InvalidPermission.Duplicate when creating temporary AWS security group

[mdub]

Using Packer 0.5.1, and the amazon-ebs builder, I'm seeing errors of the form:

--> amazon-ebs: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)

It's not happening consistently, so may indicate a race-condition.

[CpuID]

Seeing this also. Randomly in different regions, at least one in 3 of my builders does it at the moment.

1392343473,,ui,say,amazon-instance_us-east-1 output will be in this color.
1392343473,,ui,say,amazon-instance_us-west-1 output will be in this color.
1392343473,,ui,say,amazon-instance_us-west-2 output will be in this color.
1392343473,,ui,say,
1392343473,,ui,say,==> amazon-instance_us-west-1: Creating temporary keypair: packer 52fd79b1-ec81-8a41-abd8-0f12c280d50d
1392343473,,ui,say,==> amazon-instance_us-west-2: Creating temporary keypair: packer 52fd79b1-ae0c-4e76-91dd-10bc5ce57415
1392343473,,ui,say,==> amazon-instance_us-east-1: Creating temporary keypair: packer 52fd79b1-cb1b-6a8e-a7c7-6a005fe88880
1392343474,,ui,say,==> amazon-instance_us-west-2: Creating temporary security group for this instance...
1392343474,,ui,say,==> amazon-instance_us-west-1: Creating temporary security group for this instance...
1392343475,,ui,say,==> amazon-instance_us-east-1: Creating temporary security group for this instance...
1392343475,,ui,say,==> amazon-instance_us-west-2: Authorizing SSH access on the temporary security group...
1392343475,,ui,say,==> amazon-instance_us-west-1: Authorizing SSH access on the temporary security group...
1392343476,,ui,say,==> amazon-instance_us-west-1: Launching a source AWS instance...
1392343476,,ui,say,==> amazon-instance_us-west-2: Launching a source AWS instance...
1392343478,,ui,message, amazon-instance_us-west-1: Instance ID: i-c73f4898
1392343479,,ui,message, amazon-instance_us-west-2: Instance ID: i-bd088bb4
1392343479,,ui,say,==> amazon-instance_us-west-1: Waiting for instance (i-c73f4898) to become ready...
1392343480,,ui,say,==> amazon-instance_us-west-2: Waiting for instance (i-bd088bb4) to become ready...
1392343485,,ui,error,==> amazon-instance_us-east-1: The security group 'packer 52fd79b3-b2b5-40c7-ec61-8547f5da6772' already exists for VPC 'vpc-xxxxxx' (InvalidGroup.Duplicate)
1392343485,,ui,say,==> amazon-instance_us-east-1: Deleting temporary keypair...
1392343486,,ui,say,Build 'amazon-instance_us-east-1' finished.

[dmerrick]

I am experiencing the same thing. It happens intermittently, and is very frustrating when running multiple AWS builds at once.

[dmerrick]

Apparently fixed via this? #552

[mdub]

I don't think so, @dmerrick. That was 4 months ago. I'm experiencing this problem with packer-0.5.1.

[dmerrick]

Well, yes. As I said, I am experiencing it too.

But apparently 4 months ago this issue was addressed.

[mitchellh]

Made some changes upstream to the retry mechanisms of our AWS client that should hopefully fix this. In the next release, if it happens again, please let me know.

[dmerrick]

Thanks, @mitchellh!

[philip-goh]

I saw this today with packer-0.5.2.
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

I'm running packer on OS X Mavericks.

[phobologic]

I just saw the same thing as phillipgoh:

==> ubuntu-east: Creating temporary keypair: packer 5329f401-2227-56eb-4779-da1aba193582
==> ubuntu-east: Creating temporary security group for this instance...
==> ubuntu-east: Authorizing SSH access on the temporary security group...
==> ubuntu-east: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> ubuntu-east: Deleting temporary security group...
==> ubuntu-east: Deleting temporary keypair...
Build 'ubuntu-east' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

[zshenker]

I am seeing this in packer 0.6.0.

Error launching source instance: The security group 'sg-32661e56' does not exist in VPC 'vpc-922db3f2' (InvalidGroup.NotFound)

[CpuID]

Just saw it again in Packer 0.6.0 myself.

build 08-Jul-2014 02:30:20 1404786620,,ui,error,Build 'amazon_ebs_hvm_precise_us-east-1' errored: Error launching source instance: The security group 'sg-a5eb9cc0' does not exist (InvalidGroup.NotFound)

[mrwilby]

Perhaps a variant:

==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)

[robfig]

I got this on Packer 0.6.0 too.

packer build packer_ami.json
amazon-ebs output will be in this color.

