[JIRA] (JENKINS-62090) Network interfaces and an instance-level security groups may not be specified on the same request

[chohyu01@cs.washington.edu (JIRA)]

Hyunsu Cho created an issue

Jenkins / JENKINS-62090 Network interfaces and an instance-level security groups may not be specified on the same request Issue Type: Bug Assignee: FABRIZIO MANFREDI Attachments: Screen Shot 2020-04-29 at 2.17.09 AM.png Components: ec2-plugin Created: 2020-04-29 09:24 Priority: Minor Reporter: Hyunsu Cho I upgrade my Jenkins server https://xgboost-ci.net today from 1.49.1 to 1.50, and the server could no longer launch new workers. Attempts to provision new EC2 workers were met with error com.amazonaws.services.ec2.model.AmazonEC2Exception: Network interfaces and an instance-level security groups may not be specified on the same request (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 612b9c14-759c-4cba-8f69-0c7c4367e9e4)   The problem went away when I downgraded back to 1.49.1.   I am attaching my cloud configuraton. Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[chohyu01@cs.washington.edu (JIRA)]

Hyunsu Cho updated an issue

Jenkins / JENKINS-62090 Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Hyunsu Cho I upgrade my Jenkins server [https://xgboost-ci.net|https://xgboost-ci.net/] today from 1.49.1 to 1.50, and the server could no longer launch new workers. Attempts to provision new EC2 workers were met with error

com.amazonaws.services.ec2.model.AmazonEC2Exception: Network interfaces and an instance-level security groups may not be specified on the same request (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 612b9c14-759c-4cba-8f69-0c7c4367e9e4)

The problem went away when I downgraded back to 1.49.1.   I am attaching my cloud configuraton.

Full error log: com.amazonaws.services.ec2.model.AmazonEC2Exception: Network interfaces and an instance-level security groups may not be specified on the same request (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: d1562479-4df2-4a36-a8b1-ac3125d2573a) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1799) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1383) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1359) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1139) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:796) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:764) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:738) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:698) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:680) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:544) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:524) at com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:24798) at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:24765) at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:24754) at com.amazonaws.services.ec2.AmazonEC2Client.executeRunInstances(AmazonEC2Client.java:23674) at com.amazonaws.services.ec2.AmazonEC2Client.runInstances(AmazonEC2Client.java:23646) at hudson.plugins.ec2.SlaveTemplate.provisionOndemand(SlaveTemplate.java:836) at hudson.plugins.ec2.SlaveTemplate.provisionOndemand(SlaveTemplate.java:681) at hudson.plugins.ec2.SlaveTemplate.provision(SlaveTemplate.java:636) at hudson.plugins.ec2.EC2Cloud.getNewOrExistingAvailableSlave(EC2Cloud.java:621) at hudson.plugins.ec2.EC2Cloud.doProvision(EC2Cloud.java:359) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:500) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) at java.lang.Thread.run(Thread.java:748)

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-62090 Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Mark Waite Priority: Minor Blocker

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite commented on JENKINS-62090

Re: Network interfaces and an instance-level security groups may not be specified on the same request I changed the priority on this from "Minor" to "Blocking" because a Jenkins Security Advisory has been published for plugin release prior to 1.50.2 and this issue is visible on ci.jenkins.io with 1.50.2

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-62090

Re: Network interfaces and an instance-level security groups may not be specified on the same request

I changed the priority on this from "Minor" to "Blocking" because a [Jenkins Security Advisory|https://www.jenkins.io/security/advisory/2020-05-06/] has been published for plugin release prior to 1.50.2 and this issue is visible on ci.jenkins.io with 1.50.2 . I resolved the problem on ci.jenkins.io by installing [1.49.2|https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/ec2/1.49.2/ec2-1.49.2.hpi] rather than 1.50.2.

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-62090

Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Mark Waite Priority: Blocker Major

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-62090

Re: Network interfaces and an instance-level security groups may not be specified on the same request

I changed the priority on this from "Minor" to "Blocking" because a [Jenkins Security Advisory|https://www.jenkins.io/security/advisory/2020-05-06/] has been published for plugin release prior to 1.50.2 and this issue is visible on ci.jenkins.io with 1.50.2.

Downgraded from "Blocking" to "Major" because I resolved the problem on ci.jenkins.io by installing could install [1.49.2|https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/ec2/1.49.2/ec2-1.49.2.hpi] on ci.jenkins.io rather than 1.50.2.

Add Comment

[manuelramonleonjimenez@gmail.com (JIRA)]

Ramon Leon assigned an issue to Ramon Leon

Jenkins / JENKINS-62090

Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Ramon Leon Assignee: FABRIZIO MANFREDI Ramon Leon

Add Comment

[manuelramonleonjimenez@gmail.com (JIRA)]

Ramon Leon commented on JENKINS-62090

Re: Network interfaces and an instance-level security groups may not be specified on the same request I found out that this message was printed in 1.46.x versions, later in 1.49.x went away and it's back again on 1.50.x . It took me a while but I discovered that you have to set the Subnet IDs for VPC in addition to the Security group names to make it works. You have to find out the VPCs associated with the security group name you're using. Let me know if it works.

Add Comment

[manuelramonleonjimenez@gmail.com (JIRA)]

Ramon Leon assigned an issue to Unassigned

Jenkins / JENKINS-62090

Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Ramon Leon Assignee: Ramon Leon

Add Comment

[raihaan.shouhell@autodesk.com (JIRA)]

Raihaan Shouhell started work on JENKINS-62090

Change By: Raihaan Shouhell Status: Open In Progress

Add Comment

[raihaan.shouhell@autodesk.com (JIRA)]

Raihaan Shouhell updated JENKINS-62090

Jenkins / JENKINS-62090 Network interfaces and an instance-level security groups may not be specified on the same request

Change By: Raihaan Shouhell Status: In Progress Review

Add Comment

[foundation-security-members@cloudbees.com (JIRA)]

CloudBees Foundation Security assigned an issue to Raihaan Shouhell

Jenkins / JENKINS-62090 Network interfaces and an instance-level security groups may not be specified on the same request

Change By: CloudBees Foundation Security Assignee: Raihaan Shouhell

Add Comment

[aptalca@linuxserver.io (JIRA)]

aptalca aptalca commented on JENKINS-62090

Re: Network interfaces and an instance-level security groups may not be specified on the same request Adding the subnetID works. I should also note that I wasted a bunch of time by putting in the "vpc id" instead. I had to go find the "subnetID" which was not easy to find (for someone not familiar with the aws interface).

Add Comment