Discussion:
[salt-users] Provisioning ec2 instances using salt-cloud
Jatin Rai
2016-05-12 17:14:26 UTC
Permalink
I am trying to launch a new EC2 instance using salt-cloud.

cloud.profiles:
------------------

base_ec2_private:
provider: my_ec2_ap_southeast_2_private_ips
image: ami-e7138ddd
size: t2.micro

cloud.providers:
----------------------

my_ec2_ap_southeast_2_private_ips:
minion:
master: master.sapient.com
ssh_interface: private_ips
id: <aws_id>
key: '<aws_key>'
keyname: my_salt_cloud_key
private_key: /etc/salt/my_salt_cloud_key
location: ap-southeast-2
availability_zone: ap-southeast-2a
securitygroup: MySecurityGroupSaltCloudInstances
size: t2.micro
del_root_vol_on_destroy: True
ssh_gateway_port: 22
ssh_username: root
rename_on_destroy: True
provider: ec2


When I am executing below mentioned command I am getting an error and did
not find any resolution on google as well:

salt-cloud -p base_ec2_micro firstminion

Error log:
------------
*/usr/lib/python2.7/site-packages/salt/config.py:2346: DeprecationWarning:
The term 'provider' is being deprecated in favor of 'driver'. Support for
'provider' will be removed in Salt Nitrogen. Please convert your cloud
provider configuration files to use 'driver'.*
*[INFO ] salt-cloud starting*
*[INFO ] Creating Cloud VM firstminion in ap-southeast-2*
*[INFO ] Attempting to look up root device name for image id
ami-e7138ddd on VM firstminion*
*[INFO ] Found root device name: /dev/sda*
*[ERROR ] AWS Response Status Code and Error: [400 400 Client Error: Bad
Request] {'Errors': {'Error': {'Message': 'Value () for parameter groupId
is invalid. The value cannot be empty', 'Code': 'InvalidParameterValue'}},
'RequestID': '7f3b1d44-e797-42b7-8b4a-5ee2efe0c582'}*
*[ERROR ] Error requesting instance: Errors*
*Error: There was a profile error: Failed to deploy VM*


I have created security group using below specified command:

$ aws ec2 create-security-group \
--group-name MySecurityGroupSaltCloudInstances \
--description "The Security Group applied to all salt-cloud instances"
$ aws ec2 authorize-security-group-ingress \
--group-name MySecurityGroupSaltCloudInstances \
--source-group MySecurityGroupSaltCloud \
--protocol tcp --port 22

I also tried specifying the SecurityGroupId in providers file but still
getting the same error. Help will be appreciated.

Thanks
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Martin Höfling
2016-05-12 19:01:50 UTC
Permalink
On 12.05.16 19:14, Jatin Rai wrote:

Have you tried using the security group ID instead of the name?

My corresponding section looks like this:

...

network_interfaces:
- DeviceIndex: 0
SubnetId: subnet-abcdefff
SecurityGroupId:
- sg-abcdefff
- sg-abcdeeee
associate_eip: eipalloc-abcdefff

...

Best wishes

Martin
Post by Jatin Rai
I am trying to launch a new EC2 instance using salt-cloud.
------------------
provider: my_ec2_ap_southeast_2_private_ips
image: ami-e7138ddd
size: t2.micro
----------------------
master: master.sapient.com
ssh_interface: private_ips
id: <aws_id>
key: '<aws_key>'
keyname: my_salt_cloud_key
private_key: /etc/salt/my_salt_cloud_key
location: ap-southeast-2
availability_zone: ap-southeast-2a
securitygroup: MySecurityGroupSaltCloudInstances
size: t2.micro
del_root_vol_on_destroy: True
ssh_gateway_port: 22
ssh_username: root
rename_on_destroy: True
provider: ec2
When I am executing below mentioned command I am getting an error and
salt-cloud -p base_ec2_micro firstminion
------------
DeprecationWarning: The term 'provider' is being deprecated in favor
of 'driver'. Support for 'provider' will be removed in Salt Nitrogen.
Please convert your cloud provider configuration files to use 'driver'./*
*/[INFO ] salt-cloud starting/*
*/[INFO ] Creating Cloud VM firstminion in ap-southeast-2/*
*/[INFO ] Attempting to look up root device name for image id
ami-e7138ddd on VM firstminion/*
*/[INFO ] Found root device name: /dev/sda/*
*/[ERROR ] AWS Response Status Code and Error: [400 400 Client
Error: Bad Request] {'Errors': {'Error': {'Message': 'Value () for
'7f3b1d44-e797-42b7-8b4a-5ee2efe0c582'}/*
*/[ERROR ] Error requesting instance: Errors/*
*/Error: There was a profile error: Failed to deploy VM/*
$ aws ec2 create-security-group \
--group-name MySecurityGroupSaltCloudInstances \
--description "The Security Group applied to all salt-cloud instances"
$ aws ec2 authorize-security-group-ingress \
--group-name MySecurityGroupSaltCloudInstances \
--source-group MySecurityGroupSaltCloud \
--protocol tcp --port 22
I also tried specifying the SecurityGroupId in providers file but
still getting the same error. Help will be appreciated.
Thanks
--
You received this message because you are subscribed to the Google
Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Suresh Garg
2016-05-12 19:33:03 UTC
Permalink
I did not specified the network interfaces but I tried mentioning securitygroupid in providers instead of name but same error.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Martin Höfling
2016-05-12 21:24:13 UTC
Permalink
Post by Suresh Garg
I did not specified the network interfaces but I tried mentioning securitygroupid in providers instead of name but same error.
You should replace "provider: ec2" with "driver: ec2" - just to get rid
of the deprecation warning.

https://docs.saltstack.com/en/latest/topics/cloud/aws.html

Are you launching in ec2 classic? If you're launching in a VPC, you
probably need an interface specifying the subnet ID.

Have you read...

# This one should NOT be specified if VPC was not configured in AWS to be
# the default. It might cause an error message which says that network
# interfaces and an instance-level security groups may not be specified
# on the same request.
#
securitygroup: default

in the documentation and does this apply to your usecase?

Best wishes

Martin
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jatin Rai
2016-05-15 06:54:39 UTC
Permalink
That worked for me. Thanks Martin.
Post by Suresh Garg
Post by Suresh Garg
I did not specified the network interfaces but I tried mentioning
securitygroupid in providers instead of name but same error.
You should replace "provider: ec2" with "driver: ec2" - just to get rid
of the deprecation warning.
https://docs.saltstack.com/en/latest/topics/cloud/aws.html
Are you launching in ec2 classic? If you're launching in a VPC, you
probably need an interface specifying the subnet ID.
Have you read...
# This one should NOT be specified if VPC was not configured in AWS to be
# the default. It might cause an error message which says that network
# interfaces and an instance-level security groups may not be specified
# on the same request.
#
securitygroup: default
in the documentation and does this apply to your usecase?
Best wishes
Martin
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...