==> amazon-ebs: Creating temporary keypair: packer 53c6aa4c-3d4f-c8b2-6d96-685021fc065c
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Builds finished but no artifacts were created.
make: *** [staging] Error 1

[etchen99]

Ditto for 0.6.0:

==> amazon-ebs: Creating temporary keypair: packer 53c8a7e8-8502-1398-a98a-9cfc4b894cf8
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: The security group 'sg-5b4df03e' does not exist in VPC 'vpc-c240b7a7' (InvalidGroup.NotFound)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...

[mattupstate]

got this with 0.6.1

1407432672,,ui,say,amazon-ebs output will be in this color.
1407432672,,ui,say,
1407432672,,ui,say,==> amazon-ebs: Inspecting the source AMI...
1407432673,,ui,say,==> amazon-ebs: Creating temporary keypair: packer 53e3b7e0-ad5b-05b4-b67c-6093d20b64fd
1407432674,,ui,say,==> amazon-ebs: Creating temporary security group for this instance...
1407432674,,ui,say,==> amazon-ebs: Authorizing SSH access on the temporary security group...
1407432696,,ui,error,==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432696,,ui,say,==> amazon-ebs: Deleting temporary security group...
1407432696,,ui,say,==> amazon-ebs: Deleting temporary keypair...
1407432697,,ui,error,Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,error-count,1
1407432697,,ui,error,\n==> Some builds didn't complete successfully and had errors:
1407432697,amazon-ebs,error,Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,ui,error,--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,ui,say,\n==> Builds finished but no artifacts were created.

[alonisser]

+1 getting this in 0.6.1 (using ubuntu 14.04)

[mr--white]

i also got this error in 0.6.1. I'm on OSX Mavericks.

> ==> amazon-ebs: Creating temporary keypair: packer 53ee9f33-7cfb-88d2-1880-f1fff39e5767
> ==> amazon-ebs: Creating temporary security group for this instance...
> ==> amazon-ebs: Authorizing SSH access on the temporary security group...
> ==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
> ==> amazon-ebs: Deleting temporary security group...
> ==> amazon-ebs: Deleting temporary keypair...
> Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

[ckelner]

I got this on 0.7.1 on amazon linux Linux version 3.2.34-55.46.amzn1.x86_64 (mockbuild@gobi-build-31003) (gcc version 4.6.2 20111027 (Red Hat 4.6.2-2) (GCC) )

1422553612,,ui,say,==> amazon-ebs: Creating temporary keypair: packer 54ca720c-7215-2052-3591-b7f155ae4299
1422553612,,ui,say,==> amazon-ebs: Creating temporary security group for this instance...
1422553612,,ui,say,==> amazon-ebs: Authorizing SSH access on the temporary security group...
1422553623,,ui,error,==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,say,==> amazon-ebs: Deleting temporary security group...
1422553623,,ui,say,==> amazon-ebs: Deleting temporary keypair...
1422553623,,ui,error,Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,error-count,1
1422553623,,ui,error,\n==> Some builds didn't complete successfully and had errors:
1422553623,amazon-ebs,error,Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,error,--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,say,\n==> Builds finished but no artifacts were created.

[wvega]

I'm seeing this on Packer 0.7.5 running on OS X Yosemite. I was trying to create a new AMI based on AMI I had generated with packer just a few minutes before:

==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Builds finished but no artifacts were created.

As with the other cases reported here, it doesn't happen all the time.

[volker48]

I just got this error as well in Packer v0.7.5 on OS X Yosemite.

amazon-ebs output will be in this color.

==> amazon-ebs: Inspecting the source AMI...
==> amazon-ebs: Creating temporary keypair: packer 557f31f1-5928-f518-53e5-1ea6529e9ea1
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

[BlinkyStitt]

I just got this error with packer 0.8.3.

I don't think this has been properly fixed :(

EDIT: I actually think I got this error because amazon was having an outage. I think the error logging is just inaccurate.

[adimarco]

This is definitely still happening with packer 0.8.5 on Amazon Linux

==> amazon-ebs: Creating temporary security group for this instance...�
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-56862632' does not exist in VPC 'vpc-65a13300'

[cbednarski]

@adimarco It looks to me like you have a different issue. Your error message is completely different. If you believe this is a bug, please open a new issue.

[adimarco]

@cbednarski Sorry, I meant to leave that comment in #1322. It was closed as a duplicate of this issue, however, and I see the same error message I'm getting in 2 other posts in this issue, so I thought might be related. I'll open a new issue.

