Project

General

Profile

Bug #6535

EC2 Security Groups - empty box

Added by Dominic Cleal over 4 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Category:
Compute resources - EC2
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1101998
This is only a issue tracker. I think, this is really important to solve before release.

Description of problem:
I did not find way, how can I get security groups from Amazon EC2. I have got the box for choosing, but the box is empty. I have got tow security groups in EC2.

Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140521.0

(10:51:01) mkorbel: Dominic: I have next one question, how can I add a security groups into foreman.
(10:54:55) mkorbel: Dominic: When I try create new virtual machine in EC2, I see empty box of security groups.
(10:55:52) Dominic: mkorbel: it should "just work".. I think there's a VPC dropdown too, so if you're using those you might have to select that first for them to update, otherwise I don't know

Screenshot from 2014-08-02 12_37_24.png View Screenshot from 2014-08-02 12_37_24.png 60.1 KB Joshua Hoblitt, 08/02/2014 03:44 PM
Screenshot from 2014-08-02 12_38_29.png View Screenshot from 2014-08-02 12_38_29.png 87.1 KB Joshua Hoblitt, 08/02/2014 03:44 PM
Screenshot from 2014-08-02 12_38_49.png View Screenshot from 2014-08-02 12_38_49.png 84.6 KB Joshua Hoblitt, 08/02/2014 03:44 PM
security_groups_vpc.png View security_groups_vpc.png 19.6 KB My VPC security groups are shown Shlomi Zadok, 09/07/2014 03:24 AM
security_groups_on_amazon.png View security_groups_on_amazon.png 39.6 KB All of my security groups on Amazon Shlomi Zadok, 09/07/2014 03:26 AM
Screenshot%20from%202014 08 02%2012 37 24 Screenshot%20from%202014 08 02%2012 38 29 Screenshot%20from%202014 08 02%2012 38 49 Security groups vpc Security groups on amazon

Related issues

Related to Foreman - Bug #4235: EC2 compute profile loses Security Group setting.New2014-02-03
Related to Foreman - Bug #12837: Security Groups not populated after selecting Subnet in New Host > Virtual MachineDuplicate2015-12-15

Associated revisions

Revision 062f653f (diff)
Added by Stefan Goethals about 3 years ago

fixes #6535 - EC2 Security Groups show empty box

Revision 7bd59f28 (diff)
Added by Stefan Goethals about 3 years ago

fixes #6535 - EC2 Security Groups show empty box

(cherry picked from commit 062f653f53519a4704c31c297da2fca050e1234d)

History

#1 Updated by Dominic Cleal over 4 years ago

  • Category set to Compute resources
  • Assignee deleted (Dominic Cleal)

This may be related to IAM.

#2 Updated by Joshua Hoblitt over 4 years ago

I believe I've encountered this issue, or something similar, in 1.5.2. The "EC2" subnet is empty but two magic subnet's have appeared with security groups in them. However, all attemps at provisioning fail with a a sparse error message.

Successfully decrypted field for Foreman::Model::EC2 ec2-us-west-1
Rolling back due to a problem: [Set up compute instance ec2test.sdm.noao.edu     2     failed    ...

I've ruled out an IAM credientals problem both by changing the privs to administrator and foreman is able to stop/destroy instances that I manual create via the ec2 console.

#3 Updated by Joshua Hoblitt over 4 years ago

  • Related to Bug #4235: EC2 compute profile loses Security Group setting. added

#4 Updated by Joshua Hoblitt over 4 years ago

I tried deleting and recreating the compute resource. There's now a 3rd magical 172.31.x subnet and it's only listing the default security group but not the other 2 that are visible from the AWS console. Instance creation still fails at the first step.

