
3. Create Network offering with Firewall/PF/Source Nat/Static NAT provider as Cisco VNMC
4. Deploy guest network with this Offering and deploy instance using this guest network
5. Acquire IP and configure PF rules.
6. Create PF/Delete/Create more than 9 rules.
Observation:
1. Failed to create PF rules with Cisco VNMC as the port pool object name is exceeding the max limit
2. Creation of PF rule worked fine till it has single digit in the drule.
[PFPort-Vlan-vlanid-PublicIP-druleid]
'PFPort-vlan-770-10-102-196-232-15'
2013-05-14 09:42:09,912 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Executing org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd for job-66
2013-05-14 09:42:09,921 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:09,937 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:09,960 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:09,961 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:09,965 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Executing request
2013-05-14 09:42:10,468 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-392:null) SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
com.cloud.utils.exception.ExecutionException: property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1361)
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPortPool(CiscoVnmcConnectionImpl.java:824)
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFPortPool(CiscoVnmcConnectionImpl.java:958)
at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:578)
at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:514)
at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:99)
at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
2013-05-14 09:42:10,469 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Response Received:
2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (DirectAgent-392:null) Seq 6-602734649: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'","wait":0}}] }
2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
2013-05-14 09:42:10,469 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
2013-05-14 09:42:10,469 ERROR [network.element.CiscoVnmcElement] (Job-Executor-92:job-66) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
2013-05-14 09:42:10,470 WARN [network.rules.RulesManagerImpl] (Job-Executor-92:job-66) Failed to apply port forwarding rules for ip due to
com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:726)
at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:560)
at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2472)
at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:504)
at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:840)
at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1023)
at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
2013-05-14 09:42:10,484 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,487 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,505 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,525 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:10,526 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:10,531 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Executing request
2013-05-14 09:42:10,943 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Response Received:
2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (DirectAgent-96:null) Seq 6-602734650: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":true,"details":"Success","wait":0}}] }
2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
2013-05-14 09:42:10,944 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: Success
2013-05-14 09:42:10,964 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Complete async job-66, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: Failed to apply port forwarding rule
was:
Setup: Advanced Networking Zone with VMWARE Cluster
Steps :
1. Configure VMWARE Cluster with Nexus 1000v
2. Add Network Service provider CiscoVnmc and add Cisco VNMC and ASA firewall devices to CS
3. Create Network offering with Firewall/PF/Source Nat/Static NAT provider as Cisco VNMC
4. Deploy guest network with this Offering and deploy instance using this guest network
5. Acquire IP and configure PF rules.
Observation:
1. Failed to create PF rules with Cisco VNMC as the port pool object name is exceeding the max limit
2. Creation of PF rule worked fine till it has single digit in the drule.
[PFPort-Vlan-vlanid-PublicIP-druleid]
'PFPort-vlan-770-10-102-196-232-15'
2013-05-14 09:42:09,912 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Executing org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd for job-66
2013-05-14 09:42:09,921 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:09,937 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:09,960 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:09,961 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:09,965 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Executing request
2013-05-14 09:42:10,468 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-392:null) SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
com.cloud.utils.exception.ExecutionException: property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1361)
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPortPool(CiscoVnmcConnectionImpl.java:824)
at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFPortPool(CiscoVnmcConnectionImpl.java:958)
at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:578)
at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:514)
at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:99)
at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
2013-05-14 09:42:10,469 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Response Received:
2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (DirectAgent-392:null) Seq 6-602734649: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'","wait":0}}] }
2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
2013-05-14 09:42:10,469 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
2013-05-14 09:42:10,469 ERROR [network.element.CiscoVnmcElement] (Job-Executor-92:job-66) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
2013-05-14 09:42:10,470 WARN [network.rules.RulesManagerImpl] (Job-Executor-92:job-66) Failed to apply port forwarding rules for ip due to
com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:726)
at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:560)
at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2472)
at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:504)
at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:840)
at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1023)
at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
2013-05-14 09:42:10,484 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,487 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,505 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
2013-05-14 09:42:10,525 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:10,526 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
2013-05-14 09:42:10,531 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Executing request
2013-05-14 09:42:10,943 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Response Received:
2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (DirectAgent-96:null) Seq 6-602734650: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":true,"details":"Success","wait":0}}] }
2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
2013-05-14 09:42:10,944 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: Success
2013-05-14 09:42:10,964 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Complete async job-66, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: Failed to apply port forwarding rule
> Failed to create PF rules with Cisco VNMC as the port pool object name is exceeding the max limit
> --------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2475
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2475
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Devices
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Priority: Critical
>
> Setup: Advanced Networking Zone with VMWARE Cluster
> Steps :
> 1. Configure VMWARE Cluster with Nexus 1000v
> 2. Add Network Service provider CiscoVnmc and add Cisco VNMC and ASA firewall devices to CS
> 3. Create Network offering with Firewall/PF/Source Nat/Static NAT provider as Cisco VNMC
> 4. Deploy guest network with this Offering and deploy instance using this guest network
> 5. Acquire IP and configure PF rules.
