Channels
#general
Title
b
busy-dusk-74339
01/17/2020, 10:40 PMpulumi is convinced that it needs to add 2 security groups to my ec2 instance, but when i view the instance in the console, both of the SGs it wants to add are already there
Copy code
(plos-pulumi) 01-17|13:51:04|thatguy:~/repos/plos/plos-pulumi/apps/talend_poc > pulumi preview --diff
Previewing update (PLOS/dev): pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:Stack::talend_poc-dev]
> pulumi:pulumi:StackReference: (read)
[id=PLOS/iam/dev]
[urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:StackReference::PLOS/iam/dev]
name: "PLOS/iam/dev" ~ aws:iam/policyAttachment:PolicyAttachment: (update)
[id=talend_poc_xml_policy_attachment-cc1c659]
[urn=urn:pulumi:dev::talend_poc::aws:iam/policyAttachment:PolicyAttachment::talend_poc_xml_policy_attachment]
[provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
- roles: [
- [0]: "talend_poc_role"
]
--outputs:--
+ talend-output-bucket-name : "talend-output-59615b1"
+-aws:ec2/instance:Instance: (replace)
[id=i-0b024d1ad4cb75dba]
[urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
[provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
~ securityGroups: [
+ [0]: "sg-078d2ef15a737ac03"
+ [1]: "sg-095e0af0371379410"
]
Resources:
~ 1 to update
+-1 to replace
2 changes. 15 unchangedg
gentle-diamond-70147
01/17/2020, 11:01 PMIf you run a
pulumi refreshb
busy-dusk-74339
01/17/2020, 11:03 PMi think that’s what this means?
Copy code
├─ aws:ec2:SecurityGroup talend_poc_sg [diff: +tags~egress,ingress]so i proceeded with the refresh
which completed successfully
but it still thinks there are missing sgs.
g
gentle-diamond-70147
01/17/2020, 11:08 PMso the refresh didn't show any
securityGroupsb
busy-dusk-74339
01/17/2020, 11:09 PMjust the output i pasted above, the
~egress,ingressnothing on the ec2 instance
g
gentle-diamond-70147
01/17/2020, 11:12 PMSo... this won't explain the issue, but
securityGroupsvpcSecurityGroupIdsb
busy-dusk-74339
01/17/2020, 11:12 PMah good to know
maybe this is an obscure edge case then
g
gentle-diamond-70147
01/17/2020, 11:17 PMMaybe. I opened https://github.com/pulumi/pulumi-aws/issues/852 to deprecate that argument.
b
busy-dusk-74339
01/17/2020, 11:18 PMwell do you feel that there’s more we should do to try to diagnose the root cause, here? or should i just leave the SGs commented out on my instance for now and move on? this is just a temporary instance for a proof of concept so it’s nothing mission critical.
g
gentle-diamond-70147
01/17/2020, 11:20 PMOh, I do have an idea to try... can you reverse the order of the security groups as you've defined them on your instance? I wonder if it's an ordering issue.
So if you have:
Copy code
securityGroups: [
sg1.id,
sg2.id,
] Copy code
securityGroups: [
sg2.id,
sg1.id,
]b
busy-dusk-74339
01/17/2020, 11:25 PMok this is weird
now i’m having the same issue i did yesterday
where suddenly my session seems to have expired and i can’t log in
back to http/500 from https://app.pulumi.com/github-callback/?code=29…
it was around this time of day too, as i recall
g
gentle-diamond-70147
01/17/2020, 11:29 PMHmm, maybe a token or cookie expiring after 24 hours.
b
busy-dusk-74339
01/17/2020, 11:38 PMperhaps, it’s certainly a problem i hope not to have every day
g
gentle-diamond-70147
01/17/2020, 11:39 PMI see some errors in our logs, chatting with one of our engineers.
👍 1
I’ll dm you.
👍 1