Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.6.0] AWS Security group creation is unreliable #1322

Closed
mrwilby opened this issue Jul 8, 2014 · 3 comments
Closed

[0.6.0] AWS Security group creation is unreliable #1322

mrwilby opened this issue Jul 8, 2014 · 3 comments

Comments

@mrwilby
Copy link

mrwilby commented Jul 8, 2014

I fairly regularly (1 in 10 packs) see an error, which I believe is a timing (or 'eventual consistency') issue in the way AWS crates security groups. I am fairly certain that this is the root cause because I have seen similar issues with my own code - which also creates security groups - when using boto:

==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: The security group 'sg-yyyy1234' does not exist in VPC 'vpc-xxxx1234' (InvalidGroup.NotFound)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error launching source instance: The security group 'sg-yyyy1234' does not exist in VPC 'vpc-xxxx1234' (InvalidGroup.NotFound)

Packer has successfully initiated the request to create the security group - but I believe packer is attempting to use the group ID before AWS has finished the group creation.

When I've seen this with my own python code + boto, the issue appears to be caused by AWS taking some small amount of time to actually complete the security group creation. Thus, when calling the EC2 "create security group" API, sometimes EC2 returns "creation complete" before the security group is actually available for use by subsequent packer commands.

I solved this in my code by trying to fetch the security group information in a loop until the first requests succeeds - at which point I can be sure that AWS has finished the security group creation and thus my code can continue to actually use it.
@mrwilby
Copy link
Author

mrwilby commented Jul 8, 2014

NB: I didn't research if the AWS "create security group" API which packer is using is actually meant to be asynchronous or synchronous - so this might also be an AWS EC2 bug (but I am somewhat doubtful)

@CpuID
Copy link
Contributor

CpuID commented Jul 8, 2014

This seems to be a duplicate of #878 by the way

I just got it again in 0.6.0 myself also.

@mrwilby
Copy link
Author

mrwilby commented Jul 8, 2014

Agree this is a dupe. Thanks for linking!

@mrwilby mrwilby closed this as completed Jul 8, 2014
This was referenced Aug 15, 2015
Closed
Closed
@hashicorp hashicorp locked and limited conversation to collaborators Apr 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CpuID @mrwilby