Merge pull request #93291 from AedinC/OSDOCS-14654

OSDOCS-14654:Added cluster installation errors to ROSA Classic Troubleshooting guide

Author: kcarmichael08

modules/rosa-troubleshooting-awsapiratelimitexceeded-failure-deployment.adoc

@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsapiratelimitexceeded-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSAPIRateLimitExceeded error
+
+If a cluster creation action fails, you might receive the following error messages.
+
+.Example install logs output
+[source,terminal]
+----
+level=error\nlevel=error msg=Error: error waiting for Route53 Hosted Zone .* creation: timeout while waiting for state to become 'INSYNC' (last state: 'PENDING', timeout: 15m0s)
+----
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3008
+Provisioning Error Message: AWS API rate limit exceeded. Please try again.
+----
+
+This error indicates that the AWS API rate limit has been exceeded while waiting for the Route 53 hosted zone.
+
+.Procedure
+
+* Reattempt the installation.
+
+

modules/rosa-troubleshooting-awsec2quotaexceeded-failure-deployment.adoc

@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsec2quotaexceeded-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSEC2QuotaExceeded error
+
+If a cluster creation action fails, you might receive the following error message.
+
+.Example output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3042
+Provisioning Error Message: AWS E2C quota limit exceeded. Clean unused load balancers or increase quota and try again.
+----
+
+This error indicates that you have reached the EC2 quota limit for the region mentioned in the error log.
+
+.Procedure
+
+Request a quota increase from AWS or delete unused EC2 instances.
+
+* Request a quota increase from AWS.
+.. Sign in to the link:https://aws.amazon.com/console/[AWS Management Console].
+.. Click your user name and select **Service Quotas**.
+.. Under **Manage quotas**, select an AWS service to view available quotas.
+.. If the quota is adjustable, you can choose the button or the name, and then choose **Request quota increase**.
+
+* Delete unused EC2 instances using the console.
+.. Before you delete an EC2 instance, verify your data by checking that your Amazon EBS volumes will still exist after you delete the unused EC2 instances.
+.. Ensure you have copied any data that you need from your instance store volumes to persistent storage, such as Amazon EBS or Amazon S3.
+.. If you have a CNAME record for your domain that points to your load balancer, point it to a new location and wait for the DNS change to take effect before deleting your load balancer.
+.. Open the link:https://console.aws.amazon.com/ec2/[Amazon EC2 console].
+.. On the navigation pane, choose **Instances**.
+.. Select the instance, and choose **Terminate instance**.
+
+
+
+
+

modules/rosa-troubleshooting-awsinsufficientcapacity-failure-deployment.adoc

@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsinsufficientcapacity-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSInsufficientCapacity error
+
+If a cluster creation action fails, you might receive the following error message.
+
+.Example output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3052
+Provisioning Error Message: AWSInsufficientCapacity.
+----
+
+This error indicates that AWS has run out of capacity for a particular availability zone that you have requested.
+
+.Procedure
+
+* Try reinstalling or select a different AWS region or different availability zones.
+

modules/rosa-troubleshooting-awsinsufficientpermission-failure-deployment.adoc

@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsinsufficientpermission-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSInsufficientPermissions error
+
+If a cluster creation action fails, you might receive the following error message.
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3033
+Provisioning Error Message: Current credentials insufficient for performing cluster installation.
+----
+
+This error indicates that the cluster installation is blocked due to missing or insufficient privileges on the AWS account used to provision the cluster.
+
+.Procedure
+
+Ensure that the prerequisites are met by reviewing _Detailed requirements for deploying ROSA (classic architecture) using STS_ or _Deploying ROSA without AWS STS_ in _Additional resources_ depending on your choice of credential mode for installing clusters.
+
+include::snippets/rosa-sts.adoc[]
+. If needed, you can re-create the permissions and policies by using the `-f` flag:
++
+.Example output
+[source,terminal]
+----
+$ rosa create ocm-role -f
+$ rosa create user-role -f
+$ rosa create account-roles -f
+$ rosa create operator-roles -c ${CLUSTER} -f
+----
+. Validate all the prerequisites and attempt cluster reinstallation.
+
+
+

modules/rosa-troubleshooting-awsnatgatewaylimitexceeded-failure-deployment.adoc

@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsnatgatewaylimitexceeded-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSNATGatewayLimitExceeded error
+
+If a cluster creation action fails, you might receive the following error messages.
+
+.Example install logs output
+[source,terminal]
+----
+Failed to create cluster: Error creating NAT Gateway: NatGatewayLimitExceeded: Performing this operation would exceed the limit of 5 NAT gateways.
+----
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3019
+Provisioning Error Message: NAT gateway limit exceeded. Clean unused NAT gateways or increase quota and try again.
+----
+
+This error indicates that you have reached the quota for the number of NAT gateways for that availability zone.
+
+.Procedure
+
+. To fix this issue, try one of the following methods:
+
+* Request an increase in the **NAT gateways per Availability Zone quota** page by using the **Service Quotas** console (AWS).
+
+* Check the status of your NAT gateway. A status of `Pending`, `Available`, or `Deleting` counts against your quota. If you have recently deleted a NAT gateway, wait a few minutes for the status to go from `Deleting` to `Deleted`. Then try creating a new NAT gateway.
+
+* If you do not need your NAT gateway in a specific availability zone, try creating a NAT gateway in an availability zone where you have not reached your quota.
+

