Ask Your Question
1

puppetlabs-aws: Error: Security groups 'name' not found in VPCs 'vpc-number'

asked 2016-03-04 13:30:38 -0500

theillien gravatar image

While attempting to use the puppetlabs-aws module I keep experiencing the error in the subject.

My manifest:

ec2_instance { 'puppet_prov_test':
  ensure              => 'present',
  availability_zone   => 'us-east-1a',
  image_id            => 'ami-61bbf104',
  instance_type       => 't2.micro',
  key_name            => 'PUPPETMASTER-2',
  region              => 'us-east-1',
  subnet              => 'subnet-ff5bc992',
  security_groups     => ['PPL'],
}

The full puppet apply output:

# puppet apply --verbose /etc/puppetlabs/code/environments/production/modules/aws_prod/manifests/init.pp 
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for puppetmaster.cspops.int in environment production in 0.07 seconds
Info: Applying configuration version '1457071103'
Info: Checking if instance puppet_prov_test is running in region us-east-1
Info: Checking if instance puppet_prov_test is stopped in region us-east-1
Info: Starting instance puppet_prov_test in region us-east-1
Error: Security groups 'PPL' not found in VPCs 'vpc-e05bc98d'
Error: /Stage[main]/Main/Ec2_instance[puppet_prov_test]/ensure: change from absent to present failed: Security groups 'PPL' not found in VPCs 'vpc-e05bc98d'
Notice: Applied catalog in 10.45 seconds

It seems like it would be a very straight forward solution: Make sure the PPL security group is in the VPC. Unfortunately, while obvious, it isn't exactly correct:

image description

As evidenced, the VPC ID is exactly the one being reported as not having it.

The user account I'm working with is part of our admin group so I know it has all the necessary permissions.

What could be causing this inaccurate report?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
2

answered 2016-03-07 07:49:48 -0500

aharden gravatar image

ec2_instance's "subnet" metaparameter will indicate which VPC the instance will be run in. I notice you're referencing the desired subnet using its ID. Unless you have duplicated the ID in its "Name" field, the provider won't find that subnet. The documentation indicates:

Accepts the name of the subnet; this is the value of the Name tag for the subnet. If you're describing the subnet in Puppet, then this value is the name of the resource.

If you put a value in the "Name" field of the desired subnet and reference that, it should work.

edit flag offensive delete link more

Comments

In the "VPC dashboard", click "Subnets", then copy the "Subnet ID" of the subnet for the availability zone. Then, click where the Name/Tag for that subnet goes, which should be blank, and paste in the "Subnet ID" as the Name. Then, paste the Subnet ID/Name in the puppet code for the subnet.

vrowley gravatar imagevrowley ( 2017-03-13 20:49:14 -0500 )edit
0

answered 2016-03-08 08:59:23 -0500

Have you tried using the security group ID (sg-6b1bb013) instead of the name? I seem to recall that you cannot use SG names in nondefault VPCs.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-03-04 13:30:38 -0500

Seen: 277 times

Last updated: Mar 08 '16