This is a cache of https://docs.openshift.com/rosa/support/troubleshooting/rosa-troubleshooting-deployments.html. It is a snapshot of the page at 2024-11-23T03:06:27.660+0000.
Troubl<strong>e</strong>shooting clust<strong>e</strong>r d<strong>e</strong>ploym<strong>e</strong>nts - Troubl<strong>e</strong>shooting | Support | R<strong>e</strong>d Hat Op<strong>e</strong>nShift S<strong>e</strong>rvic<strong>e</strong> on AWS
&times;

This document describes how to troubleshoot cluster deployment errors.

Obtaining information on a failed cluster

If a cluster deployment fails, the cluster is put into an "error" state.

Procedure

Run the following command to get more information:

$ rosa describe cluster -c <my_cluster_name> --debug

Failing to create a cluster with an osdCcsAdmin error

If a cluster creation action fails, you can receive the following error message.

example output
Failed to create cluster: Unable to create cluster spec: Failed to get access keys for user 'osdCcsAdmin': NoSuchentity: The user with name osdCcsAdmin cannot be found.
Procedure

To fix this issue:

  1. Delete the stack:

    $ rosa init --delete
  2. Reinitialize your account:

    $ rosa init

Creating the elastic Load Balancing (eLB) service-linked role

If you have not created a load balancer in your AWS account, it is possible that the service-linked role for elastic Load Balancing (eLB) might not exist yet. You may receive the following error:

error: error creating network Load Balancer: AccessDenied: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/ManagedOpenShift-Installer-Role/xxxxxxxxxxxxxxxxxxx is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForelasticLoadBalancing"
Procedure

To resolve this issue, ensure that the role exists on your AWS account. If not, create this role with the following command:

aws iam get-role --role-name "AWSServiceRoleForelasticLoadBalancing" || aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"

This command only needs to be executed once per account.

Repairing a cluster that cannot be deleted

In specific cases, the following error appears in OpenShift Cluster Manager if you attempt to delete your cluster.

error deleting cluster
CLUSTeRS-MGMT-400: Failed to delete cluster <hash>: sts_user_role is not linked to your account. sts_ocm_role is linked to your organization <org number> which requires sts_user_role to be linked to your Red Hat account <account ID>.Please create a user role and link it to the account: User Account <account ID> is not authorized to perform STS cluster operations

Operation ID: b0572d6e-fe54-499b-8c97-46bf6890011c

If you try to delete your cluster from the CLI, the following error appears.

e: Failed to delete cluster <hash>: sts_user_role is not linked to your account. sts_ocm_role is linked to your organization <org_number> which requires sts_user_role to be linked to your Red Hat account <account_id>.Please create a user role and link it to the account: User Account <account ID> is not authorized to perform STS cluster operations

This error occurs when the user-role is unlinked or deleted.

Procedure
  1. Run the following command to create the user-role IAM resource:

    $ rosa create user-role
  2. After you see that the role has been created, you can delete the cluster. The following confirms that the role was created and linked:

    I: Successfully linked role ARN <user role ARN> with account <account ID>