Cloud Block Store: CloudFormation Deployment Errors
Cloud Formation Deployment Configuration Errors
This article details Cloud Formation deployment errors that we discovered during testing.
Availability / Capacity
Issue | Error | Resolution |
---|---|---|
Unable to allocate all 7 required i3.2xlarge VD instances |
AWS::AutoScaling::AutoScalingGroup VDGroup0 Group did not stabilize. {current/minSize/maxSize} group size = {6/7/7}. Failed Scaling Activity: We currently do not have sufficient i3.2xlarge capacity in the Availability Zone you requested (us-west-2d). Our system will be working on provisioning additional capacity. You can currently get i3.2xlarge capacity by not specifying an Availability Zone in your request or choosing us-west-2a, us-west-2b, us-west-2c. Launching EC2 instance failed. |
Deploy into a different AZ by selecting subnet or creating a new subnet that resides in different AZ |
c5n.9xlarge unavailable in deployment AZ | CREATE_FAILED AWS::EC2::Instance PurityInstanceCT0 Your requested instance type (c5n.9xlarge) is not supported in your requested Availability Zone (us-west-2d). Please retry your request by not specifying an Availability Zone or choosing us-west-2a, us-west-2b, us-west-2c. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: 673a83d5-37ac-4992-a01c-ecdd6b0fc0cd) | Deploy into a different AZ by selecting subnet or creating a new subnet that resides in a different AZ. |
Unable to Deploy CBS - Array Bucket Cannot Create | The following resource(s) failed to create: [ArrayBucket]. API: s3:SetBucketMetricsConfiguration Access Denied |
With Purity 6.3.x new permissions were added to the IAM Role. Please verify you have the latest role policy. |
System Subnet / ENI Subnet AZ Mismatch
Issue | Error | Resolution |
---|---|---|
System subnet in us-west-2c but iSCSI interface in us-west-2b. | Value (us-west-2c) for parameter availabilityZone is invalid. Network interface 'eni-077c3a51a42fd2e0a' is in the availability zone us-west-2b (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 45508662-1fa0-4f69-bee4-0990fb88ee13) | The system subnet and subnet specified for iSCSI, replication, mgmt ENIs must be in the same AZ. |
Subnet / Security Group VPC Mismatch
Issue | Error | Resolution |
---|---|---|
Security group in different VPC than subnet for ENI (in this case replication) | You have specified two resources that belong to different networks. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGroup.NotFound; Request ID: 369efd65-574f-4d72-b891-054fe5ca1833) | Make sure security groups and subnet specified for ENI are in the same VPC |
The required ports for replication, security, management not allowed in security group specified as parameters during deployment. | Faild to create resource. See the details in CloudWatch Log Stream: 2019/08/08/[$LATEST]33788b0f070b4b1891f3c0487ce1493 |
Security group specified as parameter needs to allow: inbound tcp port 8117 for replication, inbound tcp port 3260 for iSCSI, inbound tcp port 22, 80, 443, 8084 for management. |
Failed Activation
Issue | Error | Resolution |
---|---|---|
License Key Invalid | WaitCondition received failed message: 'License Key Activation Failed' for uniqueId | A valid license is require for deployment. |
CloudWatch logs
SubnetCheckupCall stuck on create_in_progress
- If subnetcheckupCall hangs, this is an indication the array cannot reach Pure1. This lambda function performs a telnet over port 443 to Pure1.
PhoneHomeAddresses: Value: - 'rest.cloud-support.purestorage.com' - 'ra.cloud-support.purestorage.com' PhonehomeCidrIp: Value: '52.40.255.224/27'
- Check the Events for any details like the following in CloudWatch:
SubnetCheckupCall | 2019/07/23/[$LATEST]baa52aafce9147a3a1ae837b9b4d221a |
- Confirm there is a valid route to the internet from deployment (system subnet).
AZ selection explanation
The system subnet parameter on CF stack deployment, determines the Availability Zone (AZ) where the CBS stack is created. CBS internal resources including virtual drives and controllers are deployed into the system subnet.
When the system subnet was created as a prerequisite to CBS stack creation, it was linked to a single AZ in the deployment region.
The VPCInfo lambda function shown below, which is part of the CBS CF template, provides the AZ and VPC ID when querying a lambda endpoint for response data with the system subnet ID. This AZ information is then used elsewhere in the template when allocating additional resources.