You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Abhinav Roy (JIRA)" <ji...@apache.org> on 2013/04/18 14:01:19 UTC
[jira] [Created] (CLOUDSTACK-2088) [Dedicated Resources : Public IP
Addresses per tenant]Guest Network in a project acquires IPs at random even
from the IP ranges which are dedicated to other accounts
Abhinav Roy created CLOUDSTACK-2088:
---------------------------------------
Summary: [Dedicated Resources : Public IP Addresses per tenant]Guest Network in a project acquires IPs at random even from the IP ranges which are dedicated to other accounts
Key: CLOUDSTACK-2088
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2088
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Projects
Affects Versions: 4.2.0
Reporter: Abhinav Roy
Assignee: Likitha Shetty
Fix For: 4.2.0
Steps :
===============================
1. Deploy an advanced networking setup and create an account A1
2. Now login as user of account A1 and create a project P1.
3. Browse in to the project view, create a guest network and acquire IPs
Expected behaviour :
===============================
1. The project should acquire IPs from the system pool unless some IP range is dedicated specifically to that project account.
Observed behaviour :
===============================
1. The project network acquires IPs at random from any available range, it even acquires IPs from the ranges which are dedicated to some other account.
Example :
-------------------------------------------------------------
Consider a IP range whose vlan_db_id is 4
mysql> SELECT * FROM cloud.vlan where id=4;
+----+--------------------------------------+----------+--------------+---------------+-----------------------------+----------------+----------------+------------+---------------------+-------------+----------+-----------+
| id | uuid | vlan_id | vlan_gateway | vlan_netmask | description | vlan_type | data_center_id | network_id | physical_network_id | ip6_gateway | ip6_cidr | ip6_range |
+----+--------------------------------------+----------+--------------+---------------+-----------------------------+----------------+----------------+------------+---------------------+-------------+----------+-----------+
| 4 | 1edd2349-8183-4ac2-b1a0-47d5a7309070 | untagged | 10.102.192.1 | 255.255.252.0 | 10.102.195.37-10.102.195.40 | VirtualNetwork | 1 | 200 | 200 | NULL | NULL | NULL |
+----+--------------------------------------+----------+--------------+---------------+-----------------------------+----------------+----------------+------------+---------------------+-------------+----------+-----------+
2 rows in set (0.00 sec)
Now look in the account_vlan_map table and see to which account this range is mapped to
+----+------------+------------+
| id | account_id | vlan_db_id |
+----+------------+------------+
| 27 | 7 | 4 |
+----+------------+------------+
Again when we see in the user_ip_addresses table we find that some other account (no. 9 the project account) has been allocated the IPs which are dedicated to account 7
mysql> SELECT * FROM cloud.user_ip_address where account_id=9;
+----+--------------------------------------+------------+-----------+-------------------+----------------+------------+---------------------+------------+----------------+-------+-----------+-------------+-------------------+------------+---------------------+-----------+--------+-----------+
| id | uuid | account_id | domain_id | public_ip_address | data_center_id | source_nat | allocated | vlan_db_id | one_to_one_nat | vm_id | state | mac_address | source_network_id | network_id | physical_network_id | is_system | vpc_id | dnat_vmip |
+----+--------------------------------------+------------+-----------+-------------------+----------------+------------+---------------------+------------+----------------+-------+-----------+-------------+-------------------+------------+---------------------+-----------+--------+-----------+
| 15 | c34390a3-ce8c-4976-8fe9-c52a56422f24 | 9 | 4 | 10.102.195.34 | 1 | 1 | 2013-04-18 07:33:33 | 3 | 0 | NULL | Allocated | 25 | 200 | 211 | 200 | 0 | NULL | NULL |
| 16 | 1e25de1f-b51b-4a4d-8c93-203a3780a2ac | 9 | 4 | 10.102.195.35 | 1 | 0 | 2013-04-18 07:33:53 | 3 | 0 | NULL | Allocated | 26 | 200 | 211 | 200 | 0 | NULL | NULL |
| 17 | 8babc613-dfaf-4644-93fc-3efe01812e4a | 9 | 4 | 10.102.195.36 | 1 | 0 | 2013-04-18 10:58:11 | 3 | 0 | NULL | Allocated | 27 | 200 | 211 | 200 | 0 | NULL | NULL |
| 18 | 316c39cb-97d6-4c14-b766-9bc97a2c0fef | 9 | 4 | 10.102.195.37 | 1 | 0 | 2013-04-18 11:38:17 | 4 | 0 | NULL | Allocated | 28 | 200 | 211 | 200 | 0 | NULL | NULL |
| 19 | 82d0f50f-070f-4313-877d-21edf7f13c26 | 9 | 4 | 10.102.195.38 | 1 | 0 | 2013-04-18 11:43:59 | 4 | 0 | NULL | Allocated | 29 | 200 | 211 | 200 | 0 | NULL | NULL |
+----+--------------------------------------+------------+-----------+-------------------+----------------+------------+---------------------+------------+----------------+-------+-----------+-------------+-------------------+------------+---------------------+-----------+--------+-----------+
5 rows in set (0.00 sec)
mysql> SELECT * FROM cloud.account where id=9;
+----+------------------------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+
| id | account_name | uuid | type | domain_id | state | removed | cleanup_needed | network_domain | default_zone_id |
+----+------------------------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+
| 9 | PrjAcct-dom11-user-project-4 | 62ce573d-1dae-4ae2-a385-86cc2687efea | 5 | 4 | enabled | NULL | 0 | NULL | NULL |
+----+------------------------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+
1 row in set (0.00 sec)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira