Kiran Koneti created CLOUDSTACK-3064: ----------------------------------------
Summary: Able to create VM from different account of the same domain without using Affinity group even the Zone is dedicated to an Account. Key: CLOUDSTACK-3064 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3064 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Install and Setup Affects Versions: 4.2.0 Reporter: Kiran Koneti Priority: Critical Fix For: 4.2.0 Below are the Steps followed. 1)Installed the CS and created multiple domains and accounts. 2)Under the Domain Kiran I have two users kiran1(domain Admin) and kiran2(normal user) 3)While creating a Zone in the initial steps dedicated the Zone to kiran1 account. 4)After the zone is created I tried to create aVM from the root domain user admin without using the affinity and with using the affinity group. 5)In both the scenarios the Vm creation failed with the correct error message. 6)Then I logged in using the account kiran2 under the domain Kiran. 7) I was able to create a the VM successfully using the account kiran2. Expected Result: The VM creation should be failed as the Zone is dedicated to the Account Kiran. The db table observations are as below: The user details of the account kiran2 is as follows mysql> select * from user where id=4\G; *************************** 1. row *************************** id: 4 uuid: d3af9081-bc4a-4da7-9fb1-c7672cf99522 username: kiran2 password: JSdBejexsnWkFaQF82rBk0V65tQ=:jAin6YPIi3UQQfs6+EjtW/y7Hcj6giGCWsG/2Aie5OA= account_id: 4 firstname: kiran lastname: 2 email: kir...@gmail.com state: enabled api_key: NULL secret_key: NULL created: 2013-06-19 11:30:22 removed: NULL timezone: NULL registration_token: NULL is_registered: 0 incorrect_login_attempts: 0 default: 0 1 row in set (0.00 sec) This Specifies that the account id of kiran2 is 4. The dedicated resources table is as below: mysql> select * from dedicated_resources; +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+ | id | uuid | data_center_id | pod_id | cluster_id | host_id | domain_id | account_id | +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+ | 1 | f0fa47dd-c11f-4d3d-a1a1-ae49c4e849bd | 1 | NULL | NULL | NULL | 2 | 3 | +----+--------------------------------------+----------------+--------+------------+---------+-----------+------------+ 1 row in set (0.00 sec) We can see the Zone is dedicated to the account 3 which is kiran1. The VM_instance table is as below: mysql> select * from vm_instance where id=5\G; *************************** 1. row *************************** id: 5 name: kiran21 uuid: 64c67210-10f9-4ee1-b79f-04e3e89c9062 instance_name: i-4-5-VM state: Running vm_template_id: 202 guest_os_id: 12 private_mac_address: 02:00:03:20:00:01 private_ip_address: 10.1.1.121 pod_id: 1 data_center_id: 1 host_id: 1 last_host_id: 1 proxy_id: NULL proxy_assign_time: NULL vnc_password: VIW4Bj9v/CMIgW9rkduIN0Pgp8Umij0KMZt61u+RjPo= ha_enabled: 0 limit_cpu_use: 0 update_count: 3 update_time: 2013-06-19 12:32:51 created: 2013-06-19 12:20:49 removed: NULL type: User vm_type: User account_id: 4 domain_id: 2 service_offering_id: 1 reservation_id: 3b3a4444-23d7-4aab-82a5-8311d123098d hypervisor_type: VMware disk_offering_id: NULL cpu: NULL ram: NULL owner: 4 speed: 500 host_name: kiran21 display_name: kiran21 desired_state: NULL display_vm: 1 1 row in set (0.00 sec) We can See the VM is created using the account_type is 4 which is kiran2. The affinity group table is as below: mysql> select * from affinity_group; +----+------+--------------------+--------------------------------------+-------------+-----------+------------+ | id | name | type | uuid | description | domain_id | account_id | +----+------+--------------------+--------------------------------------+-------------+-----------+------------+ | 1 | Eff1 | ExplicitDedication | 24af64b3-18ac-46c8-8111-55e26093153a | NULL | 1 | 2 | +----+------+--------------------+--------------------------------------+-------------+-----------+------------+ 1 row in set (0.00 sec) We can see that there is no affinity group created for the account 4(kiran2) or account3(kiran1) My setup details: I have a single Zone-->Pod-->Cluster-->Host setup which is dedicated to the account3(kiran1). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira