https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# typescript
s
This message was deleted.
b
it then leaves my stack super broken and I have to tear it all down and start again
b
Hi @breezy-butcher-78604 Sorry about this error - what version of Pulumi and what version of pulumi-aws are you using?
b
v2.10.0 of the CLI and v3.2.1 of 
@pulumi/aws
whenever i update the 
vpcSecurityGroupIds
property of an 
aws.ec2.Instance
i seem to get that panic
b
so the issue seems to be suggesting that something else is also changing that is causing a potential replacement of the instance
but I am going to confirm if that's just a rogue error now
b
the only property that showed up in the diff for that resource was 
vpcSecurityGroupIds
when this happened
b
ok, testhing this for you now
b
thats what showed up in the console
if that helps
the rules were all marked to be replaced because they have 
deleteBeforeReplace
enabled, and as you can see I changed the 
sourceSecurityGroupId
let me know if there's any other information i can provide
b
so just to check, did you change the descript of the security group and that's what caused this?
b
no, just the 
sourceSecurityGroupId
of a bunch of 
aws.ec2.SecurityGroupRule
resources
the group itself was unchanged
oh wait, i can see one description has changed in that diff...
b
yeah I think that could be the issue - if the group is going to be replaced and the rules are deleteBeforeCreate then that may be a problem
I have been able to change securityGroupIds no issues here
e.g.
Copy code
Previewing update (dev)

View Live: <https://app.pulumi.com/stack72/vgw-bug/dev/previews/c4721176-75ed-4450-acef-669f9b6b9b1d>

     Type                      Name              Plan
 +   pulumi:pulumi:Stack       vgw-bug-dev       create
 +   ├─ aws:ec2:SecurityGroup  mysecuritygroup2  create
 +   ├─ aws:ec2:SecurityGroup  mysecuritygroup1  create
 +   └─ aws:ec2:Instance       web-server-www    create

Resources:
    + 4 to create

Do you want to perform this update? yes
Updating (dev)

View Live: <https://app.pulumi.com/stack72/vgw-bug/dev/updates/1>

     Type                      Name              Status
 +   pulumi:pulumi:Stack       vgw-bug-dev       created
 +   ├─ aws:ec2:SecurityGroup  mysecuritygroup1  created
 +   ├─ aws:ec2:SecurityGroup  mysecuritygroup2  created
 +   └─ aws:ec2:Instance       web-server-www    created

Resources:
    + 4 created

Duration: 50s


~/code/vgw-demo
▶ pulumi up
Previewing update (dev)

View Live: <https://app.pulumi.com/stack72/vgw-bug/dev/previews/2c789837-25c2-4d0b-b4bd-0fa375109511>

     Type                 Name            Plan       Info
     pulumi:pulumi:Stack  vgw-bug-dev
 ~   └─ aws:ec2:Instance  web-server-www  update     [diff: ~vpcSecurityGroupIds]

Resources:
    ~ 1 to update
    3 unchanged

Do you want to perform this update? yes
Updating (dev)

View Live: <https://app.pulumi.com/stack72/vgw-bug/dev/updates/2>

     Type                 Name            Status      Info
     pulumi:pulumi:Stack  vgw-bug-dev
 ~   └─ aws:ec2:Instance  web-server-www  updated     [diff: ~vpcSecurityGroupIds]

Resources:
    ~ 1 updated
    3 unchanged

Duration: 12s
b
so you think this might have been caused by the security group needing to be replaced (due to the changed description) and some kind of w eird interaction between it and it's rules (which have 
deleteBeforeReplace
enabled?
b
I think that could well be the issue here
changing securityGroupIds of an instance works nps at atll
trying to create it now
b
ok just had the problem happen again but under different circumstances. this time no groups were being modified, i just swapped out one security group ID for another.
something else I just thought of that might be related, i have specified an 
ebsBlockDevice
on the EC2 instances like so:
Copy code
ebsBlockDevices: [{
            deviceName: "/dev/sda1",
            volumeSize: 50,
            deleteOnTermination: true
        }],
I've been working on this template for a couple days now and a few days I noticed that every 
pulumi up
the EC2 instances were being marked for replacement, even if the template hadn't changed. Examining the diff I noticed that the 
volumeSize
property was always the culprit. it always showed that it was adding that property (as it didn't exist on Pulumi's internal state). I didn't have time to troubleshoot it at the time so I just added 
ignoreChanges: [ "ebsBlockDevices" ]
to the resources and moved on. is it possible that the initial diff only shows an update due to the security group IDs, but another part of the code isn't respecting the 
ignoreChanges
option and flagging the instance for replacement which causes the panic?
hey @broad-dog-22463 did you get any further on this one? is there more information I can provide to assist? should I create an issue on github to track this?
it's not blocking me at the moment so don't need any urgent response etc just wanted to make sure i could help confirm or resolve the bug if possible
10 Views
Open in Slack
PreviousNext
Powered by