Hi Richard, Thank you for your detailed email! It looks like you did some serious debugging. It is much appreciated!
I've had a look at the code, and I think it is a bug. There is a mix of how security groups are used, as in the standard EC2 API (implemented by other providers apart from Amazon) names are used to identify the security groups, but that can't be done when using VPCs. The class that creates the security groups in AWS [1] takes care of returning their ID (as opposed to the one that creates them in the generic EC2 API). However, it looks that there are two points [2, 3] where the name is used to get the details of the group instead of the ID. Could you kindly open a JIRA issue with the information you provided in this email, so we can properly track this? (The fix should be pretty straightforward though). Apart from that, it looks like your code fails in [3]. If your code reaches that point, it is mainly because it is attempting to create a security group that already exists. There is an open pull request with a path to avoid creating that marker security group if the user already provided one [4]. If you want to give it a try, you can build that branch (or wait until it is merged and a new SNAPSHOT is published, which should happen in the next days) and set the security group in the template options. jclouds shouldn't attempt to create a default one, and you shouldn't see it failing at that point. HTH! I. [1] https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java [2] https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java#L87 [3] https://github.com/jclouds/jclouds/blob/master/providers/aws- ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java#L129-L130 [4] https://github.com/jclouds/jclouds/pull/947 On 27 May 2016 at 10:17, Richard Janik <rja...@redhat.com> wrote: > Hi all, > > I'm trying to create nodes in EC2 in a non-default VPC, setting only subnetId > on TemplateOptions (no security groups). Like so: > > AWSEC2TemplateOptions templateOptions = new AWSEC2TemplateOptions(); > ... some more template options setup that shouldn't be relevant > templateOptions.subnetId("subnet-mysubnet"); > Template template = templateBuilder. > .hardwareId(instanceType) > .locationId(region) > .imageId(imageId) > .options(templateOptions) > .build(); > > Iterables.getOnlyElement(computeService.createNodesInGroup("cloudts-rjanik", > 1, template)); > > I'm running into problems with that, however. I also tried setting a security > group via TemplateOptions.securityGroupIds(), but it seems the issue > persists. The stacktrace is here: http://pastebin.com/xKAEg9cu > > I found out that JClouds always (even if using non-default VPC and even if > security groups have been provided) attempts to create some kind of marker > security group in > > > CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions > > When the security group is created, it tries to resolve the name into ID by > calling > > > Iterables.getOnlyElement(api.getSecurityGroupApi().get().describeSecurityGroupsInRegion(region, > name), null).getId(); > > That fails for security groups in non-default VPC, because to use the > DescribeSecurityGroups action there, IDs have to be provided instead of names > [1]. > > So, my question is, is this a bug or is there a way to work around this? We > don't have an account with a default VPC and I found no way to manually > create one, so that probably won't work. Any ideas? > > Thanks for suggestions, > R. > > [1]: > http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html
