Skip to main content
Pure Technical Services

Cloud Block Store: CloudFormation Deployment Errors

Currently viewing public documentation. Please login to access the full scope of documentation.

Cloud Formation Deployment Configuration Errors

This article details Cloud Formation deployment errors that we discovered during testing.

Availability / Capacity
Issue Error Resolution
Unable to allocate all 7 required i3.2xlarge VD instances

AWS::AutoScaling::AutoScalingGroup    VDGroup0    Group did not stabilize. {current/minSize/maxSize} group size = {6/7/7}. Failed Scaling Activity: We currently do not have sufficient i3.2xlarge capacity in the Availability Zone you requested (us-west-2d). Our system will be working on provisioning additional capacity. You can currently get i3.2xlarge capacity by not specifying an Availability Zone in your request or choosing us-west-2a, us-west-2b, us-west-2c. Launching EC2 instance failed.

Deploy into a different AZ by selecting subnet or creating a new subnet that resides in different AZ
c5n.9xlarge unavailable in deployment AZ  CREATE_FAILED    AWS::EC2::Instance    PurityInstanceCT0    Your requested instance type (c5n.9xlarge) is not supported in your requested Availability Zone (us-west-2d). Please retry your request by not specifying an Availability Zone or choosing us-west-2a, us-west-2b, us-west-2c. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: 673a83d5-37ac-4992-a01c-ecdd6b0fc0cd) Deploy into a different AZ by selecting subnet or creating a new subnet that resides in a different AZ.
System Subnet / ENI Subnet AZ Mismatch
Issue Error Resolution
System subnet in us-west-2c but iSCSI interface in us-west-2b. Value (us-west-2c) for parameter availabilityZone is invalid. Network interface 'eni-077c3a51a42fd2e0a' is in the availability zone us-west-2b (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 45508662-1fa0-4f69-bee4-0990fb88ee13) The system subnet and subnet specified for iSCSI, replication, mgmt ENIs must be in the same AZ.
Subnet / Security Group VPC Mismatch
Issue Error Resolution
Security group in different VPC than subnet for ENI (in this case replication) You have specified two resources that belong to different networks. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGroup.NotFound; Request ID: 369efd65-574f-4d72-b891-054fe5ca1833) Make sure security groups and subnet specified for ENI are in the same VPC
The required ports for replication, security, management not allowed in security group specified as parameters during deployment. Faild to create resource. See the details in CloudWatch Log Stream: 2019/08/08/[$LATEST]33788b0f070b4b1891f3c0487ce1493

Security group specified as parameter needs to allow:

inbound tcp port 8117 for replication,

inbound tcp port 3260 for iSCSI,

inbound tcp port 22, 80, 443, 8084 for management.

Failed Activation 
Issue Error Resolution
License Key Invalid WaitCondition received failed message: 'License Key Activation Failed' for uniqueId A valid license is require for deployment.
 
CloudWatch logs

2019-08-08 at 12.26 PM.png

SubnetCheckupCall stuck on create_in_progress

  • If subnetcheckupCall hangs, this is an indication the array cannot reach Pure1. This lambda function performs a telnet over port 443 to Pure1.
    PhoneHomeAddresses:
      Value:
        - 'rest.cloud-support.purestorage.com'
        - 'ra.cloud-support.purestorage.com'
    PhonehomeCidrIp:
      Value: '52.40.255.224/27'
  • Check the Events for any details like the following in CloudWatch:
SubnetCheckupCall 2019/07/23/[$LATEST]baa52aafce9147a3a1ae837b9b4d221a

2020-10-12 at 2.37 PM.png

  • Confirm there is a valid route to the internet from deployment (system subnet).

AZ selection explanation

The system subnet parameter on CF stack deployment, determines the Availability Zone (AZ) where the CBS stack is created. CBS internal resources including virtual drives and controllers are deployed into the system subnet.

When the system subnet was created as a prerequisite to CBS stack creation, it was linked to a single AZ in the deployment region.

The VPCInfo lambda function shown below, which is part of the CBS CF template, provides the AZ and VPC ID when querying a lambda endpoint for response data with the system subnet ID.  This AZ information is then used elsewhere in the template when allocating additional resources.