[jira] [Created] (CLOUDSTACK-2496) NTier: Even If one ACL item fails to get programmed on the VPC VR, all the remaining ACL items in the container fail to get programmed on the VPC VR

Chandan Purushothama (JIRA) Tue, 14 May 2013 17:44:16 -0700

Chandan Purushothama created CLOUDSTACK-2496:
------------------------------------------------


             Summary: NTier: Even If one ACL item fails to get programmed on 
the VPC VR, all the remaining ACL items in the container fail to get programmed 
on the VPC VR
                 Key: CLOUDSTACK-2496
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2496
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.2.0
            Reporter: Chandan Purushothama
             Fix For: 4.2.0



===========
Observations:
===========

Multiple ACL Rules are stuck in "Add" state.

mysql> select * from network_acl_item where state="Add";
+----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
| id | uuid                                 | acl_id | start_port | end_port | 
state | protocol | created             | icmp_code | icmp_type | traffic_type | 
cidr             | number | action |
+----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
| 11 | 12b84275-d2d1-4845-80ee-02f9594338cf |      1 |         81 |       82 | 
Add   | 51       | 2013-05-14 22:02:45 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |      9 | Allow  |
| 12 | 582d0151-9a01-4070-a231-5b53fe4b52cc |      1 |         82 |       83 | 
Add   | 50       | 2013-05-14 22:08:53 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     10 | Allow  |
| 13 | 28119c8a-6099-42ef-94cb-762471d77192 |      1 |         83 |       84 | 
Add   | 47       | 2013-05-14 22:09:59 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     11 | Allow  |
| 14 | b7e5a82b-a952-4e4c-b572-06758bc067f1 |      1 |         84 |       85 | 
Add   | 40       | 2013-05-14 22:10:51 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     12 | Allow  |
| 15 | 7abb418f-86c5-4786-9f0c-aab4fe84174b |      1 |         85 |       86 | 
Add   | 132      | 2013-05-14 22:12:46 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     13 | Allow  |
| 16 | 4366b81f-788d-424f-964a-45194a491354 |      1 |         86 |       87 | 
Add   | 33       | 2013-05-14 22:13:10 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     14 | Allow  |
| 17 | 24aba3f4-db6c-4f67-9c93-b2596201d5b6 |      1 |         99 |      100 | 
Add   | 92       | 2013-05-14 22:16:36 |      NULL |      NULL | Ingress      | 
10.223.195.44/32 |     15 | Allow  |
+----+--------------------------------------+--------+------------+----------+-------+----------+---------------------+-----------+-----------+--------------+------------------+--------+--------+
7 rows in set (0.00 sec)

On the VPC VR, On every ACL Rule creation, the programming fails during the 
first rule and doesn't attempt to program the remaining ACL Rules on the VPC VR.

May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:56:67:10.223.131.170/32
May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:49 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:44:45:10.223.195.44/32
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::17:79:80:10.223.195.44/32
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::tcp:22:23:10.223.195.44/32
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::udp:23:24:10.223.195.44/32
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::all:0:0:0.0.0.0/0
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:03:50 r-3-NTIER cloud: vpc_acl.sh: deleting backup for guest network: 
192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::51:81:82:10.223.195.44/32
May 14 14:04:37 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::51:81:82:10.223.195.44/32
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:04:37 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:10:47 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:10:47 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:11:53 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:11:53 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::6:80:81:10.223.131.170/32
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: successful in applying fw rules 
for guest network: 192.168.10.1/24
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:12:44 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:12:44 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:14:38 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:14:38 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:15:04 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:15:04 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24
May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: enter apply acl rules for guest 
network: 192.168.10.1/24, inbound::50:82:83:10.223.195.44/32
May 14 14:18:27 r-3-NTIER cloud: Error adding iptables entry for guest network 
: 192.168.10.1/24,inbound::50:82:83:10.223.195.44/32
May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: exit apply acl rules for guest 
network : 192.168.10.1/24
May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: failure to apply fw rules for 
guest network: 192.168.10.1/24
May 14 14:18:27 r-3-NTIER cloud: vpc_acl.sh: restoring from backup for guest 
network: 192.168.10.1/24


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (CLOUDSTACK-2496) NTier: Even If one ACL item fails to get programmed on the VPC VR, all the remaining ACL items in the container fail to get programmed on the VPC VR

Reply via email to