Last active
January 16, 2019 04:34
-
-
Save kalbasit/e58e9255061c19d9828fe86ab9200ed6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
resources.ec2SecurityGroups.ssh-in = { | |
inherit accessKeyId region; | |
description = "Allow incoming SSH connection from anywhere"; | |
rules = [ | |
{ fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "0.0.0.0/0"; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
resources.ec2SecurityGroups.http-in = { | |
inherit accessKeyId region; | |
description = "Allow incoming HTTP connection from anywhere"; | |
rules = [ | |
{ fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "0.0.0.0/0"; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
resources.ec2SecurityGroups.backend-http-in = { | |
inherit accessKeyId region; | |
description = "Allow backend HTTP connection from HTTP servers"; | |
rules = [ | |
{ fromPort = 8080; toPort = 8080; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = "http-in"; }; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
resources.ec2SecurityGroups.redis-in = { | |
inherit accessKeyId region; | |
description = "Allow incoming Redis connection from backend HTTP hosts"; | |
rules = [ | |
{ fromPort = 6379; toPort = 6379; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = "backend-http-in"; }; } | |
# TODO(low): https://github.com/NixOS/nixops/issues/683 | |
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; } | |
]; | |
}; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
redis-in.......> adding new rules to EC2 security group ‘charon-af097863-1939-11e9-b54d-0242b81b2755-redis-in’... | |
Traceback (most recent call last): | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/bin/..nixops-wrapped-wrapped", line 985, in <module> | |
args.op() | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/bin/..nixops-wrapped-wrapped", line 407, in op_deploy | |
max_concurrent_activate=args.max_concurrent_activate) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/deployment.py", line 1051, in deploy | |
self.run_with_notify('deploy', lambda: self._deploy(**kwargs)) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/deployment.py", line 1040, in run_with_notify | |
f() | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/deployment.py", line 1051, in <lambda> | |
self.run_with_notify('deploy', lambda: self._deploy(**kwargs)) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/deployment.py", line 984, in _deploy | |
nixops.parallel.run_tasks(nr_workers=-1, tasks=self.active_resources.itervalues(), worker_fun=worker) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/parallel.py", line 44, in thread_fun | |
result_queue.put((worker_fun(t), None, t.name)) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/deployment.py", line 957, in worker | |
r.create(self.definitions[r.name], check=check, allow_reboot=allow_reboot, allow_recreate=allow_recreate) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/resources/ec2_security_group.py", line 198, in create | |
retry_notfound(lambda: grp.authorize(ip_protocol=rule[0], from_port=rule[1], to_port=rule[2], src_group=src_group)) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/resources/ec2_security_group.py", line 101, in retry_notfound | |
nixops.ec2_utils.retry(f, error_codes=['InvalidGroup.NotFound']) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/ec2_utils.py", line 132, in retry | |
handle_exception(e) | |
File "/nix/store/7b9karb5lal6ik7vakvbm56jlz3m3xwl-nixops-1.6/lib/python2.7/site-packages/nixops/ec2_utils.py", line 112, in handle_exception | |
raise e | |
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request | |
<?xml version="1.0" encoding="UTF-8"?> | |
<Response><Errors><Error><Code>MissingParameter</Code><Message>Source group ID missing.</Message></Error></Errors><RequestID>4f7f3041-a95f-437f-b0cb-49be02268d85</RequestID></Response> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment