[jira] [Commented] (CLOUDSTACK-2930) [VPC][VMware]Exception while applying the user created ACL with protocol as “All” to a tier.

Sun, 23 Jun 2013 22:58:30 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13691717#comment-13691717
 ] 

Mice Xia commented on CLOUDSTACK-2930:
--------------------------------------

Pranav,

after i revert commit 5e56e43e31dae8ec505db9b948dfaa476a96deb8, one is still 
not able to specifiy start/end port if choose protocol number. And I think it 
is by design and resonbale, unless we assume all protocols specified by 
protocol number is on layer-4.

-mice
                
>  [VPC][VMware]Exception while applying the user created ACL with protocol as 
> “All” to a tier.
> ---------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2930
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2930
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: manasaveloori
>            Assignee: Mice Xia
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> Steps:        
> 1.    Have a CS with advanced zone and VMwarehost.
> 2.    Create a VPC and a tier network
> 3.    Create a Network ACL list and a ACL rule under it with protocol field 
> as “All”
> 4.    Apply the rule to the tier .
> Observation:
> Observed the following exception:
> 2013-06-11 18:15:48,505 ERROR [utils.ssh.SshHelper] 
> (DirectAgent-137:10.147.40.29) SSH execution of command 
> /opt/cloud/bin/vpc_acl.sh  -d eth2 -i 10.0.1.1 -m 24 -a 
> Ingress:all:1:65535:0.0.0.0/0:ACCEPT:,Egress:all:1:65535:0.0.0.0/0:ACCEPT:, 
> has an error status code in return. result output: iptables v1.4.14: unknown 
> option "--dport"
> Try `iptables -h' or 'iptables --help' for more information.
> 2013-06-11 18:15:48,508 ERROR [vmware.resource.VmwareResource] 
> (DirectAgent-137:10.147.40.29) SetNetworkACLAnswer on domain router 
> 10.147.40.183 failed. message: iptables v1.4.14: unknown option "--dport"
> Try `iptables -h' or 'iptables --help' for more information.
> 2013-06-11 18:15:48,510 DEBUG [agent.manager.DirectAgentAttache] 
> (DirectAgent-137:null) Seq 1-1378812142: Response Received:
> 2013-06-11 18:15:48,510 DEBUG [agent.transport.Request] 
> (DirectAgent-137:null) Seq 1-1378812142: Processing:  { Ans: , MgmtId: 
> 6805241462820, via: 1, Ver: v1, Flags: 0, 
> [{"routing.SetNetworkACLAnswer":{"results":[null,null],"result":false,"wait":0}}]
>  }
> 2013-06-11 18:15:48,510 DEBUG [agent.transport.Request] 
> (Job-Executor-15:job-28) Seq 1-1378812142: Received:  { Ans: , MgmtId: 
> 6805241462820, via: 1, Ver: v1, Flags: 0, { SetNetworkACLAnswer } }
> 2013-06-11 18:15:48,511 ERROR [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-15:job-28) Unexpected exception while executing 
> org.apache.cloudstack.api.command.user.network.ReplaceNetworkACLListCmd
> com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is 
> unreachable: Unable to apply network acls on router
>         at 
> com.cloud.network.router.VirtualNetworkApplianceManagerImpl.applyRules(VirtualNetworkApplianceManagerImpl.java:3743)
>         at 
> com.cloud.network.router.VpcVirtualNetworkApplianceManagerImpl.applyNetworkACLs(VpcVirtualNetworkApplianceManagerImpl.java:717)
>         at 
> com.cloud.network.element.VpcVirtualRouterElement.applyNetworkACLs(VpcVirtualRouterElement.java:416)
>         at 
> com.cloud.network.vpc.NetworkACLManagerImpl.applyACLItemsToNetwork(NetworkACLManagerImpl.java:409)
>         at 
> com.cloud.network.vpc.NetworkACLManagerImpl.applyACLToNetwork(NetworkACLManagerImpl.java:337)
>         at 
> com.cloud.network.vpc.NetworkACLManagerImpl.replaceNetworkACL(NetworkACLManagerImpl.java:158)
>         at 
> com.cloud.network.vpc.NetworkACLServiceImpl.replaceNetworkACL(NetworkACLServiceImpl.java:233)
>         at 
> org.apache.cloudstack.api.command.user.network.ReplaceNetworkACLListCmd.execute(ReplaceNetworkACLListCmd.java:109)
>         at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
>         at 
> com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
>         at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>         at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:166)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>         at java.lang.Thread.run(Thread.java:679)
> 2013-06-11 18:15:48,513 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-15:job-28) Complete async job-28, jobStatus: 2, resultCode: 
> 530, result: Error Code: 530 Error text: Resource [DataCenter:1] is 
> unreachable: Unable to apply network acls on router
> 2013-06-11 18:15:50,096 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) 
> ===START===  10.252.192.69 -- GET  
> command=queryAsyncJobResult&jobId=c092d23d-ffca-4fa7-b433-54649bc54c49&response=json&sessionkey=ydkJIe0pKVxfZP3S8wS9PfFTNjY%3D&_=1370935298970
> 2013-06-11 18:15:50,117 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (catalina-exec-5:null) Async

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to