ice
ice copied to clipboard
Teevity
Error in describeReservedInstances (v1.1.1)
Every time I start ice v1.1.1 . I get the following:
Error 2017-07-31 00:59:29,669 [com.netflix.ice.processor.ReservationCapacityPoller] ERROR processor.ReservationCapacityPoller - Error in describeReservedInstances for account1
Message: 1 validation error detected: Value '' at 'roleSessionName' failed to satisfy constraint: Member must have length greater than or equal to 2 (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: redacted)
I have roughly 60 reservations on this account, that are applied to instances in multiple other accounts. Those reservations are a mix of AZ specific, and regional. Any ideas on that I may be doing wrong?
Update, just tried it with v1.1.2 that @NitriKx released about 20 minutes ago, and the issue remains:
ice_1 | 2017-08-02 13:27:32,323 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - poller starting... ice_1 | 2017-08-02 13:27:32,327 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - downloading /mnt/ice_processor/reservation_capacity.txt... ice_1 | 2017-08-02 13:27:32,348 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - downloaded /mnt/ice_processor/reservation_capacity.txt ice_1 | 2017-08-02 13:27:32,348 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - read 0 reservations. ice_1 | | Error 2017-08-02 13:27:32,444 [com.netflix.ice.processor.ReservationCapacityPoller] ERROR processor.ReservationCapacityPoller - Error in describeReservedInstances for valhalla ice_1 | Message: 1 validation error detected: Value '' at 'roleSessionName' failed to satisfy constraint: Member must have length greater than or equal to 2 (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: redacted) ice_1 | Line | Method ice_1 | ->> 1588 | handleErrorResponse in com.amazonaws.http.AmazonHttpClient$RequestExecutor ice_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ice_1 | | 1258 | executeOneRequest in '' ice_1 | | 1030 | executeHelper . . . . in '' ice_1 | | 742 | doExecute in '' ice_1 | | 716 | executeWithTimer . . in '' ice_1 | | 699 | execute in '' ice_1 | | 667 | access$500 . . . . . in '' ice_1 | | 649 | execute in com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl ice_1 | | 513 | execute . . . . . . . in com.amazonaws.http.AmazonHttpClient ice_1 | | 1271 | doInvoke in com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient ice_1 | | 1247 | invoke . . . . . . . in '' ice_1 | | 454 | executeAssumeRole in '' ice_1 | | 431 | assumeRole . . . . . in '' ice_1 | | 79 | getAssumedCredentials in com.netflix.ice.common.AwsUtils ice_1 | | 123 | poll . . . . . . . . in com.netflix.ice.processor.ReservationCapacityPoller ice_1 | | 50 | doWork in com.netflix.ice.common.Poller ice_1 | | 28 | access$000 . . . . . in '' ice_1 | | 88 | run in com.netflix.ice.common.Poller$1 ice_1 | ^ 745 | run . . . . . . . . . in java.lang.Thread
Hi,
I don't think it's related with this version or the one before.
Are you using IAM roles to poll RIs on the child accounts (with a trust relationship to the IAM user declared on the main account) ? If so, what's the role name ?
Nicolas
-- Nicolas Fonrose | Teevity | Founder +33.6.61.35.43.31 https://teevity.com - Cloud Costs Analytics built on NetflixOSS twitter - @nfonrose / @teevity
On Wed, Aug 2, 2017 at 3:29 PM, Jeff Palmer [email protected] wrote:
Update, just tried it with v1.1.2 that @NitriKx https://github.com/nitrikx released about 20 minutes ago, and the issue remains:
ice_1 | 2017-08-02 13:27:32,323 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - poller starting... ice_1 | 2017-08-02 13:27:32,327 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - downloading /mnt/ice_processor/ reservation_capacity.txt... ice_1 | 2017-08-02 13:27:32,348 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - downloaded /mnt/ice_processor/ reservation_capacity.txt ice_1 | 2017-08-02 13:27:32,348 [com.netflix.ice.processor.ReservationCapacityPoller] INFO processor.ReservationCapacityPoller - read 0 reservations. ice_1 | | Error 2017-08-02 13:27:32,444 [com.netflix.ice.processor.ReservationCapacityPoller] ERROR processor.ReservationCapacityPoller - Error in describeReservedInstances for valhalla ice_1 | Message: 1 validation error detected: Value '' at 'roleSessionName' failed to satisfy constraint: Member must have length greater than or equal to 2 (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: redacted) ice_1 | Line | Method ice_1 | ->> 1588 | handleErrorResponse in com.amazonaws.http. AmazonHttpClient$RequestExecutor ice_1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ice_1 | | 1258 | executeOneRequest in '' ice_1 | | 1030 | executeHelper . . . . in '' ice_1 | | 742 | doExecute in '' ice_1 | | 716 | executeWithTimer . . in '' ice_1 | | 699 | execute in '' ice_1 | | 667 | access$500 . . . . . in '' ice_1 | | 649 | execute in com.amazonaws.http.AmazonHttpClient$ RequestExecutionBuilderImpl ice_1 | | 513 | execute . . . . . . . in com.amazonaws.http. AmazonHttpClient ice_1 | | 1271 | doInvoke in com.amazonaws.services.securitytoken. AWSSecurityTokenServiceClient ice_1 | | 1247 | invoke . . . . . . . in '' ice_1 | | 454 | executeAssumeRole in '' ice_1 | | 431 | assumeRole . . . . . in '' ice_1 | | 79 | getAssumedCredentials in com.netflix.ice.common.AwsUtils ice_1 | | 123 | poll . . . . . . . . in com.netflix.ice.processor. ReservationCapacityPoller ice_1 | | 50 | doWork in com.netflix.ice.common.Poller ice_1 | | 28 | access$000 . . . . . in '' ice_1 | | 88 | run in com.netflix.ice.common.Poller$1 ice_1 | ^ 745 | run . . . . . . . . . in java.lang.Thread
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Teevity/ice/issues/258#issuecomment-319672130, or mute the thread https://github.com/notifications/unsubscribe-auth/AACUpcG3T8xWmQrUeCxYqzm9w-7IRNajks5sUHmxgaJpZM4OnzXm .
The child accounts don't have RI's (all of the billing "things" are centralized into one account) . so if I am polling child accounts, it's a configuration error somewhere.
I agree this is a configuration error (not a code error). It must come from the IAM Role related properties.
Nicolas
-- Nicolas Fonrose | Teevity | Founder +33.6.61.35.43.31 https://teevity.com - Cloud Costs Analytics built on NetflixOSS twitter - @nfonrose / @teevity
On Wed, Aug 2, 2017 at 4:00 PM, Jeff Palmer [email protected] wrote:
The child accounts don't have RI's (all of the billing "things" are centralized into one account) . so if I am polling child accounts, it's a configuration error somewhere.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Teevity/ice/issues/258#issuecomment-319681109, or mute the thread https://github.com/notifications/unsubscribe-auth/AACUpf4PZsuSrjcK_Mi69Wt1mC7M6Vbjks5sUIEWgaJpZM4OnzXm .
@nfonrose thank you for the help.
in ice.properties, what are the config settings to tell ice "check the payer account only, not children accounts" The IAM policy itself is directly attached to an ice user, and is a cut/paste of the policy in the README.md, aside from the obvious changes (bucket and workbucket arns)
Since I haven't mentioned it yet, Ice itself seems to be working fine. it processes data in the billing bucket, writes files to the work bucket, the web interface shows up and populates with my data. the only issue I seem to be having it around reservations.