#5 Updated by Dominic Cleal over 4 years ago

  • Category changed from Compute resources to Compute resources - EC2
  • Target version set to 1.7.5

#6 Updated by Dmitri Dolguikh over 4 years ago

  • Target version changed from 1.7.5 to 1.7.4

#7 Updated by Shlomi Zadok over 4 years ago

  • Assignee set to Shlomi Zadok

#8 Updated by Shlomi Zadok over 4 years ago

It seems you have to create VPC specific security groups for this to show security groups under a subnet (of the VPC).
As you may see from my screen shots, on my AWS account I have 5 security groups. 3 are EC2-classic and 2 are EC2-VPC.
When I create a new host on Foreman, and choose a subnet, it will show only the security groups that belong to the subnet.
If I have none, it will display none.
Can you please verify?

#9 Updated by Shlomi Zadok over 4 years ago

  • Status changed from New to Feedback

#10 Updated by Dmitri Dolguikh over 4 years ago

  • Target version changed from 1.7.4 to 1.7.3

#11 Updated by Dominic Cleal over 4 years ago

  • Status changed from Feedback to New
  • Assignee deleted (Shlomi Zadok)

I'm setting this back, as I don't believe Shlomi's successful attempt negates the fact this isn't working for two people.

#12 Updated by Dominic Cleal over 4 years ago

  • Target version changed from 1.7.3 to 1.7.2

#13 Updated by Ohad Levy over 4 years ago

  • Target version deleted (1.7.2)

#14 Updated by Tom Caspy about 4 years ago

I just tested this on latest foreman develop, and it seems that the security groups are properly shown... are there specific conditions under which this can be replicated?

edit:
Tested this under two conditions:
1. IAM account (in the RedHat EC2 account)
- normal security groups (no VPC) - properly shown
- VPC security groups - properly shown
2. Master account (my personal one)
- normal security groups (no VPC) - properly shown
- VPC security groups - properly shown

This may be caused by the compute resource being under a different region, where the security groups and VPCs are not defined, i.e. using us-east-1 (N. Virginia) but having the EC2 compute resource go to us-west-2 (Oregon) - in which case, a "default" security group should still be shown IMHO.

#15 Updated by Tommy McNeely about 4 years ago

I was just able to reproduce this issue.

1. Create a "New Image" under the compute resource. Select a specific subnet, AZ, security groups...
2. Save
3. Edit that image.
4. NOTE: the security groups boxes are blank.

WORKAROUND: If you change the "subnet" to something else, then back to the desired subnet, it will repopulate the security groups. Then you can re-select the one you originally intended.

THOUGHTS: Dom said it was loading with JS, so perhaps we just need to trigger some sort of "initial" load of the data??

~tommy

#16 Updated by Tommy McNeely about 4 years ago

Sorry, I meant to say, this also happens on the "New Host" screen in the "Network" tab...

Same workaround, change the "subnet" to something else, then back, then the groups will load and you can select the SG you want.

#17 Updated by Stefan Goethals about 3 years ago

The JQuery selector in https://github.com/theforeman/foreman/blob/develop/app/assets/javascripts/compute_resource.js#L195 returns 2 elements.
The following functions don't take that into account and thus the security_groups and subnets variables are never populated.

Changing https://github.com/theforeman/foreman/blob/develop/app/assets/javascripts/compute_resource.js#L196
From
sg_select = $('.security_group_ids')
To
sg_select = $('select.security_group_ids')

seems to resolve the issue.

#18 Updated by Jordan Snodgrass about 3 years ago

  • Related to Bug #12837: Security Groups not populated after selecting Subnet in New Host > Virtual Machine added

#19 Updated by Jordan Snodgrass about 3 years ago

Stefan Goethals wrote:

Changing https://github.com/theforeman/foreman/blob/develop/app/assets/javascripts/compute_resource.js#L196
From
sg_select = $('.security_group_ids')
To
sg_select = $('select.security_group_ids')

I've verified that this also fixes my issue #12837 (and probably many other security-group related issues). Will you be submitting a pull request to get this included in the next release?

#20 Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3097 added

#22 Updated by Anonymous about 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#23 Updated by Dominic Cleal about 3 years ago

  • Assignee set to Stefan Goethals
  • Legacy Backlogs Release (now unused) set to 123

Also available in: Atom PDF