You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Kishan Kavala (JIRA)" <ji...@apache.org> on 2013/06/24 13:02:19 UTC

[jira] [Assigned] (CLOUDSTACK-3124) NTier: Deletion of NetworkACL List succeeds inspite of the existence of a Network that still uses it

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-3124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kishan Kavala reassigned CLOUDSTACK-3124:
-----------------------------------------

    Assignee: Kishan Kavala
    
> NTier: Deletion of NetworkACL List succeeds inspite of the existence of a Network that still uses it
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3124
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3124
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>            Reporter: Chandan Purushothama
>            Assignee: Kishan Kavala
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> ================================
> Successful Deletion of the NetworkACLList:
> ================================
> 2013-06-21 11:19:42,642 INFO  [cloud.api.ApiServer] (catalina-exec-12:null) (userId=2 accountId=2 sessionId=D2B96C0E48844A1B58B66B7930D01DAB) 10.252.120.177 -- GET command=deleteNetworkACLList&id=14877d25-a7cb-46b9-84de-1d6fa06b0b9c&response=json&sessionkey=bZH7EsX8%2Bsgv3TYtFphzZ2vwgEg%3D&_=1371838799751 200 { "deletenetworkacllistresponse" : {"jobid":"1b6136f1-071d-4d6e-8f4a-6e50f44c120d"} }
> 2013-06-21 11:19:45,781 INFO  [cloud.api.ApiServer] (catalina-exec-2:null) (userId=2 accountId=2 sessionId=D2B96C0E48844A1B58B66B7930D01DAB) 10.252.120.177 -- GET command=queryAsyncJobResult&jobId=1b6136f1-071d-4d6e-8f4a-6e50f44c120d&response=json&sessionkey=bZH7EsX8%2Bsgv3TYtFphzZ2vwgEg%3D&_=1371838802981 200 { "queryasyncjobresultresponse" : {"accountid":"7d2c2102-d907-11e2-b5ac-06cba2000705","userid":"7d2cb734-d907-11e2-b5ac-06cba2000705","cmd":"org.apache.cloudstack.api.command.user.network.DeleteNetworkACLListCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"success":true},"created":"2013-06-21T11:19:42-0700","jobid":"1b6136f1-071d-4d6e-8f4a-6e50f44c120d"} }
> ===================================
> Observe the Network ACL ID of the Network 204:
> ===================================
> mysql> select * from networks where id=204 \G
> *************************** 1. row ***************************
>                    id: 204
>                  name: Atoms-VPC-Net-1
>                  uuid: 8d1314a9-5009-4fd5-8d58-fbd67196e98e
>          display_text: Atoms-VPC-Net-1
>          traffic_type: Guest
> broadcast_domain_type: Vlan
>         broadcast_uri: vlan://2576
>               gateway: 192.168.10.1
>                  cidr: 192.168.10.0/24
>                  mode: Dhcp
>   network_offering_id: 11
>   physical_network_id: 200
>        data_center_id: 1
>             guru_name: ExternalGuestNetworkGuru
>                 state: Implemented
>               related: 204
>             domain_id: 1
>            account_id: 3
>                  dns1: NULL
>                  dns2: NULL
>             guru_data: NULL
>            set_fields: 0
>              acl_type: Account
>        network_domain: atomsvpcnet1.lab.vmops.com
>        reservation_id: 2c37f667-cfb1-49d9-97bb-221624006fb2
>            guest_type: Isolated
>      restart_required: 0
>               created: 2013-06-19 18:58:29
>               removed: NULL
>     specify_ip_ranges: 0
>                vpc_id: 1
>           ip6_gateway: NULL
>              ip6_cidr: NULL
>          network_cidr: NULL
>       display_network: 1
>        network_acl_id: 3
> 1 row in set (0.00 sec)
> =====================================================
> But the Network ACL entry is no longer present in the network_acl table:
> =====================================================
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name          | uuid                                 | vpc_id | description                   |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> |  1 | default_deny  | 7bff8cd8-d907-11e2-b5ac-06cba2000705 |      0 | Default Network ACL Deny All  |
> |  2 | default_allow | 7bffad44-d907-11e2-b5ac-06cba2000705 |      0 | Default Network ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> ==============================================================
> As per the FS at https://cwiki.apache.org/CLOUDSTACK/support-acl-deny-rules.html:
> ==============================================================
> deleteNetworkAclList - sync
> Deletes network ACL. If the container is assigned to any network, deletion will fail. ACL should not contain any ACLItems for deletion to succeed.
> Parameters:
>     id - uuid of the Network Acl (required)
> Response:
>     success - True if Network ACL is successfully removed, false otherwise

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira