Cloud Block Store: CloudFormation Deployment Errors
This article details Cloud Formation deployment errors that we discovered during testing.
Availability / Capacity
| Issue | Error | Resolution |
|---|---|---|
| Unable to allocate all 7 required i3.2xlarge VD instances |
AWS::AutoScaling::AutoScalingGroup VDGroup0 Group did not stabilize. {current/minSize/maxSize} group size = {6/7/7}. Failed Scaling Activity: We currently do not have sufficient i3.2xlarge capacity in the Availability Zone you requested (us-west-2d). Our system will be working on provisioning additional capacity. You can currently get i3.2xlarge capacity by not specifying an Availability Zone in your request or choosing us-west-2a, us-west-2b, us-west-2c. Launching EC2 instance failed. |
Deploy into a different AZ by selecting subnet or creating a new subnet that resides in different AZ |
| c5n.9xlarge unavailable in deployment AZ | CREATE_FAILED AWS::EC2::Instance PurityInstanceCT0 Your requested instance type (c5n.9xlarge) is not supported in your requested Availability Zone (us-west-2d). Please retry your request by not specifying an Availability Zone or choosing us-west-2a, us-west-2b, us-west-2c. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: 673a83d5-37ac-4992-a01c-ecdd6b0fc0cd) | Deploy into a different AZ by selecting subnet or creating a new subnet that resides in a different AZ. |
| Unable to Deploy CBS - Array Bucket Cannot Create | The following resource(s) failed to create: [ArrayBucket]. API: s3:SetBucketMetricsConfiguration Access Denied |
With Purity 6.3.x new permissions were added to the IAM Role. Please verify you have the latest role policy. Link to IAM Role and Permissions. |
System Subnet / ENI Subnet AZ Mismatch
| Issue | Error | Resolution |
|---|---|---|
| System subnet in us-west-2c but iSCSI interface in us-west-2b. | Value (us-west-2c) for parameter availabilityZone is invalid. Network interface 'eni-077c3a51a42fd2e0a' is in the availability zone us-west-2b (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 45508662-1fa0-4f69-bee4-0990fb88ee13) | The system subnet and subnet specified for iSCSI, replication, mgmt ENIs must be in the same AZ. |
Subnet / Security Group VPC Mismatch
| Issue | Error | Resolution |
|---|---|---|
| Security group in different VPC than subnet for ENI (in this case replication) | You have specified two resources that belong to different networks. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGroup.NotFound; Request ID: 369efd65-574f-4d72-b891-054fe5ca1833) | Make sure security groups and subnet specified for ENI are in the same VPC |
| The required ports for replication, security, management not allowed in security group specified as parameters during deployment. | Faild to create resource. See the details in CloudWatch Log Stream: 2019/08/08/[$LATEST]33788b0f070b4b1891f3c0487ce1493 |
Security group specified as parameter needs to allow:
|
Failed Activation
| Issue | Error | Resolution |
|---|---|---|
| License Key Invalid | WaitCondition received failed message: 'License Key Activation Failed' for uniqueId |
A valid license is required for deployment. Please refer to Understanding CBS Licensing. |
| License Activation Wait |
WaitCondation timed out. Received 0 conditions when expecting 1
|
Add your AWS account number to the Allowlist on Pure1 Subscription. Please refer to Retrieve CBS License from Pure1. |
SubnetCheckupCall stuck on create_in_progress
- If subnetcheckupCall hangs, this is an indication the array cannot reach Pure1. This lambda function performs a telnet over port 443 to Pure1.
PhoneHomeAddresses:
Value:
- 'rest.cloud-support.purestorage.com'
- 'ra.cloud-support.purestorage.com'
PhonehomeCidrIp:
Value: '52.40.255.224/27'
- Check the Events for any details like the following in CloudWatch:
| SubnetCheckupCall | 2019/07/23/[$LATEST]baa52aafce9147a3a1ae837b9b4d221a |
- Confirm there is a valid route to the internet from deployment (system subnet).