You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sailaja Mada (JIRA)" <ji...@apache.org> on 2013/06/20 13:56:20 UTC
[jira] [Comment Edited] (CLOUDSTACK-2585) Failed to apply new PF
rules after deleting the existing PF Rule with Cisco VNMC Provider
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689172#comment-13689172 ]
Sailaja Mada edited comment on CLOUDSTACK-2585 at 6/20/13 11:55 AM:
--------------------------------------------------------------------
Regressed with latest Master. This issue is fixed now. We can create new PF rules after deleting the existing RULES. There is no conflict now. Hence closing the bug.
was (Author: sailaja):
Regressed with latest Master. This issue is fixed now. We can created new PF rules after deleting existing RULES. There is no conflict now. Hence closing the bug.
> Failed to apply new PF rules after deleting the existing PF Rule with Cisco VNMC Provider
> -----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Priority: Critical
> Fix For: 4.2.0
>
>
> Setup: Advanced Networking Zone with Nexus VMWARE Cluster
> Steps:
> 1. Create Guest network with Cisco VNMC provider as Firewall/PF/SourceNAT/Static NAT provider offering
> 2. Deploy VM using this guest network
> 3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to 53 (UDP) rule
> 4. Create 10.x cidr firewall rule from Source NAT IP
> 5. Delete (22-22) PF rule from the public IP
> 6. Try to create new PF rule (22-22) or any other.
> Observation:
> It failed to apply new PF rules after deleting the existing PF Rule
> Exception:
> 2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-359:null) SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> com.cloud.utils.exception.ExecutionException: Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370)
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508)
> at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100)
> at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-359:null) Seq 5-1754464294: Response Received:
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (DirectAgent-359:null) Seq 5-1754464294: Processing: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102","wait":0}}] }
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (Job-Executor-81:job-48) Seq 5-1754464294: Received: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } }
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-81:job-48) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> 2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement] (Job-Executor-81:job-48) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> 2013-05-20 16:45:33,648 WARN [network.rules.RulesManagerImpl] (Job-Executor-81:job-48) Failed to apply port forwarding rules for ip due to
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-81:job-48) Access to Rule[16-PortForwarding-Add] granted to Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira