You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/05/22 11:28:19 UTC
[jira] [Commented] (CLOUDSTACK-2585) Failed to apply new PF rules
after deleting the existing PF Rule with Cisco VNMC Provider
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13663959#comment-13663959 ]
ASF subversion and git services commented on CLOUDSTACK-2585:
-------------------------------------------------------------
Commit 83f84adda2715eae60c47738eee886a48fbc5b03 in branch refs/heads/master from [~koushikd]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=83f84ad ]
CLOUDSTACK-2585: Failed to apply new PF rules after deleting the existing PF Rule with Cisco VNMC Provider
Each rule created in VNMC under a policy object needs to have an unique order value. Rules are evaluated based on this value.
Eariler order was computed based on the rule count under a policy object. This resulted in duplicate order value when rules get
deleted and recreated. Changed the logic to compute order based on the CS db id of the rule which is unique.
> Failed to apply new PF rules after deleting the existing PF Rule with Cisco VNMC Provider
> -----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Priority: Critical
>
> Setup: Advanced Networking Zone with Nexus VMWARE Cluster
> Steps:
> 1. Create Guest network with Cisco VNMC provider as Firewall/PF/SourceNAT/Static NAT provider offering
> 2. Deploy VM using this guest network
> 3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to 53 (UDP) rule
> 4. Create 10.x cidr firewall rule from Source NAT IP
> 5. Delete (22-22) PF rule from the public IP
> 6. Try to create new PF rule (22-22) or any other.
> Observation:
> It failed to apply new PF rules after deleting the existing PF Rule
> Exception:
> 2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-359:null) SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> com.cloud.utils.exception.ExecutionException: Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370)
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508)
> at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100)
> at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-359:null) Seq 5-1754464294: Response Received:
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (DirectAgent-359:null) Seq 5-1754464294: Processing: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102","wait":0}}] }
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (Job-Executor-81:job-48) Seq 5-1754464294: Received: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } }
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-81:job-48) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> 2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement] (Job-Executor-81:job-48) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> 2013-05-20 16:45:33,648 WARN [network.rules.RulesManagerImpl] (Job-Executor-81:job-48) Failed to apply port forwarding rules for ip due to
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-81:job-48) Access to Rule[16-PortForwarding-Add] granted to Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira