[jira] [Commented] (BROOKLYN-116) vcloud-director NAT service gave 403 "Access is forbidden"

Andrea Turli (JIRA) Mon, 12 Jan 2015 02:56:19 -0800

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273484#comment-14273484
 ]


Andrea Turli commented on BROOKLYN-116:
---------------------------------------

[~aled.sage],

you said `The previous commands in the same brooklyn instance from 2 hours 12 
mins previously had all succeeded.` but was also against the same 
vcloud-director instance with the same user?

An immediate check should be around `getVcloudAdminExtension` which could 
require an admin user which possibly you are not using in that vcloud air 
instance?

> vcloud-director NAT service gave 403 "Access is forbidden"
> ----------------------------------------------------------
>
>                 Key: BROOKLYN-116
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-116
>             Project: Brooklyn
>          Issue Type: Bug
>    Affects Versions: 0.7.0-SNAPSHOT
>            Reporter: Aled Sage
>
> When attempting to open a port over NAT in vcloud-director (in vcloud air), 
> it gave a 403 "Access is forbidden". The previous commands in the same 
> brooklyn instance from 2 hours 12 mins previously had all succeeded.
> This uses the VMware Java SDK - see 
> https://github.com/brooklyncentral/advanced-networking/blob/master/vcloud-director/src/main/java/brooklyn/networking/vclouddirector/NatService.java
> Had our session timed out, or does vcloud-director just sometimes give back a 
> 403 (meaning we have to backoff and retry)?
> We hadn't submitted any other vcloud-director requests in that 2 hour window, 
> so it is presumably not rate-limiting (though other users do share this same 
> network).
> {noformat}
> 2015-01-09 20:34:16,577 DEBUG b.l.a.PortForwardManagerImpl 
> [brooklyn-execmanager-e645V5OG-27]: PortForwardManagerImpl{id=vntgvw2b, 
> name=localhost, scope=global, mappingsSize=176} allocating public port 12010 
> on 23.92.230.21 (no association info yet)
> 2015-01-09 20:34:16,577 DEBUG b.n.vclouddirector.NatService 
> [brooklyn-execmanager-e645V5OG-27]: Opening port forwarding at 
> https://p5v1-vcd.vchs.vmware.com: PortForwardingConfig{protocol=tcp, 
> target=192.168.109.10:9990, networkId=null, publicIp=23.92.230.21, 
> publicPort=12010}
> 2015-01-09 20:34:16,577 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: GET URL - 
> https://p5v1-vcd.vchs.vmware.com/api/admin/extension
> 2015-01-09 20:34:16,578 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: GET URL - 
> https://p5v1-vcd.vchs.vmware.com/api/admin/extension
> 2015-01-09 20:34:16,578 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: GET URL - 
> https://p5v1-vcd.vchs.vmware.com/api/admin/extension
> 2015-01-09 20:34:17,364 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: Status Code - 403
> 2015-01-09 20:34:17,364 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: Status - Forbidden
> 2015-01-09 20:34:17,364 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: Response - <?xml version="1.0" 
> encoding="UTF-8"?>
> <Error xmlns="http://www.vmware.com/vcloud/v1.5"; majorErrorCode="403" 
> message="Access is forbidden" 
> minorErrorCode="ACCESS_TO_RESOURCE_IS_FORBIDDEN" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
> xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 
> http://10.10.30.3/api/v1.5/schema/master.xsd";></Error>
> 2015-01-09 20:34:17,365 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: Expected Status Code - 200
> 2015-01-09 20:34:17,365 INFO  com.vmware.vcloud.sdk 
> [brooklyn-execmanager-e645V5OG-27]: Actual Status Code - 403
> 2015-01-09 20:34:17,368 ERROR b.n.v.PortForwarderVcloudDirector 
> [brooklyn-execmanager-e645V5OG-27]: Failed creating port forwarding rule on 
> brooklyn.networking.vclouddirector.PortForwarderVcloudDirector@725ff90a to 
> 192.168.109.10:9990
> com.vmware.vcloud.sdk.VCloudException: Access is forbidden
>         at 
> com.vmware.vcloud.sdk.Response.handleUnExpectedResponse(Response.java:132) 
> ~[vcloud-java-sdk-5.5.0.jar:na]
>         at com.vmware.vcloud.sdk.SdkUtil.validateResponse(SdkUtil.java:189) 
> ~[vcloud-java-sdk-5.5.0.jar:na]
>         at com.vmware.vcloud.sdk.SdkUtil.get(SdkUtil.java:99) 
