[jira] [Commented] (CLOUDSTACK-9756) IP address must not be allocated to other VR if releasing ip address is failed

Thu, 02 Mar 2017 02:57:03 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15892059#comment-15892059
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9756:
--------------------------------------------

Github user jayapalu commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1917#discussion_r103897727
  
    --- Diff: engine/components-api/src/com/cloud/network/IpAddressManager.java 
---
    @@ -43,6 +43,9 @@
             "If true, when account has dedicated public ip range(s), once the 
ips dedicated to the account have been consumed ips will be acquired from the 
system pool",
             true, ConfigKey.Scope.Account);
     
    +    static final ConfigKey<Boolean> RulesContinueOnError = new 
ConfigKey<Boolean>("Advanced", Boolean.class, 
"network.rule.delete.ignoreerror", "true",
    --- End diff --
    
    To continue with the existing behavior it is set to true. If some one want 
to enable they can set to false.


>  IP address must not be allocated to other VR if releasing ip address is 
> failed
> -------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9756
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9756
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>             Fix For: 4.10.0.0
>
>
> Apply rule (delete) is success on failure of ip assoc on back end. Cloudstack 
> ignored the ip assoc failure.
> Due to this the ip got freed and assigned to another network/account. It 
> caused the ip to be present in more than one router.
> Fix: Failing the apply rule (delete) on ipassoc failure
> Repro steps:
> 1. Configure PF/static nat/Firewall rules
> 2. Delete the rule configured.
> On deleting the rule, fail the ip assoc on the router.
> 3. Delete rule fails because ip assoc got failed.
> For RVR:
> 1. acquire several public ips,
> 2. add some rules on those public ips, so ips should show up in RVR,
> 3. change ipassoc.sh in RVR, make it always returns error on disassociate ip.
> 4. disassociate ip from  UI, ip should  is freed even though disassociate 
> fails inside VR.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to