[
https://issues.apache.org/jira/browse/JCLOUDS-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16010387#comment-16010387
]
Richard Janík commented on JCLOUDS-1120:
----------------------------------------
Hi [~andreaturli], just letting you know that I don't have time to confirm this
right now - I'm working on things completely unrelated to jclouds. IIRC, we
worked around the issue on our end. I'll get back to you sometime later and
confirm if this is really fixed for us, but until then, if you think it is
fixed, you can assume it is. I'll reopen the issue in the worst case.
Thanks for looking into this.
> Security groups don't work with non-default VPCs
> ------------------------------------------------
>
> Key: JCLOUDS-1120
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1120
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-compute
> Affects Versions: 2.0.0
> Reporter: Richard Janík
> Labels: aws-ec2
>
> As per discussion on jclouds users list.
> I've been trying to create nodes in EC2 in a non-default VPC, setting only
> subnetId on TemplateOptions (no security groups). Like so:
> {code}
> AWSEC2TemplateOptions templateOptions = new AWSEC2TemplateOptions();
> ... some more template options setup that shouldn't be relevant
> templateOptions.subnetId("subnet-mysubnet");
> Template template = templateBuilder.
> .hardwareId(instanceType)
> .locationId(region)
> .imageId(imageId)
> .options(templateOptions)
> .build();
>
> Iterables.getOnlyElement(computeService.createNodesInGroup("cloudts-rjanik",
> 1, template));
> {code}
> I've been running into problems with that and also tried setting a security
> group via TemplateOptions.securityGroupIds(), but it seems the issue
> persists. The stacktrace is here:
> {code}
> Exception in thread "main"
> com.google.common.util.concurrent.UncheckedExecutionException:
> org.jclouds.aws.AWSResponseException: request POST
> https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 400, error:
> AWSError{requestId='54c91571-7082-4c3e-9ec2-fce52ebceb8e',
> requestToken='null', code='InvalidParameterValue', message='Invalid value
> 'jclouds#cloudts-rjanik' for groupName. You may not reference Amazon VPC
> security groups by name. Please use the corresponding id for this
> operation.', context='{Response=, Errors=}'}
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
> at com.google.common.cache.LocalCache.get(LocalCache.java:3934)
> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4827)
> at
> org.jclouds.ec2.compute.strategy.CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions(CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.java:181)
> at
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.addSecurityGroups(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:191)
> at
> org.jclouds.ec2.compute.strategy.CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.java:80)
> at
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:88)
> at
> org.jclouds.aws.ec2.compute.strategy.CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.execute(CreateKeyPairPlacementAndSecurityGroupsAsNeededAndReturnRunOptions.java:55)
> at
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.createKeyPairAndSecurityGroupsAsNeededThenRunInstances(EC2CreateNodesInGroupThenAddToSet.java:213)
> at
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.runInstancesAndWarnOnInvisible(EC2CreateNodesInGroupThenAddToSet.java:151)
> at
> org.jclouds.ec2.compute.strategy.EC2CreateNodesInGroupThenAddToSet.execute(EC2CreateNodesInGroupThenAddToSet.java:132)
> at
> org.jclouds.compute.internal.BaseComputeService.createNodesInGroup(BaseComputeService.java:217)
> at
> org.jclouds.ec2.compute.EC2ComputeService.createNodesInGroup(EC2ComputeService.java:148)
> at ... our stacktrace
> Caused by: org.jclouds.aws.AWSResponseException: request POST
> https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 400, error:
> AWSError{requestId='54c91571-7082-4c3e-9ec2-fce52ebceb8e',
> requestToken='null', code='InvalidParameterValue', message='Invalid value
> 'jclouds#cloudts-rjanik' for groupName. You may not reference Amazon VPC
> security groups by name. Please use the corresponding id for this
> operation.', context='{Response=, Errors=}'}
> at
> org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:75)
> at
> org.jclouds.http.handlers.DelegatingErrorHandler.handleError(DelegatingErrorHandler.java:65)
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.shouldContinue(BaseHttpCommandExecutorService.java:136)
> at
> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:105)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:90)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:73)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:44)
> at
> org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler.handleInvocation(FunctionalReflection.java:117)
> at
> com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:87)
> at com.sun.proxy.$Proxy57.describeSecurityGroupsInRegion(Unknown Source)
> at
> org.jclouds.ec2.compute.functions.EC2SecurityGroupIdFromName.apply(EC2SecurityGroupIdFromName.java:46)
> at
> org.jclouds.ec2.compute.functions.EC2SecurityGroupIdFromName.apply(EC2SecurityGroupIdFromName.java:30)
> at
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.createSecurityGroupInRegion(AWSEC2CreateSecurityGroupIfNeeded.java:130)
> at
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.load(AWSEC2CreateSecurityGroupIfNeeded.java:73)
> at
> org.jclouds.aws.ec2.compute.loaders.AWSEC2CreateSecurityGroupIfNeeded.load(AWSEC2CreateSecurityGroupIfNeeded.java:46)
> at
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
> at
> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)
> at
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)
> ... 25 more
> {code}
> I found out that JClouds always (even if using non-default VPC and even if
> security groups have been provided) attempts to create some kind of marker
> security group in
> {code}
> CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions.getSecurityGroupsForTagAndOptions
> {code}
> When the security group is created, it tries to resolve the name into ID by
> calling
> {code}
> Iterables.getOnlyElement(api.getSecurityGroupApi().get().describeSecurityGroupsInRegion(region,
> name), null).getId();
> {code}
> That fails for security groups in non-default VPC, because to use the
> DescribeSecurityGroups action there, IDs have to be provided instead of
> names, see
> http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
