This is a cache of https://docs.openshift.com/rosa/support/troubleshooting/rosa-troubleshooting-deployments.html. It is a snapshot of the page at 2024-11-25T03:06:43.007+0000.
Troubleshooting cluster deployments - Troubleshooting | Support | Red Hat OpenShift Service on AWS
×

This document describes how to troubleshoot cluster deployment errors.

Obtaining information on a failed cluster

If a cluster deployment fails, the cluster is put into an "error" state.

Procedure

Run the following command to get more information:

$ rosa describe cluster -c <my_cluster_name> --debug

Failing to create a cluster with an osdCcsAdmin error

If a cluster creation action fails, you can receive the following error message.

Example output
Failed to create cluster: Unable to create cluster spec: Failed to get access keys for user 'osdCcsAdmin': NoSuchEntity: The user with name osdCcsAdmin cannot be found.
Procedure

To fix this issue:

  1. Delete the stack:

    $ rosa init --delete
  2. Reinitialize your account:

    $ rosa init

Creating the Elastic Load Balancing (ELB) service-linked role

If you have not created a load balancer in your AWS account, it is possible that the service-linked role for Elastic Load Balancing (ELB) might not exist yet. You may receive the following error:

Error: Error creating network Load Balancer: AccessDenied: user: arn:aws:sts::xxxxxxxxxxxx:assumed-role/ManagedOpenShift-Installer-Role/xxxxxxxxxxxxxxxxxxx is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"
Procedure

To resolve this issue, ensure that the role exists on your AWS account. If not, create this role with the following command:

aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing" || aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"

This command only needs to be executed once per account.

Repairing a cluster that cannot be deleted

In specific cases, the following error appears in OpenShift Cluster Manager if you attempt to delete your cluster.

Error deleting cluster
CLUSTERS-MGMT-400: Failed to delete cluster <hash>: sts_user_role is not linked to your account. sts_ocm_role is linked to your organization <org number> which requires sts_user_role to be linked to your Red Hat account <account ID>.Please create a user role and link it to the account: user Account <account ID> is not authorized to perform STS cluster operations

Operation ID: b0572d6e-fe54-499b-8c97-46bf6890011c

If you try to delete your cluster from the CLI, the following error appears.

E: Failed to delete cluster <hash>: sts_user_role is not linked to your account. sts_ocm_role is linked to your organization <org_number> which requires sts_user_role to be linked to your Red Hat account <account_id>.Please create a user role and link it to the account: user Account <account ID> is not authorized to perform STS cluster operations

This error occurs when the user-role is unlinked or deleted.

Procedure
  1. Run the following command to create the user-role IAM resource:

    $ rosa create user-role
  2. After you see that the role has been created, you can delete the cluster. The following confirms that the role was created and linked:

    I: Successfully linked role ARN <user role ARN> with account <account ID>