You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Kishan Kavala (JIRA)" <ji...@apache.org> on 2013/06/24 13:02:19 UTC
[jira] [Assigned] (CLOUDSTACK-3124) NTier: Deletion of NetworkACL
List succeeds inspite of the existence of a Network that still uses it
[ https://issues.apache.org/jira/browse/CLOUDSTACK-3124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kishan Kavala reassigned CLOUDSTACK-3124:
-----------------------------------------
Assignee: Kishan Kavala
> NTier: Deletion of NetworkACL List succeeds inspite of the existence of a Network that still uses it
> ----------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-3124
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3124
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Assignee: Kishan Kavala
> Priority: Critical
> Fix For: 4.2.0
>
>
> ================================
> Successful Deletion of the NetworkACLList:
> ================================
> 2013-06-21 11:19:42,642 INFO [cloud.api.ApiServer] (catalina-exec-12:null) (userId=2 accountId=2 sessionId=D2B96C0E48844A1B58B66B7930D01DAB) 10.252.120.177 -- GET command=deleteNetworkACLList&id=14877d25-a7cb-46b9-84de-1d6fa06b0b9c&response=json&sessionkey=bZH7EsX8%2Bsgv3TYtFphzZ2vwgEg%3D&_=1371838799751 200 { "deletenetworkacllistresponse" : {"jobid":"1b6136f1-071d-4d6e-8f4a-6e50f44c120d"} }
> 2013-06-21 11:19:45,781 INFO [cloud.api.ApiServer] (catalina-exec-2:null) (userId=2 accountId=2 sessionId=D2B96C0E48844A1B58B66B7930D01DAB) 10.252.120.177 -- GET command=queryAsyncJobResult&jobId=1b6136f1-071d-4d6e-8f4a-6e50f44c120d&response=json&sessionkey=bZH7EsX8%2Bsgv3TYtFphzZ2vwgEg%3D&_=1371838802981 200 { "queryasyncjobresultresponse" : {"accountid":"7d2c2102-d907-11e2-b5ac-06cba2000705","userid":"7d2cb734-d907-11e2-b5ac-06cba2000705","cmd":"org.apache.cloudstack.api.command.user.network.DeleteNetworkACLListCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"success":true},"created":"2013-06-21T11:19:42-0700","jobid":"1b6136f1-071d-4d6e-8f4a-6e50f44c120d"} }
> ===================================
> Observe the Network ACL ID of the Network 204:
> ===================================
> mysql> select * from networks where id=204 \G
> *************************** 1. row ***************************
> id: 204
> name: Atoms-VPC-Net-1
> uuid: 8d1314a9-5009-4fd5-8d58-fbd67196e98e
> display_text: Atoms-VPC-Net-1
> traffic_type: Guest
> broadcast_domain_type: Vlan
> broadcast_uri: vlan://2576
> gateway: 192.168.10.1
> cidr: 192.168.10.0/24
> mode: Dhcp
> network_offering_id: 11
> physical_network_id: 200
> data_center_id: 1
> guru_name: ExternalGuestNetworkGuru
> state: Implemented
> related: 204
> domain_id: 1
> account_id: 3
> dns1: NULL
> dns2: NULL
> guru_data: NULL
> set_fields: 0
> acl_type: Account
> network_domain: atomsvpcnet1.lab.vmops.com
> reservation_id: 2c37f667-cfb1-49d9-97bb-221624006fb2
> guest_type: Isolated
> restart_required: 0
> created: 2013-06-19 18:58:29
> removed: NULL
> specify_ip_ranges: 0
> vpc_id: 1
> ip6_gateway: NULL
> ip6_cidr: NULL
> network_cidr: NULL
> display_network: 1
> network_acl_id: 3
> 1 row in set (0.00 sec)
> =====================================================
> But the Network ACL entry is no longer present in the network_acl table:
> =====================================================
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name | uuid | vpc_id | description |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | 1 | default_deny | 7bff8cd8-d907-11e2-b5ac-06cba2000705 | 0 | Default Network ACL Deny All |
> | 2 | default_allow | 7bffad44-d907-11e2-b5ac-06cba2000705 | 0 | Default Network ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> ==============================================================
> As per the FS at https://cwiki.apache.org/CLOUDSTACK/support-acl-deny-rules.html:
> ==============================================================
> deleteNetworkAclList - sync
> Deletes network ACL. If the container is assigned to any network, deletion will fail. ACL should not contain any ACLItems for deletion to succeed.
> Parameters:
> id - uuid of the Network Acl (required)
> Response:
> success - True if Network ACL is successfully removed, false otherwise
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira