nh2
commented
5 years ago Yes, I can confirm this isn't working on nixops release 1.6.1.
Open coretemp opened 6 years ago
nh2
commented
5 years ago Yes, I can confirm this isn't working on nixops release 1.6.1.
nh2
commented
5 years ago Pinging @AmineChikhaoui @rbvermaa
nh2
commented
5 years ago OK, I have an idea what's going on.
In the code, def security_groups_to_ids does:
vpc_id = self._conn_vpc.get_all_subnets([subnetId])[0].vpc_id
groups = map(lambda g: nixops.ec2_utils.name_to_security_group(self._conn, g, vpc_id), groups)here it determines the VPC to use from the first subnet. If you have no explicit subnets set, then it determines it as the default VPC, in which the specified security group VPC may not be found if you've configured the Security Group to be in some other VPC.
NixOps should have a better error message for that, or at least print what VPC it's determining and creating the instance in (e.g. it already prints creating EC2 instance (AMI ‘ami-07c9b884e679df4f8’, type ‘t3.medium’, region ‘eu-central-1’)..., so it shouldn't be too hard to print the VPC there).
I've solved it by using essentially the entire example at https://github.com/NixOS/nixops/blob/28231a177d751e800af3223a8763ea75b0ef9dd9/examples/vpc.nix, setting
deployment.ec2.subnetId = resources.vpcSubnets.subnet-a;Only after that could I see in the AWS console at the Instances page that the VPC for the started VM was not set to default, but the one I had specified.
At the same time, it's undocumented how to declare subnets: NixOS/nixops#1126
Using nixops master trying to use security groups in the following way:
I get:
in
vpc.nixI can see:All I want right now is just to be able to get
sshaccess to work.