modules/rosa-troubleshooting-awssubnetnotexist-failure-deployment.adoc

@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awssubnetnotexist-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSSubnetDoesNotExist error
+
+If a cluster creation action fails, you can receive the following error messages.
+
+.Example install logs output
+[source,terminal]
+----
+The subnet ID 'subnet-<somesubnetID>' does not exist.
+----
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3032
+Provisioning Error Message: You have specified an invalid subnet. Verify your subnet configuration is correct and try again.
+----
+
+This error indicates that the cluster installation is blocked by an invalid subnet selection error.
+
+.Procedure
+
+* Check your subnets provided in the `platform.aws.subnets` parameter during installation. The subnets must be a part of the same machine Network CIDR ranges that you specify.
+** For a standard cluster, specify a public and a private subnet for each availability zone.
+** For a private cluster, specify a private subnet for each availability zone.
+
+For more information about AWS VPC and subnet requirements and optional parameters, see the _VPC_ section in the _AWS prerequisites for ROSA_ guide.
+

modules/rosa-troubleshooting-awsvpclimit-failure-deployment.adoc

@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-awsvpclimit-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an AWSVPCLimitExceeded error
+
+If a cluster creation action fails, you might receive the following error message.
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3013
+Provisioning Error Message: VPC limit exceeded. Clean unused VPCs or increase quota and try again.
+----
+
+This error indicates that you have reached the quota for the number of VPCs.
+
+.Procedure
+
+Request a quota increase from AWS or delete unused VPCs.
+
+* Request a quota increase from AWS.
+.. Sign in to the link:https://aws.amazon.com/console/[AWS Management Console].
+.. Click your user name and select **Service Quotas**.
+.. Under **Manage quotas**, select a service to view available quotas.
+.. If the quota is adjustable, you can choose the button or the name, and then choose **Request increase**.
+.. For **Increase quota value**, enter the new value. The new value must be greater than the current value.
+.. Choose **Request**.
+
+* Clean unused VPCs. Before you can delete a VPC, you must first terminate or delete any resources that created a requester-managed network interface in the VPC. For example, you must terminate your EC2 instances and delete your load balancers, NAT gateways, transit gateways, and interface VPC endpoints before deleting a VPC.
+.. Sign in to the link:https://console.aws.amazon.com/ec2/[AWS EC2 console].
+.. Terminate all instances in the VPC. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html[Terminate Amazon EC2 instances].
+.. Open the link:https://console.aws.amazon.com/vpc[Amazon VPC console].
+.. In the navigation pane, choose **Your VPCs**.
+.. Select the VPC to delete and choose **Actions, Delete VPC**.
+.. If you have a Site-to-Site VPN connection, select the option to delete it; otherwise, leave it unselected. Choose **Delete VPC**.
+
+

modules/rosa-troubleshooting-deleteiamrole-deployment.adoc

@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-deleteiamrole-deployment_{context}"]
+= Troubleshooting cluster creation with a DeletingIAMRole error
+
+If a cluster creation action fails, you might receive the following error message.
+
+.Example output
+[source,terminal]
+----
+OCM3031: Error deleting IAM Role (role-name): DeleteConflict: Cannot delete entity, must detach all policies first.\nlevel=error msg=\tstatus code: 409
+----
+The cluster's installation was blocked as the cluster installer was not able to delete the roles it used during the installation.
+
+.Procedure
+To unblock the cluster installation, ensure that no policies are added to new roles by default.
+
+* Run the following command to list all managed policies that are attached to the specified role:
+
++
+[source,terminal]
+----
+$ aws iam list-attached-role-policies --role-name <role-name>
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "AttachedPolicies": [
+    {
+      "PolicyName": "SecurityAudit",
+      "PolicyArn": "arn:aws:iam::aws:policy/SecurityAudit"
+    }
+  ],
+  "IsTruncated": false
+}
+----
+
++
+If there are no policies attached to the specified role (or none that match the specified path prefix), the command returns an empty list.
+
+For more information about the list-attached-role-policies command, see link:https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-role-policies.html[list-attached-role-policies] in the official AWS documentation.

modules/rosa-troubleshooting-general-deployment.adoc

@@ -3,7 +3,7 @@
 // * support/rosa-troubleshooting-deployments.adoc
 :_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-general-deployment-failure_{context}"]
-= Obtaining information on a failed cluster
+= Obtaining information about a failed cluster
 
 If a cluster deployment fails, the cluster is put into an "error" state.
 

modules/rosa-troubleshooting-invalidinstallconfigsubnet-failure-deployment.adoc

@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-invalidinstallconfigsubnet-failure-deployment_{context}"]
+= Troubleshooting cluster creation with an InvalidInstallConfigSubnet error
+
+If a cluster creation action fails, you might receive the following error messages.
+
+.Example install logs output
+[source,terminal]
+----
+platform.aws.subnets[1]: Invalid value: "subnet-0babad72exxxxxxxx": subnet's CIDR range start 10.69.1x.3x is outside of the specified machine networks
+----
+
+.Example {cluster-manager} output
+[source,terminal]
+----
+Provisioning Error Code:    OCM3020
+Provisioning Error Message: Subnet CIDR ranges are outside of specified machine CIDR.
+----
+
+These errors indicate that a subnet's CIDR range start is outside of the specified machine networks.
+
+.Procedure
+
+. Check your subnet configuration.
+. Edit your machine CIDR range to include all subnet CIDR ranges.
+Generally, your machine CIDR should match your VPC CIDR.
+
+For more information about CIDR ranges, see _CIDR range definitions_ in the _Additional resources_ section .
+