[cbednarski]

From @phinze

Build 'amazon-ebs' errored: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
status code: 400, request id: []

We should probably catch and ignore this issue since I think the system is in a state where it can continue in spite of the error.

[brikis98]

Just got this with 0.8.6:

==> my-ami: Prevalidating AMI Name...
==> my-ami: Inspecting the source AMI...
==> my-ami: Creating temporary keypair: packer xxxx-xxxx-xxxx-xxxx-xxxxx
==> my-ami: Creating temporary security group for this instance...
==> my-ami: Authorizing access to port 22 the temporary security group...
==> my-ami: Launching a source AWS instance...
==> my-ami: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-f635fd8d' does not exist in VPC 'vpc-1111f778'
==> my-ami:   status code: 400, request id: []
==> my-ami: No AMIs to cleanup
==> my-ami: Deleting temporary security group...
==> my-ami: Deleting temporary keypair...
Build 'my-ami' errored: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-f635fd8d' does not exist in VPC 'vpc-1111f778'
  status code: 400, request id: []

[gauravChaturvedi]

Getting the following

==> amazon-ebs: Prevalidating AMI Name...
==> amazon-ebs: Inspecting the source AMI...
==> amazon-ebs: Creating temporary keypair: packer 573cae9f-f6e5-ba08-dc3a-d68aa1e345d3
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-3d36ea46' does not exist in VPC 'vpc-50b94137'
==> amazon-ebs: status code: 400, request id: []
==> amazon-ebs: No AMIs to cleanup
==> amazon-ebs: Deleting temporary security group...
^C==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-3d36ea46' does not exist in VPC 'vpc-50b94137'
status code: 400, request id: []

[Tonesbalones]

Same issue as commented above, running packer version 0.10.1 on AWS Linux.

UPDATE: Just executed the same build script and didn't receive the error on 3rd attempt. Successful after I attempted to use the -debug flag and then ran without it.

[cbednarski]

According to some comments in #2606 this may happen when there is an API outage. Even if this is not the root cause these issues are likely related.

[Tonesbalones]

Agreed, if I retry a minute or so later it runs with no errors. Thanks for the link to #2606!

[michaeltlombardi]

All - is this issue still ongoing? From the sounds of the conversations in May, it seems like this issue can be closed?

[mwarkentin]

@michaeltlombardi I'm still seeing the Error launching source instance: InvalidGroup.NotFound: The security group 'sg-216d3b5b' does not exist error every so often.

[ryanrupp]

Are you using the current master of Packer? I don't think the fix from here #3656 has been cut into a release yet, 0.10.1 was cut before the fix and 0.10.2 was cut last week but doesn't look like it includes that fix.

[mwarkentin]

I'm using 0.10.2 now, from homebrew.

Sent from my iPhone

On Sep 29, 2016, at 2:52 PM, ryanrupp notifications@github.com wrote:

Are you using the current master of Packer? I don't think the fix from here #3656 has been cut into a release yet, 0.10.1 was cut before the fix and 0.10.2 was cut last week but doesn't look like it includes that fix.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

[rickard-von-essen]

@mwarkentin @ryanrupp 0.10.2 contains exactly the same code as 0.10.1 it was just rebuilt to support macOS Sierra.

[tacocatcodes]

This happens for us both through the homebrew version and the compiled version from the Packer site. This is definitely still an issue.

[mwhooker]

might be able to solve this with something like #3938

[mwhooker]

@laneatomic Can you confirm which error you're getting? Is it

InvalidGroup.NotFound or InvalidPermission.Duplicate?

[mwhooker]

was able to reproduce the InvalidGroup.NotFound error. I created an issue to track it. #4368

I'm going to close this since I believe the InvalidPermission.Duplicate error has been resolved. Please feel free to re-open if anyone is still getting this error with the latest build of packer. CC @laneatomic

[tacocatcodes]

Unfortunately I can no longer test this error. We refactored how we use Packer in a way to avoid this entirely.

[jgillard]

Have just come across this on 0.12.2

==> amazon-ebs: Prevalidating AMI Name...
    amazon-ebs: Found Image ID: ami-512ffc47
==> amazon-ebs: Creating temporary keypair: packer_58b018eb-1577-525a-a81e-af7530a99da8
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
==> amazon-ebs: 	status code: 400, request id: b95f46ab-1eef-48e3-8485-6737bef71d3f
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
	status code: 400, request id: b95f46ab-1eef-48e3-8485-6737bef71d3f

[cbednarski]

@jgillard Please open a new issue for this. Thanks!