You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whirr.apache.org by "Evan Pollan (Created) (JIRA)" <ji...@apache.org> on 2012/01/19 05:48:40 UTC
[jira] [Created] (WHIRR-482) destroy-cluster in EC2 terminates any
instance belonging to the cluster's security group, even if it's not a
member of the cluster
destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
----------------------------------------------------------------------------------------------------------------------------------
Key: WHIRR-482
URL: https://issues.apache.org/jira/browse/WHIRR-482
Project: Whirr
Issue Type: Bug
Affects Versions: 0.6.0
Reporter: Evan Pollan
I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WHIRR-482) destroy-cluster in EC2 terminates
any instance belonging to the cluster's security group, even if it's not a
member of the cluster
Posted by "Evan Pollan (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WHIRR-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189151#comment-13189151 ]
Evan Pollan commented on WHIRR-482:
-----------------------------------
Andrei,
I have an application that spins up an cluster with a well-defined name. During some testing, several instances of that application were deployed to different servers, each creating their own clusters using the same set of EC2 credentials. I can understand the motivation behind ensuring that bootstrap-failure orphans are cleaned up, but it would seem safer to combine the cluster name with some type of unique token generated by whirr when hunting down orphans.
Evan
> destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WHIRR-482
> URL: https://issues.apache.org/jira/browse/WHIRR-482
> Project: Whirr
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Evan Pollan
>
> I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
> Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WHIRR-482) destroy-cluster in EC2 terminates
any instance belonging to the cluster's security group, even if it's not a
member of the cluster
Posted by "Andrei Savu (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WHIRR-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189050#comment-13189050 ]
Andrei Savu commented on WHIRR-482:
-----------------------------------
We are planning to improve things a bit in WHIRR-336.
> destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WHIRR-482
> URL: https://issues.apache.org/jira/browse/WHIRR-482
> Project: Whirr
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Evan Pollan
>
> I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
> Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WHIRR-482) destroy-cluster in EC2 terminates
any instance belonging to the cluster's security group, even if it's not a
member of the cluster
Posted by "Evan Pollan (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WHIRR-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189158#comment-13189158 ]
Evan Pollan commented on WHIRR-482:
-----------------------------------
I do -- when running whirr from the same machine (the steady-state production case). In this case, we were running multiple instances of whirr on multiple machines. The cluster name is baked into the default product config. Normally, this name is tweaked if an additional whirr "controller" machine is built and deployed for some test case, however this step was skipped in this particular case.
Since the cluster name is baked into the cluster properties file, we elected to leave a recognizable name latent in that file as it ships with the application. This helps with EC2 instance recognition (since it appears there's no way to effect an instance name assignment via whirr), and has the added benefit of having the cluster reuse the named security group (in case the security group has had out-of-band firewall rules modified on it).
I could easily modify my application to tack on some type of unique(ish) token to the end of the cluster name to prevent this from happening, but it still seems like relatively dangerous default behavior for whirr.
> destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WHIRR-482
> URL: https://issues.apache.org/jira/browse/WHIRR-482
> Project: Whirr
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Evan Pollan
>
> I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
> Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WHIRR-482) destroy-cluster in EC2 terminates
any instance belonging to the cluster's security group, even if it's not a
member of the cluster
Posted by "Andrei Savu (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WHIRR-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189049#comment-13189049 ]
Andrei Savu commented on WHIRR-482:
-----------------------------------
The cluster-name should be an unique identifier and what you are seeing is the expected behaviour for the current implementation. We are destroying all the VMs in the group because the instances may be missing sometimes (when the bootstrap fails). BTW why are you running multiple clusters with the same name?
> destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WHIRR-482
> URL: https://issues.apache.org/jira/browse/WHIRR-482
> Project: Whirr
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Evan Pollan
>
> I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
> Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (WHIRR-482) destroy-cluster in EC2 terminates
any instance belonging to the cluster's security group, even if it's not a
member of the cluster
Posted by "Andrei Savu (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WHIRR-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189152#comment-13189152 ]
Andrei Savu commented on WHIRR-482:
-----------------------------------
How about having some sort of locking mechanism that prevents Whirr from starting multiple clusters with the same name? Would that solve the problem for you?
> destroy-cluster in EC2 terminates any instance belonging to the cluster's security group, even if it's not a member of the cluster
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WHIRR-482
> URL: https://issues.apache.org/jira/browse/WHIRR-482
> Project: Whirr
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Evan Pollan
>
> I had three different whirr-created clusters running in EC2, 2 of which shared the same cluster name (and, thus, the same security group). They were all created from different machines -- i.e. the ~/.whirr/<cluster>/instances files were all on different instances. I invoked destroy-cluster from one of the "initiating" machines that had created one of the two identically named clusters, and the destruction process terminated all of the instances in the cluster "owned" by the machine running the destroy-cluster command, as well as all of the instances of the other cluster sharing that name.
> Since whirr writes an inventory of all the instances it creates to ~/.whirr/<cluster>/instances, shouldn't it use that manifest to drive it's instance termination behavior?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira