[jira] [Created] (CLOUDSTACK-2491) NTier: Creation of ACL Rule for protocol AH (51) and ESP (50) Fails

[Chandan Purushothama (JIRA)]

Chandan Purushothama created CLOUDSTACK-2491:
------------------------------------------------

             Summary: NTier: Creation of ACL Rule for protocol AH (51) and ESP 
(50) Fails
                 Key: CLOUDSTACK-2491
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2491
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.2.0
            Reporter: Chandan Purushothama
            Priority: Blocker
             Fix For: 4.2.0



================
Steps to Reproduce:
================ 

1. Create a VPC.
2. Create a Network Tier
3. Create an ACL rule on the Network Tier with protocol AH(51)
4  Create an ACL rule on the Network Tier with protocol ESP (50)

==========
Observations:
==========

**Creation of ACL Rules with Protocol 51** 

2013-05-14 15:02:45,842 DEBUG [cloud.api.ApiServlet] (catalina-exec-3:null) 
===START===  10.216.133.86 -- GET  
command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=51&startport=81&endport=82&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569008881
2013-05-14 15:02:45,849 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-3:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by 
DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:02:45,853 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-3:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] 
by DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:02:45,879 DEBUG [cloud.async.AsyncJobManagerImpl] 
(catalina-exec-3:null) submit async job-22, details: AsyncJobVO {id:22, userId: 
3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 11, cmd: 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, 
cmdOriginator: null, cmdInfo: 
{"sessionkey":"1ew3VD0LppS+SreQld9FNtVnLwo\u003d","protocol":"51","ctxUserId":"3","traffictype":"Ingress","httpmethod":"GET","startport":"81","endport":"82","response":"json","id":"11","cidrlist":"10.223.195.44/32","_":"1368569008881","ctxAccountId":"3","networkid":"bcc163c5-c23f-4b47-a0c8-562b8460b3fe","ctxStartEventId":"78"},
 cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, 
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-05-14 15:02:45,881 DEBUG [cloud.api.ApiServlet] (catalina-exec-3:null) 
===END===  10.216.133.86 -- GET  
command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=51&startport=81&endport=82&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569008881
2013-05-14 15:02:45,882 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-9:job-22) Executing 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd for job-22
2013-05-14 15:02:45,887 DEBUG [cloud.user.AccountManagerImpl] 
(Job-Executor-9:job-22) Access to Acct[3-atoms] granted to Acct[3-atoms] by 
DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:02:45,897 DEBUG 
[network.router.VirtualNetworkApplianceManagerImpl] (Job-Executor-9:job-22) 
Applying network acls in network Ntwk[206|Guest|11]
2013-05-14 15:02:45,907 DEBUG [cloud.network.NetworkModelImpl] 
(Job-Executor-9:job-22) Service SecurityGroup is not supported in the network 
id=206
2013-05-14 15:02:45,918 DEBUG [agent.transport.Request] (Job-Executor-9:job-22) 
Seq 1-1228472477: Sending  { Cmd , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 100001, 
[{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}]
 }
2013-05-14 15:02:45,921 DEBUG [agent.transport.Request] (Job-Executor-9:job-22) 
Seq 1-1228472477: Executing:  { Cmd , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 100001, 
[{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}]
 }
2013-05-14 15:02:45,921 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-117:null) Seq 1-1228472477: Executing request
2013-05-14 15:02:46,005 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-355:null) Seq 1-1228472325: Response Received:
2013-05-14 15:02:46,005 DEBUG [agent.transport.Request] (DirectAgent-355:null) 
Seq 1-1228472325: Processing:  { Ans: , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 10, 
[{"ClusterSyncAnswer":{"_clusterId":1,"_newStates":{},"_isExecuted":false,"result":true,"wait":0}}]
 }
2013-05-14 15:02:46,641 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-117:null) Seq 1-1228472477: Response Received:
2013-05-14 15:02:46,642 DEBUG [agent.transport.Request] (DirectAgent-117:null) 
Seq 1-1228472477: Processing:  { Ans: , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 0, 
[{"routing.SetNetworkACLAnswer":{"results":["Failed","Failed","Failed","Failed","Failed","Failed","Failed","Failed","Failed"],"result":false,"wait":0}}]
 }
2013-05-14 15:02:46,642 DEBUG [agent.transport.Request] (Job-Executor-9:job-22) 
Seq 1-1228472477: Received:  { Ans: , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 0, { SetNetworkACLAnswer } }
2013-05-14 15:02:46,643 ERROR [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-9:job-22) Unexpected exception while executing 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd
com.cloud.exception.InvalidParameterValueException: ACL Items in default ACL 
cannot be deleted
        at 
com.cloud.network.vpc.NetworkACLServiceImpl.revokeNetworkACLItem(NetworkACLServiceImpl.java:449)
        at 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd.execute(CreateNetworkACLCmd.java:227)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
        at 
com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:679)
2013-05-14 15:02:46,644 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-9:job-22) Complete async job-22, jobStatus: 2, resultCode: 530, 
result: Error Code: 530 Error text: ACL Items in default ACL cannot be deleted