> 6. Create PF/Delete/Create more than 9 rules.
> Observation:
> 1. Failed to create PF rules with Cisco VNMC as the port pool object name is exceeding the max limit
> 2. Creation of PF rule worked fine till it has single digit in the drule.
> [PFPort-Vlan-vlanid-PublicIP-druleid]
> 'PFPort-vlan-770-10-102-196-232-15'
> 2013-05-14 09:42:09,912 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Executing org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd for job-66
> 2013-05-14 09:42:09,921 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-14 09:42:09,937 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-14 09:42:09,960 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
> 2013-05-14 09:42:09,961 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":false,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
> 2013-05-14 09:42:09,965 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Executing request
> 2013-05-14 09:42:10,468 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-392:null) SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
> com.cloud.utils.exception.ExecutionException: property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1361)
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPortPool(CiscoVnmcConnectionImpl.java:824)
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFPortPool(CiscoVnmcConnectionImpl.java:958)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:578)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:514)
> at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:99)
> at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-14 09:42:10,469 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-392:null) Seq 6-602734649: Response Received:
> 2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (DirectAgent-392:null) Seq 6-602734649: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'","wait":0}}] }
> 2013-05-14 09:42:10,469 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734649: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
> 2013-05-14 09:42:10,469 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'
> 2013-05-14 09:42:10,469 ERROR [network.element.CiscoVnmcElement] (Job-Executor-92:job-66) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
> 2013-05-14 09:42:10,470 WARN [network.rules.RulesManagerImpl] (Job-Executor-92:job-66) Failed to apply port forwarding rules for ip due to
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetSourceNatCommand failed due to property name of objgrp-PFPort-vlan-770-10-102-196-232-15 failed validation for value 'PFPort-vlan-770-10-102-196-232-15'.
> at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:726)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:560)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2472)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:504)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:840)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1023)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-14 09:42:10,484 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-14 09:42:10,487 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-14 09:42:10,505 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-92:job-66) Access to Rule[15-PortForwarding-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-14 09:42:10,525 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Sending { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
> 2013-05-14 09:42:10,526 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Executing: { Cmd , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 100011, [{"routing.SetPortForwardingRulesCommand":{"rules":[{"dstIp":"10.0.0.106","dstPortRange":[22,22],"id":15,"srcVlanTag":"100","srcIp":"10.102.196.232","protocol":"tcp","srcPortRange":[22,22],"revoked":true,"alreadyAdded":false,"purpose":"PortForwarding"}],"accessDetails":{},"wait":0}}] }
> 2013-05-14 09:42:10,531 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Executing request
> 2013-05-14 09:42:10,943 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-96:null) Seq 6-602734650: Response Received:
> 2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (DirectAgent-96:null) Seq 6-602734650: Processing: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, [{"Answer":{"result":true,"details":"Success","wait":0}}] }
> 2013-05-14 09:42:10,944 DEBUG [agent.transport.Request] (Job-Executor-92:job-66) Seq 6-602734650: Received: { Ans: , MgmtId: 214053811722752, via: 6, Ver: v1, Flags: 10, { Answer } }
> 2013-05-14 09:42:10,944 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-92:job-66) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: Success
> 2013-05-14 09:42:10,964 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-92:job-66) Complete async job-66, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: Failed to apply port forwarding rule
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira