My mistake, I was referring to Citrix 3.0.3 release. Looks like there is a bug in 3.0.2 version. All the Firewall/PF/LB rules should apply successfully when the VR is in Stopped state, but based on your log it's not happening. Could you please file a bug, and it will be fixed in the future release.
Meanwhile there are 2 workarounds for the problem: * Before deleting the network, remove all Firewall rules. But this one might be time consuming if you have lots of rules. * destroy the Virtual router before deleting the network. -Alena. On 6/14/12 9:32 AM, "Tamas Monos" <tam...@veber.co.uk> wrote: >Hi, > >I have 3.0.2-1. >Is 3.0.3 released for CentOS? Where is it? Can't find on sourceforge. > >Regards > >Tamas Monos DDI >+44(0)2034687012 >Chief Technical Office >+44(0)2034687000 >Veber: The Hosting Specialists Fax +44(0)871 522 >7057 >http://www.veber.co.uk > >Follow us on Twitter: www.twitter.com/veberhost >Follow us on Facebook: www.facebook.com/veberhost > >-----Original Message----- >From: Alena Prokharchyk [mailto:alena.prokharc...@citrix.com] >Sent: 14 June 2012 17:25 >To: cloudstack-dev@incubator.apache.org >Subject: Re: Cannot delete network > > >What version of cloudStack is it? 3.0.2 or 3.0.3? > >-Alena. > > >On 6/14/12 4:06 AM, "Tamas Monos" <tam...@veber.co.uk> wrote: > >>Hi, >> >>If I want to delete a network I get: >> >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:53:35,185 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] >>(Job-Executor-46:job-665) Router r-73-VM is in Stopped, so not sending >>apply ip association commands to the backend >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:53:35,195 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] >>(Job-Executor-46:job-665) Router r-73-VM is in Stopped, so not sending >>apply firewall rules commands to the backend >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:53:35,206 ERROR [cloud.api.ApiDispatcher] (Job-Executor-46:job-665) >>Exception while executing DeleteNetworkCmd: >>/var/log/cloud/management/management-server.log.2012-05-09.gz:com.cloud >>.ut >>ils.exception.CloudRuntimeException: Failed to apply firewall rules in >>network 212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.element.VirtualRouterElement.applyFWRules(VirtualRout >>erE >>lement.java:203) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.NetworkManagerImpl.applyIpAssociations(NetworkManager >>Imp >>l.java:913) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.NetworkManagerImpl.applyRules(NetworkManagerImpl.java >>:31 >>19) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.firewall.FirewallManagerImpl.applyRules(FirewallManag >>erI >>mpl.java:374) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.firewall.FirewallManagerImpl.applyFirewallRules(Firew >>all >>ManagerImpl.java:424) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.firewall.FirewallManagerImpl.revokeAllFirewallRulesFo >>rNe >>twork(FirewallManagerImpl.java:569) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.NetworkManagerImpl.cleanupNetworkResources(NetworkMan >>age >>rImpl.java:5278) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.NetworkManagerImpl.destroyNetwork(NetworkManagerImpl. >>jav >>a:3000) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.network.NetworkManagerImpl.deleteNetwork(NetworkManagerImpl.j >>ava >>:2861) >>/var/log/cloud/management/management-server.log.2012-05-09.gz: at >>com.cloud.api.commands.DeleteNetworkCmd.execute(DeleteNetworkCmd.java:6 >>5) >> >>I have to delete the router to make it work. >> >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,378 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to associate >>ip addresses on the backend; virtual router doesn't exist in the >>network >>212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,389 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to apply >>firewall rules on the backend; virtual router doesn't exist in the >>network 212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,417 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to apply >>firewall rules on the backend; virtual router doesn't exist in the >>network 212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,417 DEBUG [cloud.network.NetworkManagerImpl] >>(AccountChecker-1:null) Network Rules for network 212 were handled by >>VirtualRouter >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,455 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to associate >>ip addresses on the backend; virtual router doesn't exist in the >>network >>212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,468 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to apply >>firewall rules on the backend; virtual router doesn't exist in the >>network 212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,485 DEBUG [network.firewall.FirewallManagerImpl] >>(AccountChecker-1:null) Successfully