[
https://issues.apache.org/jira/browse/CLOUDSTACK-2585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689172#comment-13689172
]
Sailaja Mada edited comment on CLOUDSTACK-2585 at 6/20/13 11:55 AM:
--------------------------------------------------------------------
Regressed with latest Master. This issue is fixed now. We can create new PF
rules after deleting the existing RULES. There is no conflict now. Hence
closing the bug.
was (Author: sailaja):
Regressed with latest Master. This issue is fixed now. We can created new
PF rules after deleting existing RULES. There is no conflict now. Hence
closing the bug.
> Failed to apply new PF rules after deleting the existing PF Rule with Cisco
> VNMC Provider
> -----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Priority: Critical
> Fix For: 4.2.0
>
>
> Setup: Advanced Networking Zone with Nexus VMWARE Cluster
> Steps:
> 1. Create Guest network with Cisco VNMC provider as
> Firewall/PF/SourceNAT/Static NAT provider offering
> 2. Deploy VM using this guest network
> 3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to
> 53 (UDP) rule
> 4. Create 10.x cidr firewall rule from Source NAT IP
> 5. Delete (22-22) PF rule from the public IP
> 6. Try to create new PF rule (22-22) or any other.
> Observation:
> It failed to apply new PF rules after deleting the existing PF Rule
> Exception:
> 2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource]
> (DirectAgent-359:null) SetPortForwardingRulesCommand failed due to Policy has
> two rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102
> com.cloud.utils.exception.ExecutionException: Policy has two rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102
> at
> com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370)
> at
> com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028)
> at
> com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573)
> at
> com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508)
> at
> com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100)
> at
> com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache]
> (DirectAgent-359:null) Seq 5-1754464294: Response Received:
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request]
> (DirectAgent-359:null) Seq 5-1754464294: Processing: { Ans: , MgmtId:
> 214053811722752, via: 5, Ver: v1, Flags: 10,
> [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand failed
> due to Policy has two rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102","wait":0}}] }
> 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request]
> (Job-Executor-81:job-48) Seq 5-1754464294: Received: { Ans: , MgmtId:
> 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } }
> 2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl]
> (Job-Executor-81:job-48) Details from executing class
> com.cloud.agent.api.routing.SetPortForwardingRulesCommand:
> SetPortForwardingRulesCommand failed due to Policy has two rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102
> 2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement]
> (Job-Executor-81:job-48) Unable to apply port forwarding rules to Cisco ASA
> 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy
> has two rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102.
> 2013-05-20 16:45:33,648 WARN [network.rules.RulesManagerImpl]
> (Job-Executor-81:job-48) Failed to apply port forwarding rules for ip due to
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is
> unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v
> appliance due to: SetPortForwardingRulesCommand failed due to Policy has two
> rules
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15,
>
> org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16
> with same order 102.
> at
> com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754)
> at
> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565)
> at
> com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504)
> at
> com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509)
> at
> com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846)
> at
> com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029)
> at
> com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at
> org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
> at
> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
> 2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl]
> (Job-Executor-81:job-48) Access to Rule[16-PortForwarding-Add] granted to
> Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
