[JIRA] [ec2-plugin] (JENKINS-34291) unable to configure VPC security groups

267 views
Skip to first unread message

josh@hoblitt.com (JIRA)

unread,
Apr 15, 2016, 6:52:02 PM4/15/16
to jenkinsc...@googlegroups.com
Joshua Hoblitt created an issue
 
Jenkins / Bug JENKINS-34291
unable to configure VPC security groups
Issue Type: Bug Bug
Assignee: Francis Upton
Components: ec2-plugin
Created: 2016/Apr/15 10:51 PM
Environment: jenkins 1.651
ec2-plugin 1.31
Priority: Minor Minor
Reporter: Joshua Hoblitt

I am attempting to to launch on demand instances into an existing VPC. If I set the security group to either the sg ID or the sg name, I get the below error in the logs. I tried created a new log recorder for all the classes under hudson.plugins.ec2.* but have not been able to find any more detailed debugging information.

Apr 15, 2016 3:43:30 PM INFO hudson.plugins.ec2.SlaveTemplate logProvisionInfo

Launching ami-3331f958 for template centos 7

Apr 15, 2016 3:43:30 PM WARNING hudson.plugins.ec2.EC2Cloud provision

Exception during provisioning
com.amazonaws.AmazonClientException: Security groups must all be VPC security groups to work in a VPC context
	at hudson.plugins.ec2.SlaveTemplate.getEc2SecurityGroups(SlaveTemplate.java:916)
	at hudson.plugins.ec2.SlaveTemplate.provisionOndemand(SlaveTemplate.java:476)
	at hudson.plugins.ec2.SlaveTemplate.provision(SlaveTemplate.java:377)
	at hudson.plugins.ec2.EC2Cloud.provisionSlaveIfPossible(EC2Cloud.java:406)
	at hudson.plugins.ec2.EC2Cloud.provision(EC2Cloud.java:422)
	at hudson.slaves.NodeProvisioner$StandardStrategyImpl.apply(NodeProvisioner.java:700)
	at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:305)
	at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:58)
	at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:797)
	at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:50)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)


Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

josh@hoblitt.com (JIRA)

unread,
Apr 15, 2016, 7:04:01 PM4/15/16
to jenkinsc...@googlegroups.com
Joshua Hoblitt commented on Bug JENKINS-34291
 
Re: unable to configure VPC security groups

It looks like I had put the VPC ID in place of the subnet ID. After removing all sg IDs, I got a useful error message. This was an ID10T problem but it would be incredibly useful to get an error message that the subnet ID is invalid when there are sg IDs specified.

shields@kkvesper.jp (JIRA)

unread,
May 7, 2016, 10:06:02 PM5/7/16
to jenkinsc...@googlegroups.com

Francis Upton please close this.

Joshua Hoblitt The error message here comes from AWS. It's going to be impossible for us to detect every possible misuse of the AWS API. The error here is verbose enough that you can check either your security groups or VPC are not setup correctly, so no change needed for now.

francisu@gmail.com (JIRA)

unread,
May 8, 2016, 10:08:01 PM5/8/16
to jenkinsc...@googlegroups.com

Johnny Shields I'm not sure I agree completely. I think if this is a common mistake then we might be able to wrap the error in something to help the user out. Not sure if this is a common mistake though. I think we can keep this one open and if someone has time on their hands we might be able to do something. Of course we can't cover all of the cases though.

francisu@gmail.com (JIRA)

unread,
May 8, 2016, 10:09:01 PM5/8/16
to jenkinsc...@googlegroups.com
Francis Upton updated an issue
 
Jenkins / Improvement JENKINS-34291
Change By: Francis Upton
Issue Type: Bug Improvement

shields@kkvesper.jp (JIRA)

unread,
May 8, 2016, 10:38:01 PM5/8/16
to jenkinsc...@googlegroups.com
Johnny Shields commented on Improvement JENKINS-34291
 
Re: unable to configure VPC security groups

Francis Upton I still think we should close this one, it would be very complex to implement logic which verifies integrity of the user's AWS setup, not to mention it will require adding new IAM privileges etc that we don't want to depend on.

shields@kkvesper.jp (JIRA)

unread,
May 16, 2016, 3:38:02 PM5/16/16
to jenkinsc...@googlegroups.com

I'm closing this as there are no specific actionable items.

shields@kkvesper.jp (JIRA)

unread,
May 16, 2016, 3:38:02 PM5/16/16
to jenkinsc...@googlegroups.com
Johnny Shields closed an issue as Not A Defect
 
Change By: Johnny Shields
Status: Open Closed
Resolution: Not A Defect
Reply all
Reply to author
Forward
0 new messages