> ~[vcloud-java-sdk-5.5.0.jar:na]
>         at 
> com.vmware.vcloud.sdk.admin.extensions.VcloudAdminExtension.<init>(VcloudAdminExtension.java:97)
>  ~[vcloud-java-sdk-5.5.0.jar:na]
>         at 
> com.vmware.vcloud.sdk.VcloudClient.getVcloudAdminExtension(VcloudClient.java:741)
>  ~[vcloud-java-sdk-5.5.0.jar:na]
>         at 
> brooklyn.networking.vclouddirector.NatService.queryEdgeGateways(NatService.java:457)
>  ~[patch-nat-service.jar:na]
>         at 
> brooklyn.networking.vclouddirector.NatService.getEdgeGateway(NatService.java:425)
>  ~[patch-nat-service.jar:na]
>         at 
> brooklyn.networking.vclouddirector.NatService.openPortForwardingImpl(NatService.java:206)
>  ~[patch-nat-service.jar:na]
>         at 
> brooklyn.networking.vclouddirector.NatService.openPortForwarding(NatService.java:183)
>  ~[patch-nat-service.jar:na]
>         at 
> brooklyn.networking.vclouddirector.PortForwarderVcloudDirector.openPortForwarding(PortForwarderVcloudDirector.java:184)
>  [brooklyn-networking-vcloud-director-0.7.0-SNAPSHOT.jar:na]
>         at 
> brooklyn.networking.vclouddirector.PortForwarderVcloudDirector.openPortForwarding(PortForwarderVcloudDirector.java:164)
>  [brooklyn-networking-vcloud-director-0.7.0-SNAPSHOT.jar:na]
>         at 
> brooklyn.networking.subnet.PortForwarderClient.openPortForwarding(PortForwarderClient.java:150)
>  [brooklyn-networking-common-0.7.0-SNAPSHOT.jar:na]
>         at 
> brooklyn.networking.portforwarding.subnet.JcloudsPortforwardingSubnetMachineLocation.getSocketEndpointFor(JcloudsPortforwardingSubnetMachineLocation.java:50)
>  [brooklyn-networking-portforwarding-0.7.0-SNAPSHOT.jar:na]
>         at 
> brooklyn.location.access.BrooklynAccessUtils.getBrooklynAccessibleAddress(BrooklynAccessUtils.java:82)
>  [brooklyn-core-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at 
> brooklyn.entity.webapp.jboss.JBoss7ServerImpl.connectSensors(JBoss7ServerImpl.java:77)
>  [brooklyn-software-webapp-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at 
> brooklyn.entity.basic.SoftwareProcessDriverLifecycleEffectorTasks.postStartCustom(SoftwareProcessDriverLifecycleEffectorTasks.java:158)
>  [brooklyn-software-base-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at 
> brooklyn.entity.software.MachineLifecycleEffectorTasks$7.run(MachineLifecycleEffectorTasks.java:428)
>  [brooklyn-software-base-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) 
> [na:1.7.0_71]
>         at 
> brooklyn.util.task.DynamicSequentialTask$DstJob.call(DynamicSequentialTask.java:337)
>  [brooklyn-core-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at 
> brooklyn.util.task.BasicExecutionManager$SubmissionCallable.call(BasicExecutionManager.java:469)
>  [brooklyn-core-0.7.0-SNAPSHOT.jar:0.7.0-SNAPSHOT]
>         at java.util.concurrent.FutureTask.run(FutureTask.java:262) 
> [na:1.7.0_71]
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>  [na:1.7.0_71]
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>  [na:1.7.0_71]
>         at java.lang.Thread.run(Thread.java:745) [na:1.7.0_71]
> 2015-01-09 20:34:17,368 DEBUG b.l.a.PortForwardManagerImpl 
> [brooklyn-execmanager-e645V5OG-27]: recording public IP 
> urn:vcloud:vm:d41474bd-457b-4c71-aa75-30f32ef203d2 associated with 
> 23.92.230.21
> 2015-01-09 20:34:17,369 DEBUG b.l.a.PortForwardManagerImpl 
> [brooklyn-execmanager-e645V5OG-27]: PortForwardManagerImpl{id=vntgvw2b, 
> name=localhost, scope=global, mappingsSize=177} associating public 
> 23.92.230.21:12010 on urn:vcloud:vm:d41474bd-457b-4c71-aa75-30f32ef203d2 with 
> private port 9990 at SshMachineLocation[Canopy 
> vCHS:23.92.230.21/23.92.230.21:12001@MGLITmdG] 
> (PortMapping{publicIpId=urn:vcloud:vm:d41474bd-457b-4c71-aa75-30f32ef203d2:12010,
>  publicEndpoint=23.92.230.21:12010, targetLocation=SshMachineLocation[Canopy 
> vCHS:23.92.230.21/23.92.230.21:12001@MGLITmdG], targetPort=9990})
> 2015-01-09 20:34:17,369 DEBUG b.e.w.jboss.JBoss7ServerImpl 
> [brooklyn-execmanager-e645V5OG-27]: JBoss sensors for 
> JBoss7ServerImpl{id=aDQ59LM5} reading from 
> http://23.92.230.21:12010/management/subsystem/web/connector/http/read-resource
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (BROOKLYN-116) vcloud-director NAT service gave 403 "Access is forbidden"

Reply via email to