released firewall rules for >>network >>id=212 and # of rules now = 0 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,485 DEBUG [cloud.network.NetworkManagerImpl] >>(AccountChecker-1:null) Successfully cleaned up firewallRules rules for >>network id=212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,547 DEBUG [network.element.VirtualRouterElement] >>(AccountChecker-1:null) Virtual router elemnt doesn't need to associate >>ip addresses on the backend; virtual router doesn't exist in the >>network >>212 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,609 DEBUG [cloud.network.NetworkManagerImpl] >>(AccountChecker-1:null) Sending destroy to >>com.cloud.network.element.VirtualRouterElement$$EnhancerByCGLIB$$edd3c7 >>00@ >>2b9b5513 >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,611 DEBUG [cloud.network.NetworkManagerImpl] >>(AccountChecker-1:null) Network id=212 is destroyed successfully, >>cleaning up corresponding resources now. >>/var/log/cloud/management/management-server.log.2012-05-09.gz:2012-05-0 >>9 >>14:55:36,622 DEBUG [cloud.user.AccountManagerImpl] >>(AccountChecker-1:null) Network 212 successfully deleted as a part of >>account id=15 cleanup. >> >>Regards >> >>Tamas Monos DDI >>+44(0)2034687012 >>Chief Technical Office >>+44(0)2034687000 >>Veber: The Hosting Specialists Fax +44(0)871 522 >>7057 >>http://www.veber.co.uk >> >>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook: >>www.facebook.com/veberhost >> >> >>-----Original Message----- >>From: Alena Prokharchyk [mailto:alena.prokharc...@citrix.com] >>Sent: 13 June 2012 18:24 >>To: cloudstack-dev@incubator.apache.org >>Subject: Re: Can not delete network >> >>On 6/13/12 10:18 AM, "Tamas Monos" <tam...@veber.co.uk> wrote: >> >>>Hi, >>> >>>Also I think the problem is when you are trying to delete the network >>>the router is powered off. >>>Therefore when you click delete it wants to remove the firewall rules >>>for that network but the router is not running so the command fails >>>which fails the delet operation. >> >> >>Also not a problem. The rules can be removed when the router is stopped. >>In this case the rules are removed in DB only. When the router starts >>up, we start clean (cleanup all the rules) and re-apply all the rules >>from the DB. So the removed rules won't exist on the router. >> >>-Alena. >> >>> >>>Regards >>> >>>Tamas Monos DDI >>>+44(0)2034687012 >>>Chief Technical Office >>>+44(0)2034687000 >>>Veber: The Hosting Specialists Fax +44(0)871 522 >>>7057 >>>http://www.veber.co.uk >>> >>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook: >>>www.facebook.com/veberhost >>> >>> >>>-----Original Message----- >>>From: Tamas Monos [mailto:tam...@veber.co.uk] >>>Sent: 13 June 2012 18:15 >>>To: cloudstack-dev@incubator.apache.org >>>Subject: RE: Can not delete network >>> >>>Hi, >>> >>>I don't think you can delete a network if a router-vm for that network >>>exists. >>>If you are trying to delete a network that network should not have any >>>VMs. >>>Delete the associated router from the management interface then delete >>>the network. >>>This method works for me on 3.0.2 >>> >>>Regards >>> >>>Tamas Monos DDI >>>+44(0)2034687012 >>>Chief Technical Office >>>+44(0)2034687000 >>>Veber: The Hosting Specialists Fax +44(0)871 522 >>>7057 >>>http://www.veber.co.uk >>> >>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook: >>>www.facebook.com/veberhost >>> >>>-----Original Message----- >>>From: Alena Prokharchyk [mailto:alena.prokharc...@citrix.com] >>>Sent: 13 June 2012 18:12 >>>To: cloudstack-dev@incubator.apache.org >>>Subject: Re: Can not delete network >>> >>>Can you please check the management server log to see if there is more >>>detailed exception in there. >>> >>>-Alena. >>> >>> >>> >>>On 6/13/12 9:50 AM, "Lu Heng" <h...@anytimechinese.com> wrote: >>> >>>>Hi >>>> >>>>I have problem deleting guest network, everytime I tried it always >>>>shows "fail to delete network) >>>> >>>>2012-06-13 11:26:14,243 WARN [cloud.api.ApiDispatcher] >>>>(Job-Executor-52:job-95) class com.cloud.api.ServerApiException : >>>>Failed to delete network >>>> >>>>Any idea how it happens? >>>>-- >>>>-- >>>>Kind regards. >>>>Lu >>>> >>>>This transmission is intended solely for the addressee(s) shown above. >>>>It may contain information that is privileged, confidential or >>>>otherwise protected from disclosure. Any review, dissemination or use >>>>of this transmission or its contents by persons other than the >>>>intended >>>>addressee(s) is strictly prohibited. If you have received this >>>>transmission in error, please notify this office immediately and >>>>e-mail the original at the sender's address above by replying to this >>>>message and including the text of the transmission received. >>>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > >
