You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sailaja Mada (JIRA)" <ji...@apache.org> on 2013/06/20 12:43:30 UTC
[jira] [Closed] (CLOUDSTACK-2417) NPE while creating Egress rules
with Networking using Cisco ASA firewall provider
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Mada closed CLOUDSTACK-2417.
------------------------------------
Regressed with latest master. There is no NPE now while creating egress rules. But with 'ALL' option it results as unsupported for this zone. I will confirm this behavior .
Closing this bug.
> NPE while creating Egress rules with Networking using Cisco ASA firewall provider
> ---------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2417
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2417
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Priority: Critical
> Fix For: 4.2.0
>
>
> Setup: Advanced Networking Zone with VMWARE Cluster
> Steps :
> 1. Configure VMWARE Cluster with Nexus 1000v
> 2. Add Network Service provider CiscoVnmc and add Cisco VNMC and ASA firewall devices to CS
> 3. Create Network offering with Firewall/PF/Source Nat/Static NAT provider as Cisco VNMC
> 4. Deploy guest network with this Offering and deploy instance using this guest network
> 5. Tried to create Egress rules with Cidr 10.0.0.0/00 TCP with 22 port
> Observation:
> NPE while creating Egress rules with Networking using Cisco ASA firewall provider
> 2013-05-09 17:14:22,886 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) ===START=== 10.144.6.19 -- GET command=createEgressFirewallRule&response=json&sessionkey=zynphD7KqJbmsaitAu1b9gOogUw%3D&protocol=tcp&cidrlist=10.0.0.0%2F00&networkid=7fac418a-19e7-4455-8e8c-1dc11b9200d3&startport=8080&endport=8080&_=1368100003217
> 2013-05-09 17:14:22,896 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-5:null) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:22,907 DEBUG [network.firewall.FirewallManagerImpl] (catalina-exec-5:null) No network rule conflicts detected for Rule[11-Firewall-Staged] against 0 existing rules
> 2013-05-09 17:14:22,956 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-5:null) submit async job-45, details: AsyncJobVO {id:45, userId: 3, accountId: 3, sessionKey: null, instanceType: FirewallRule, instanceId: 11, cmd: org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd, cmdOriginator: null, cmdInfo: {"sessionkey":"zynphD7KqJbmsaitAu1b9gOogUw\u003d","protocol":"tcp","ctxUserId":"3","httpmethod":"GET","startport":"8080","endport":"8080","response":"json","id":"11","cidrlist":"10.0.0.0/00","_":"1368100003217","ctxAccountId":"3","networkid":"7fac418a-19e7-4455-8e8c-1dc11b9200d3","ctxStartEventId":"191"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 214053811722752, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-05-09 17:14:22,958 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) ===END=== 10.144.6.19 -- GET command=createEgressFirewallRule&response=json&sessionkey=zynphD7KqJbmsaitAu1b9gOogUw%3D&protocol=tcp&cidrlist=10.0.0.0%2F00&networkid=7fac418a-19e7-4455-8e8c-1dc11b9200d3&startport=8080&endport=8080&_=1368100003217
> 2013-05-09 17:14:22,961 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-52:job-45) Executing org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd for job-45
> 2013-05-09 17:14:22,968 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-52:job-45) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:22,969 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-52:job-45) Sync job-45 execution on object network.204
> 2013-05-09 17:14:22,979 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-52:job-45) job org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd for job-45 was queued, processing the queue.
> 2013-05-09 17:14:22,998 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-52:job-45) Executing sync queue item: SyncQueueItemVO {id:24, queueId: 1, contentType: AsyncJob, contentId: 45, lastProcessMsid: 214053811722752, lastprocessNumber: 21, lastProcessTime: Thu May 09 17:14:22 IST 2013, created: Thu May 09 17:14:22 IST 2013}
> 2013-05-09 17:14:23,000 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-52:job-45) Schedule queued job-45
> 2013-05-09 17:14:23,016 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Executor-52:job-45) There is a pending process in sync queue(id: 1)
> 2013-05-09 17:14:23,018 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-45) Executing org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd for job-45
> 2013-05-09 17:14:23,024 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Acct[3-cdcuser1] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,033 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[9-Firewall-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,034 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[10-Firewall-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,036 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[11-Firewall-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,058 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[11-Firewall-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,060 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[11-Firewall-Add] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,072 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[9-Firewall-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,074 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[10-Firewall-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,075 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-53:job-45) Access to Rule[11-Firewall-Revoke] granted to Acct[3-cdcuser1] by DomainChecker_EnhancerByCloudStack_d007a7cf
> 2013-05-09 17:14:23,094 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-45) Unexpected exception while executing org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd
> java.lang.NullPointerException
> at com.cloud.network.element.CiscoVnmcElement.applyFWRules(CiscoVnmcElement.java:657)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:548)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2472)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:504)
> at com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(FirewallManagerImpl.java:634)
> at com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(FirewallManagerImpl.java:674)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at com.cloud.network.firewall.FirewallManagerImpl.revokeFirewallRule(FirewallManagerImpl.java:687)
> at org.apache.cloudstack.api.command.user.firewall.CreateEgressFirewallRuleCmd.execute(CreateEgressFirewallRuleCmd.java:147)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-09 17:14:23,096 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-45) Complete async job-45, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: null
> 2013-05-09 17:14:23,123 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Executor-53:job-45) Sync queue (1) is currently empty
> 2013-05-09 17:14:22,958 INFO [cloud.api.ApiServer] (catalina-exec-5:null) (userId=3 accountId=3 sessionId=F7A1166AF52AE9647B9147F569AD7683) 10.144.6.19 -- GET command=createEgressFirewallRule&response=json&sessionkey=zynphD7KqJbmsaitAu1b9gOogUw%3D&protocol=tcp&cidrlist=10.0.0.0%2F00&networkid=7fac418a-19e7-4455-8e8c-1dc11b9200d3&startport=8080&endport=8080&_=1368100003217 200 { "createegressfirewallruleresponse" : {"id":"11","jobid":"9ad7ea78-c358-4367-a811-163a5b0d91d8"} }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira