KuasarCloud opened a new issue, #6590:
URL: https://github.com/apache/cloudstack/issues/6590
##### ISSUE TYPE
* Bug Report
##### COMPONENT NAME
API, UI
##### CLOUDSTACK VERSION
ACS 4.15.2.0
##### CONFIGURATION
Advanced Network with VPC
##### OS / ENVIRONMENT
Hypervisor KVM
##### SUMMARY
When using a domain controller user in ACS to deploy CreateLoadBalancer I
am receiving a “531 Unable to use network with id=
498611f9-xxx-4030-aa10-e7d7ad062d1a, permission denied”
##### LOGS
Apilog
*****
2022-07-27 11:34:57,218 INFO [a.c.c.a.ApiServer]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
(userId=4 accountId=4 sessionId=null) 192.168.xxx.xxx -- GET
algorithm=source&apiKey=GoHebItTOdSc4zf5NcwxDxRo&command=createLoadBalancer&description=lb01&instanceport=8080&name=lb01&networkid=498611f9-xxxx-4030-aa10-e7d7ad062d1a&response=json&scheme=Internal&sourceipaddressnetworkid=498611f9-cd93-4030-aa10-e7d7ad062d1a&sourceport=8080&signature=gB%2BseI8Ku7ZCN9drw
531 Unable to use network with id= 498611f9-xxxx-4030-aa10-e7d7ad062d1a,
permission denied
Management-server
*****************
2022-07-27 11:34:57,198 DEBUG [c.c.a.ApiServlet]
(qtp2109798150-1192:ctx-de4123f6) (logid:b8e0600b) ===START=== 192.168.xx.xx--
GET algorithm=source&apiKey=GoHebItTOdSc4zf5NcwxDxR
&command=createLoadBalancer&description=lb01&instanceport=8080&name=lb01&networkid=498611f9-xxxx-4030-aa10-e7d7ad062d1a&response=json&scheme=Internal&sourceipaddressnetworkid=498611f9-xxx-4030-aa10-e7d7ad062d1a&sourceport=8080&signature=gB%2BseI8Ku7ZCN9drw3Lxqdo%2Bj8k%3D
2022-07-27 11:34:57,201 DEBUG [c.c.a.ApiServer]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc) (logid:b8e0600b) CIDRs from
which account 'Acct[c5aac4a3-xxxx-43a9-8117-eb2fa34fdca5-cocentrodemo1control]'
is allowed to perform API calls: 0.0.0.0/0,::/0
2022-07-27 11:34:57,205 DEBUG [o.a.c.a.BaseCmd]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
Ignoring paremeter fordisplay as the caller is not authorized to pass it in
2022-07-27 11:34:57,207 DEBUG [c.c.u.AccountManagerImpl]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
Access to
Acct[39efe918-df79-45ec-b8f0-302c6d44dfa9-PrjAcct-624349294c0efe30d9ec0fd6-3]
granted to Acct[026a2cc9-xxxx-447a-9bf3-6a749fae743a-demo1control] by
DomainChecker
2022-07-27 11:34:57,209 DEBUG [o.a.c.a.BaseCmd]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
Ignoring paremeter fordisplay as the caller is not authorized to pass it in
2022-07-27 11:34:57,217 INFO [c.c.a.ApiServer]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
PermissionDenied: Unable to use network with id=
498611f9-xxxx-4030-aa10-e7d7ad062d1a, permission denied on objs: []
2022-07-27 11:34:57,218 DEBUG [c.c.a.ApiServlet]
(qtp2109798150-1192:ctx-de4123f6 ctx-f93ec0cc ctx-8c0287a4) (logid:b8e0600b)
===END=== 192.168. === 192.168.xx.xx -- GET
algorithm=source&apiKey=GoHebItTOdSc4zf5NcwxDxRo5v1FeY&command=createLoadBalancer&description=lb01&instanceport=8080&name=lb01&networkid=498611f9-xxx-4030-aa10-e7d7ad062d1a&response=json&scheme=Internal&sourceipaddressnetworkid=498611f9-xxxx-4030-aa10-e7d7ad062d1a&sourceport=8080&signature=gB%2BseI8Ku7ZCN9drw3Lxqdo%2Bj8k%3D
2022-07-27 11:34:57,566 DEBUG [c.c.a.m.AgentManagerImpl]
(AgentManager-Handler-12:null) (logid:) SeqA 47-30512: Processing Seq 47-30512:
{ Cmd , MgmtId: -1, via: 47, Ver: v1, Flags: 11,
[{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":"7557","_loadInfo":"{
"connections": []
##### STEPS TO REPRODUCE
Using Domain Controller User/API go to VPC-> Network (tier) -> Create
Internal LB
##### EXPECTED RESULTS
Internal LB created for the Tier in the VPC
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