**Creation of ACL Rules with Protocol 50** 

2013-05-14 15:08:53,485 DEBUG [cloud.api.ApiServlet] (catalina-exec-20:null) 
===START===  10.216.133.86 -- GET  
command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=50&startport=82&endport=83&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569376535
2013-05-14 15:08:53,492 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-20:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by 
DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:08:53,496 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-20:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] 
by DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:08:53,519 DEBUG [cloud.async.AsyncJobManagerImpl] 
(catalina-exec-20:null) submit async job-23, details: AsyncJobVO {id:23, 
userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 12, 
cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, 
cmdOriginator: null, cmdInfo: 
{"sessionkey":"1ew3VD0LppS+SreQld9FNtVnLwo\u003d","protocol":"50","ctxUserId":"3","traffictype":"Ingress","httpmethod":"GET","startport":"82","endport":"83","response":"json","id":"12","cidrlist":"10.223.195.44/32","_":"1368569376535","ctxAccountId":"3","networkid":"bcc163c5-c23f-4b47-a0c8-562b8460b3fe","ctxStartEventId":"80"},
 cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, 
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-05-14 15:08:53,520 DEBUG [cloud.api.ApiServlet] (catalina-exec-20:null) 
===END===  10.216.133.86 -- GET  
command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=50&startport=82&endport=83&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569376535
2013-05-14 15:08:53,522 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-10:job-23) Executing 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd for job-23
2013-05-14 15:08:53,527 DEBUG [cloud.user.AccountManagerImpl] 
(Job-Executor-10:job-23) Access to Acct[3-atoms] granted to Acct[3-atoms] by 
DomainChecker_EnhancerByCloudStack_32dba8cb
2013-05-14 15:08:53,538 DEBUG 
[network.router.VirtualNetworkApplianceManagerImpl] (Job-Executor-10:job-23) 
Applying network acls in network Ntwk[206|Guest|11]
2013-05-14 15:08:53,547 DEBUG [cloud.network.NetworkModelImpl] 
(Job-Executor-10:job-23) Service SecurityGroup is not supported in the network 
id=206
2013-05-14 15:08:53,559 DEBUG [agent.transport.Request] 
(Job-Executor-10:job-23) Seq 1-1228472494: Sending  { Cmd , MgmtId: 
7508777239729, via: 1, Ver: v1, Flags: 100001, 
[{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9},{"id":0,"vlanTag":"2072","protocol":"50","portRange":[82,83],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":10}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}]
 }
2013-05-14 15:08:53,561 DEBUG [agent.transport.Request] 
(Job-Executor-10:job-23) Seq 1-1228472494: Executing:  { Cmd , MgmtId: 
7508777239729, via: 1, Ver: v1, Flags: 100001, 
[{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9},{"id":0,"vlanTag":"2072","protocol":"50","portRange":[82,83],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":10}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}]
 }
2013-05-14 15:08:53,562 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-32:null) Seq 1-1228472494: Executing request
2013-05-14 15:08:55,909 DEBUG [storage.secondary.SecondaryStorageManagerImpl] 
(secstorage-1:null) Zone 1 is ready to launch secondary storage VM
2013-05-14 15:08:56,179 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] 
(consoleproxy-1:null) Zone 1 is ready to launch console proxy
2013-05-14 15:08:56,621 DEBUG [cloud.api.ApiServlet] (catalina-exec-19:null) 
===START===  10.216.133.86 -- GET  
command=queryAsyncJobResult&jobId=f257cf39-9efb-49ec-977d-a6b60ef1a5f3&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&_=1368569379648
2013-05-14 15:08:56,637 DEBUG [cloud.api.ApiServlet] (catalina-exec-19:null) 
===END===  10.216.133.86 -- GET  
command=queryAsyncJobResult&jobId=f257cf39-9efb-49ec-977d-a6b60ef1a5f3&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&_=1368569379648
2013-05-14 15:08:56,936 DEBUG [agent.manager.DirectAgentAttache] 
(DirectAgent-32:null) Seq 1-1228472494: Response Received:
2013-05-14 15:08:56,936 DEBUG [agent.transport.Request] (DirectAgent-32:null) 
Seq 1-1228472494: Processing:  { Ans: , MgmtId: 7508777239729, via: 1, Ver: v1, 
Flags: 0, 
[{"routing.SetNetworkACLAnswer":{"results":["Failed","Failed","Failed","Failed","Failed","Failed","Failed","Failed","Failed","Failed"],"result":false,"wait":0}}]
 }
2013-05-14 15:08:56,936 DEBUG [agent.transport.Request] 
(Job-Executor-10:job-23) Seq 1-1228472494: Received:  { Ans: , MgmtId: 
7508777239729, via: 1, Ver: v1, Flags: 0, { SetNetworkACLAnswer } }
2013-05-14 15:08:56,938 ERROR [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-10:job-23) Unexpected exception while executing 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd
com.cloud.exception.InvalidParameterValueException: ACL Items in default ACL 
cannot be deleted
        at 
com.cloud.network.vpc.NetworkACLServiceImpl.revokeNetworkACLItem(NetworkACLServiceImpl.java:449)
        at 
org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd.execute(CreateNetworkACLCmd.java:227)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
        at 
com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:679)
2013-05-14 15:08:56,938 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-10:job-23) Complete async job-23, jobStatus: 2, resultCode: 530, 
result: Error Code: 530 Error text: ACL Items in default ACL cannot be deleted

=============
On The VPC VR:
=============

May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::51:81:82:10.223.195.44/32
May 14 14:04:37 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::51:81:82:10.223.195.44/32
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:10:47 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira