[ https://issues.apache.org/jira/browse/CLOUDSTACK-2585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailaja Mada closed CLOUDSTACK-2585. ------------------------------------ Regressed with latest Master. This issue is fixed now. We can created new PF rules after deleting existing RULES. There is no conflict now. Hence closing the bug. > Failed to apply new PF rules after deleting the existing PF Rule with Cisco > VNMC Provider > ----------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-2585 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2585 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Network Controller > Affects Versions: 4.2.0 > Reporter: Sailaja Mada > Assignee: Koushik Das > Priority: Critical > Fix For: 4.2.0 > > > Setup: Advanced Networking Zone with Nexus VMWARE Cluster > Steps: > 1. Create Guest network with Cisco VNMC provider as > Firewall/PF/SourceNAT/Static NAT provider offering > 2. Deploy VM using this guest network > 3. Acquire new public IP and configure PF (22-22),PF(80-80) with TCP ,53 to > 53 (UDP) rule > 4. Create 10.x cidr firewall rule from Source NAT IP > 5. Delete (22-22) PF rule from the public IP > 6. Try to create new PF rule (22-22) or any other. > Observation: > It failed to apply new PF rules after deleting the existing PF Rule > Exception: > 2013-05-20 16:45:33,646 ERROR [network.resource.CiscoVnmcResource] > (DirectAgent-359:null) SetPortForwardingRulesCommand failed due to Policy has > two rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102 > com.cloud.utils.exception.ExecutionException: Policy has two rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102 > at > com.cloud.network.cisco.CiscoVnmcConnectionImpl.verifySuccess(CiscoVnmcConnectionImpl.java:1370) > at > com.cloud.network.cisco.CiscoVnmcConnectionImpl.createTenantVDCPFRule(CiscoVnmcConnectionImpl.java:1028) > at > com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:573) > at > com.cloud.network.resource.CiscoVnmcResource.execute(CiscoVnmcResource.java:508) > at > com.cloud.network.resource.CiscoVnmcResource.executeRequest(CiscoVnmcResource.java:100) > at > com.cloud.agent.manager.DirectAgentAttache$Task.run(DirectAgentAttache.java:186) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:165) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > 2013-05-20 16:45:33,647 DEBUG [agent.manager.DirectAgentAttache] > (DirectAgent-359:null) Seq 5-1754464294: Response Received: > 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] > (DirectAgent-359:null) Seq 5-1754464294: Processing: { Ans: , MgmtId: > 214053811722752, via: 5, Ver: v1, Flags: 10, > [{"Answer":{"result":false,"details":"SetPortForwardingRulesCommand failed > due to Policy has two rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102","wait":0}}] } > 2013-05-20 16:45:33,647 DEBUG [agent.transport.Request] > (Job-Executor-81:job-48) Seq 5-1754464294: Received: { Ans: , MgmtId: > 214053811722752, via: 5, Ver: v1, Flags: 10, { Answer } } > 2013-05-20 16:45:33,647 DEBUG [agent.manager.AgentManagerImpl] > (Job-Executor-81:job-48) Details from executing class > com.cloud.agent.api.routing.SetPortForwardingRulesCommand: > SetPortForwardingRulesCommand failed due to Policy has two rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102 > 2013-05-20 16:45:33,647 ERROR [network.element.CiscoVnmcElement] > (Job-Executor-81:job-48) Unable to apply port forwarding rules to Cisco ASA > 1000v appliance due to: SetPortForwardingRulesCommand failed due to Policy > has two rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102. > 2013-05-20 16:45:33,648 WARN [network.rules.RulesManagerImpl] > (Job-Executor-81:job-48) Failed to apply port forwarding rules for ip due to > com.cloud.exception.ResourceUnavailableException: Resource [DataCenter:1] is > unreachable: Unable to apply port forwarding rules to Cisco ASA 1000v > appliance due to: SetPortForwardingRulesCommand failed due to Policy has two > rules > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-15, > > org-root/org-vlan-808/org-VDC-vlan-808/natpol-PF-vlan-808-10-102-196-232/rule-Rule-vlan-808-16 > with same order 102. > at > com.cloud.network.element.CiscoVnmcElement.applyPFRules(CiscoVnmcElement.java:754) > at > com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:565) > at > com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java:2504) > at > com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManagerImpl.java:509) > at > com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:846) > at > com.cloud.network.rules.RulesManagerImpl.applyPortForwardingRules(RulesManagerImpl.java:1029) > at > com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) > at > org.apache.cloudstack.api.command.user.firewall.CreatePortForwardingRuleCmd.execute(CreatePortForwardingRuleCmd.java:184) > at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155) > at > com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > 2013-05-20 16:45:33,683 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-81:job-48) Access to Rule[16-PortForwarding-Add] granted to > Acct[3-sailaja] by DomainChecker_EnhancerByCloudStack_816a0f1f -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira