[jira] [Updated] (JCLOUDS-1120) Security groups don't work with non-default VPCs

Wed, 01 Jun 2016 00:18:46 -0700 

     [ 
https://issues.apache.org/jira/browse/JCLOUDS-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ignasi Barrera updated JCLOUDS-1120:
------------------------------------
    Labels: aws-ec2  (was: )

> Security groups don't work with non-default VPCs
> ------------------------------------------------
>
>                 Key: JCLOUDS-1120
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1120
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-compute
>    Affects Versions: 2.0.0
>            Reporter: Richard Janík
>              Labels: aws-ec2
>
> As per discussion on jclouds users list.
> I've been trying to create nodes in EC2 in a non-default VPC, setting only 
> subnetId on TemplateOptions (no security groups). Like so:
> {code}
>   AWSEC2TemplateOptions templateOptions = new AWSEC2TemplateOptions();
>   ... some more template options setup that shouldn't be relevant
>   templateOptions.subnetId("subnet-mysubnet");
>   Template template = templateBuilder.
>                 .hardwareId(instanceType)
>                 .locationId(region)
>                 .imageId(imageId)
>                 .options(templateOptions)
>                 .build();
>   
> Iterables.getOnlyElement(computeService.createNodesInGroup("cloudts-rjanik", 
> 1, template));
> {code}
> I've been running into problems with that and also tried setting a security 
> group via TemplateOptions.securityGroupIds(), but it seems the issue 
> persists. The stacktrace is here:
> {code}
> Exception in thread "main" 
> com.google.common.util.concurrent.UncheckedExecutionException: 
> org.jclouds.aws.AWSResponseException: request POST 
> https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 400, error: 
> AWSError{requestId='54c91571-7082-4c3e-9ec2-fce52ebceb8e', 
> requestToken='null', code='InvalidParameterValue', message='Invalid value 
> 'jclouds#cloudts-rjanik' for groupName. You may not reference Amazon VPC 
> security groups by name. Please use the corresponding id for this 
> operation.', context='{Response=, Errors=}'}
>       at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
>       at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
>       at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
>       at 
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)
>       at 
> com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4827)
>       at 
> org.jclouds.ec2.compute.strategy.CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions(CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.java:181)
>       at 
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.addSecurityGroups(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:191)
>       at 
> org.jclouds.ec2.compute.strategy.CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.java:80)
>       at 
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:88)
>       at 
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:55)
>       at 
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.createKeyPairAndSecurityGroupsAsNeededThenRunInstances(EC2CreateNodesInGroupThenAddToSet.java:213)
>       at 
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.runInstancesAndWarnOnInvisible(EC2CreateNodesInGroupThenAddToSet.java:151)
>       at 
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.execute(EC2CreateNodesInGroupThenAddToSet.java:132)
>       at 
> org.jclouds.compute.internal.BaseComputeService.createNodesInGroup(BaseComputeService.java:217)
>       at 
> org.jclouds.ec2.compute.EC2ComputeService.createNodesInGroup(EC2ComputeService.java:148)
>     at ... our stacktrace
> Caused by: org.jclouds.aws.AWSResponseException: request POST 
> https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 400, error: 
> AWSError{requestId='54c91571-7082-4c3e-9ec2-fce52ebceb8e', 
> requestToken='null', code='InvalidParameterValue', message='Invalid value 
> 'jclouds#cloudts-rjanik' for groupName. You may not reference Amazon VPC 
> security groups by name. Please use the corresponding id for this 
> operation.', context='{Response=, Errors=}'}
>       at 
> org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:75)
>       at 
> org.jclouds.http.handlers.DelegatingErrorHandler.handleError(DelegatingErrorHandler.java:65)
>       at 
> org.jclouds.http.internal.BaseHttpCommandExecutorService.shouldContinue(BaseHttpCommandExecutorService.java:136)
>       at 
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:105)
>       at 
> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:90)
>       at 
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:73)
>       at 
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:44)
>       at 
> org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler.handleInvocation(FunctionalReflection.java:117)
>       at 
> com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:87)
>       at com.sun.proxy.$Proxy57.describeSecurityGroupsInRegion(Unknown Source)
>       at 
> org.jclouds.ec2.compute.functions.EC2SecurityGroupIdFromName.apply(EC2SecurityGroupIdFromName.java:46)
>       at 
> org.jclouds.ec2.compute.functions.EC2SecurityGroupIdFromName.apply(EC2SecurityGroupIdFromName.java:30)
>       at 
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.createSecurityGroupInRegion(AWSEC2CreateSecurityGroupIfNeeded.java:130)
>       at 
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.load(AWSEC2CreateSecurityGroupIfNeeded.java:73)
>       at 
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.load(AWSEC2CreateSecurityGroupIfNeeded.java:46)
>       at 
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
>       at 
> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
>       at 
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
>       at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
>       ... 25 more
> {code}
> I found out that JClouds always (even if using non-default VPC and even if 
> security groups have been provided) attempts to create some kind of marker 
> security group in
> {code}
> CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions
> {code}
> When the security group is created, it tries to resolve the name into ID by 
> calling
> {code}
> Iterables.getOnlyElement(api.getSecurityGroupApi().get().describeSecurityGroupsInRegion(region,
>  name), null).getId();
> {code}
> That fails for security groups in non-default VPC, because to use the 
> DescribeSecurityGroups action there, IDs have to be provided instead of 
> names, see 
> http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to