You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sailaja Mada (JIRA)" <ji...@apache.org> on 2013/06/20 13:56:20 UTC
[jira] [Closed] (CLOUDSTACK-2585) Failed to apply new PF rules
after deleting the existing PF Rule with Cisco VNMC Provider
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Mada closed CLOUDSTACK-2585.
------------------------------------
Regressed with latest Master. This issue is fixed now. We can created new PF rules after deleting existing RULES. There is no conflict now. Hence closing the bug.
> Failed to apply new PF rules after deleting the existing PF Rule with Cisco VNMC Provider
> -----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Priority: Critical
> Fix For: 4.2.0
>
>
> Setup: Advanced Networking Zone with Nexus VMWARE Cluster
> Steps:
> 1. Create Guest network with Cisco VNMC provider as Firewall/PF/SourceNAT/Static NAT provider offering
> 2. Deploy VM using this guest network
> 3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to 53 (UDP) rule
> 4. Create 10.x cidr firewall rule from Source NAT IP
> 5. Delete (22-22) PF rule from the public IP
> 6. Try to create new PF rule (22-22) or any other.
> Observation:
> It failed to apply new PF rules after deleting the existing PF Rule
> Exception:
> 2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource] (DirectAgent-359:null) SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> com.cloud.utils.exception.ExecutionException: Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370)
> at com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573)
> at com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508)
> at com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100)
> at com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache] (DirectAgent-359:null) Seq 5-1754464294: Response Received:
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (DirectAgent-359:null) Seq 5-1754464294: Processing: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102","wait":0}}] }
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] (Job-Executor-81:job-48) Seq 5-1754464294: Received: { Ans: , MgmtId: 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } }
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl] (Job-Executor-81:job-48) Details from executing class com.cloud.agent.api.routing.SetPortForwardingRulesCommand: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102
> 2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement] (Job-Executor-81:job-48) Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> 2013-05-20 16:45:33,648 WARN [network.rules.RulesManagerImpl] (Job-Executor-81:job-48) Failed to apply port forwarding rules for ip due to
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy has two rules org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 with same order 102.
> at com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565)
> at com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504)
> at com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846)
> at com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-81:job-48) Access to Rule[16-PortForwarding-Add] granted to Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira