Unable to remove Node from Cluster

[webadmin]

Hello,

as soon as I try to remove a node from a cluster I will only get a 403 Forbidden. This 403 ist also returned for other actions but there changes are mainly stored anyway.

What could be the reason for this? I already checked /opt/fwcloud/api/.env and CORS_WHITELIST="" is set to the correct value

Thanks...

 

[Carles Munyoz]

Hello,
The forbidden error is normal, it is due to a confirmation token required in several API calls.
¿Can you show us the content of the second API call that shows errors to?
¿What errors can you see the error logs in the FWCloud-API?

 

[webadmin]

Do you meen this message?

Which logfile to check? /opt/fwcloud/websrv/logs/app.log is showing these messages:

2024-12-02 10:59:10|ERROR|Proxing request: /socket.io/?EIO=4&transport=polling&t=uyuao9o2 - connect ECONNREFUSED 127.0.0.1:3131
2024-12-02 10:59:15|ERROR|Proxing request: /socket.io/?EIO=4&transport=polling&t=uyy73eya - connect ECONNREFUSED 127.0.0.1:3131
2024-12-02 10:59:20|ERROR|Proxing request: /socket.io/?EIO=4&transport=polling&t=uz23h7dr - connect ECONNREFUSED 127.0.0.1:3131

Could be again an IPv6 problem? FWCloud is also used to protect the host where it is running on itself. But local traffic is whitelisted for IPv4 and IPv6

Thank you again for your support!

 

[Carles Munyoz]

The log file you have to see is: /opt/fwcloud/api/logs/app.log

 

[webadmin]

This logfile does not contain any errors

root@fwcadmin-vm:~# tail -f /opt/fwcloud/api/logs/app.log
2024-12-02 10:58:27|INFO|Received signal: SIGTERM
2024-12-02 10:58:27|INFO|------- Application stopped --------
2024-12-02 10:59:24|INFO|------- Starting application -------
2024-12-02 10:59:24|INFO|FWCloud API v2.0.16 (PID=49875) (prod) | schema: v1.0.0
2024-12-02 10:59:24|INFO|Database connection established
2024-12-02 10:59:24|INFO|Listening on https://127.0.0.1:3131
2024-12-02 10:59:26|INFO|WebSocket: User connected (ID: RqZ4fgCUbaAxnspdAAAB, IP: 127.0.0.1, session: 2ICzU8XRzzWA4jvo3YSMsj1BGNUTKHDZ)
2024-12-02 10:59:26|INFO|Openvpn history worker started (collection interval: 5 minutes).
2024-12-02 11:00:10|INFO|WebSocket: User disconnected (ID: RqZ4fgCUbaAxnspdAAAB, IP: 127.0.0.1, session: 2ICzU8XRzzWA4jvo3YSMsj1BGNUTKHDZ)
2024-12-02 11:00:11|INFO|WebSocket: User connected (ID: 75sfcIjzYjQd_ukpAAAD, IP: 127.0.0.1, session: 2ICzU8XRzzWA4jvo3YSMsj1BGNUTKHDZ)

 

[Carles Munyoz]

In the user interface, when you try to delete the cluster's node, which error do you get?

 

[webadmin]

After you click “Yes” in the confirmation dialog, no error message is displayed. Sometimes you will see a red icon, but it only appears for a few frames and disappears immediately

 

[Carles Munyoz]

But I understand that the only problem you have is with the deletion of on cluster node, that all the other actions like modify firewall policy, install, etc. go fine, is it correct?

In the screenshot supplied, can you show us the information in the API request just below the one that you show?

 

[webadmin]

Exactly, this is the main function where I noticed the problems. Editing IP Groups and Rules, Compiling and Installing worked fine.
As soon as the tool reached the node which does not exists anymore... So I wanted to delete it...

What do you mean with "can you show us the information in the API request just below the one that you show?" ? I attached 4 screenshots, which hopefully will show all the detailsd

 

[Carles Munyoz]

As you can see in the error reported in the last screenshot, the problem is that the node that you want to delete is being used in the column `Apply to` of one or more rules in your policy. If you delete the policy rules linked to this node, you will be able to remove it.

We have a bug in the user interface because this error should be displayed in order to inform you about the problem.
We are going to generate a issue related to this problem and solve it.

Thank you for the report.

 

[webadmin]

Ahh, you're right. Deleting the rule solved the problem. Thank you very much for the fantastic support!!!

 

[Carles Munyoz]

Thank you very much for the bug report.