Hi Ignasi, thanks for the info. I've been sidetracked, but I've created the issue now [1]. I'll also try the branch you pointed out and see if I can work around the problem by setting security groups manually. I'll comment on the Jira with results.
Thanks you, R. [1]: https://issues.apache.org/jira/browse/JCLOUDS-1120 ----- Original Message ----- > From: "Ignasi Barrera" <n...@apache.org> > To: user@jclouds.apache.org > Sent: Monday, May 30, 2016 12:34:07 AM > Subject: Re: EC2ComputeService, non-default VPC and Security groups > > Hi Richard, > > Thank you for your detailed email! It looks like you did some serious > debugging. It is much appreciated! > > I've had a look at the code, and I think it is a bug. There is a mix > of how security groups are used, as in the standard EC2 API > (implemented by other providers apart from Amazon) names are used to > identify the security groups, but that can't be done when using VPCs. > > The class that creates the security groups in AWS [1] takes care of > returning their ID (as opposed to the one that creates them in the > generic EC2 API). However, it looks that there are two points [2, 3] > where the name is used to get the details of the group instead of the > ID. Could you kindly open a JIRA issue with the information you > provided in this email, so we can properly track this? (The fix should > be pretty straightforward though). > > > Apart from that, it looks like your code fails in [3]. If your code > reaches that point, it is mainly because it is attempting to create a > security group that already exists. There is an open pull request with > a path to avoid creating that marker security group if the user > already provided one [4]. If you want to give it a try, you can build > that branch (or wait until it is merged and a new SNAPSHOT is > published, which should happen in the next days) and set the security > group in the template options. jclouds shouldn't attempt to create a > default one, and you shouldn't see it failing at that point. > > > HTH! > > I. > > > [1] > https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java > [2] > https://github.com/jclouds/jclouds/blob/master/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java#L87 > [3] https://github.com/jclouds/jclouds/blob/master/providers/aws- > ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java#L129-L130 > [4] https://github.com/jclouds/jclouds/pull/947 > > On 27 May 2016 at 10:17, Richard Janik <rja...@redhat.com> wrote: > > Hi all, > > > > I'm trying to create nodes in EC2 in a non-default VPC, setting only > > subnetId on TemplateOptions (no security groups). Like so: > > > > AWSEC2TemplateOptions templateOptions = new AWSEC2TemplateOptions(); > > ... some more template options setup that shouldn't be relevant > > templateOptions.subnetId("subnet-mysubnet"); > > Template template = templateBuilder. > > .hardwareId(instanceType) > > .locationId(region) > > .imageId(imageId) > > .options(templateOptions) > > .build(); > > > > Iterables.getOnlyElement(computeService.createNodesInGroup("cloudts-rjanik", > > 1, template)); > > > > I'm running into problems with that, however. I also tried setting a > > security group via TemplateOptions.securityGroupIds(), but it seems the > > issue persists. The stacktrace is here: http://pastebin.com/xKAEg9cu > > > > I found out that JClouds always (even if using non-default VPC and even if > > security groups have been provided) attempts to create some kind of marker > > security group in > > > > > > CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions > > > > When the security group is created, it tries to resolve the name into ID by > > calling > > > > > > Iterables.getOnlyElement(api.getSecurityGroupApi().get().describeSecurityGroupsInRegion(region, > > name), null).getId(); > > > > That fails for security groups in non-default VPC, because to use the > > DescribeSecurityGroups action there, IDs have to be provided instead of > > names [1]. > > > > So, my question is, is this a bug or is there a way to work around this? We > > don't have an account with a default VPC and I found no way to manually > > create one, so that probably won't work. Any ideas? > > > > Thanks for suggestions, > > R. > > > > [1]: > > http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html >