You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Chandan Purushothama (JIRA)" <ji...@apache.org> on 2013/05/14 23:15:15 UTC
[jira] [Updated] (CLOUDSTACK-2487) NTier: Unable to create an ACL
rule on a Network Tier
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chandan Purushothama updated CLOUDSTACK-2487:
---------------------------------------------
Description:
================
Steps to Reproduce:
================
1. Create a VPC.
2. Create a Network Tier
3. Create an ACL rule on the Network Tier
==========
Observations:
==========
2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 14:03:18,673 INFO [cloud.api.ApiServer] (catalina-exec-17:null) Unable to find Vpc associated with the NetworkACL
2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
mysql> select * from network_acl_item;
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
| id | uuid | acl_id | start_port | end_port | state | protocol | created | icmp_code | icmp_type | traffic_type | cidr | number | action |
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
| 1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Deny |
| 2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Deny |
| 3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Allow |
| 4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Allow |
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
4 rows in set (0.00 sec)
mysql> select * from network_acl;
+----+---------------+--------------------------------------+--------+-------------------------------+
| id | name | uuid | vpc_id | description |
+----+---------------+--------------------------------------+--------+-------------------------------+
| 1 | default_deny | 28bf460a-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Deny All |
| 2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Allow All |
+----+---------------+--------------------------------------+--------+-------------------------------+
2 rows in set (0.00 sec)
mysql> select * from vpc \G
*************************** 1. row ***************************
id: 1
uuid: 50b453d4-4d7f-4538-9466-922627ccab80
name: Atoms-VPC-1
display_text: Atoms-VPC-1
cidr: 192.168.0.0/16
vpc_offering_id: 1
zone_id: 1
state: Enabled
domain_id: 1
account_id: 3
network_domain: atomsvpc1.lab.vmops.com
removed: NULL
created: 2013-05-13 21:44:15
restart_required: 0
1 row in set (0.00 sec)
was:
================
Steps to Reproduce:
================
1. Create a VPC.
2. Create a Network Tier
3. Create an ACL rule on the Network Tier
==========
Observations:
==========
2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 14:03:18,673 INFO [cloud.api.ApiServer] (catalina-exec-17:null) Unable to find Vpc associated with the NetworkACL
2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
mysql> select * from network_acl_item;
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
| id | uuid | acl_id | start_port | end_port | state | protocol | created | icmp_code | icmp_type | traffic_type | cidr | number | action |
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
| 1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Deny |
| 2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Deny |
| 3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Allow |
| 4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Allow |
+----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
4 rows in set (0.00 sec)
mysql> select * from network_acl;
+----+---------------+--------------------------------------+--------+-------------------------------+
| id | name | uuid | vpc_id | description |
+----+---------------+--------------------------------------+--------+-------------------------------+
| 1 | default_deny | 28bf460a-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Deny All |
| 2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Allow All |
+----+---------------+--------------------------------------+--------+-------------------------------+
2 rows in set (0.00 sec)
> NTier: Unable to create an ACL rule on a Network Tier
> -----------------------------------------------------
>
> Key: CLOUDSTACK-2487
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2487
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Priority: Blocker
> Fix For: 4.2.0
>
>
> ================
> Steps to Reproduce:
> ================
> 1. Create a VPC.
> 2. Create a Network Tier
> 3. Create an ACL rule on the Network Tier
> ==========
> Observations:
> ==========
> 2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> 2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 14:03:18,673 INFO [cloud.api.ApiServer] (catalina-exec-17:null) Unable to find Vpc associated with the NetworkACL
> 2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> mysql> select * from network_acl_item;
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | id | uuid | acl_id | start_port | end_port | state | protocol | created | icmp_code | icmp_type | traffic_type | cidr | number | action |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | 1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Deny |
> | 2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Deny |
> | 3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress | 0.0.0.0/0 | 1 | Allow |
> | 4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress | 0.0.0.0/0 | 2 | Allow |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> 4 rows in set (0.00 sec)
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name | uuid | vpc_id | description |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | 1 | default_deny | 28bf460a-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Deny All |
> | 2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 | 0 | Default Network ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> mysql> select * from vpc \G
> *************************** 1. row ***************************
> id: 1
> uuid: 50b453d4-4d7f-4538-9466-922627ccab80
> name: Atoms-VPC-1
> display_text: Atoms-VPC-1
> cidr: 192.168.0.0/16
> vpc_offering_id: 1
> zone_id: 1
> state: Enabled
> domain_id: 1
> account_id: 3
> network_domain: atomsvpc1.lab.vmops.com
> removed: NULL
> created: 2013-05-13 21:44:15
> restart_required: 0
> 1 row in set (0.00 sec)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira