Support Questions

Find answers, ask questions, and share your expertise

CDP on Azure: Creation failed (freelpa creation operation failed)

avatar

Hi,

I'm trying to register an environment in CDP from using Azure, following this guide: https://docs.cloudera.com/management-console/cloud/azure-quickstart/topics/mc-azure-quickstart.html

 

All the steps work well, except the registration itself, which gives a 'Creation failed' error. 

cdp_error.jpg

 

 

 

Even worse, the Environment and Data Lake cannot be deleted. Even the deletion fails for some sort of deadlock between the two, as they were nor provisioned correctly.

 

Any advice?

 

PS: it's worth to note that the guide comes with a video too (https://www.cloudera.com/campaign/videos/cdp-setup.html?videoId=6150076931001), in which a role is created in Azure by copy pasting a JSON provided by the CDP UI. This json is not there anymore in the guide nor in the UI itself, so I guess it's ok?

 

Thanks and best regards,
Valerio

17 REPLIES 17

avatar
Rising Star

Hi Valerio,

 

A few things to check:

1. If you go to the datalake tab in the UI: can you access the CM UI? The logs there should tell you more

2. This is most likely a bad combination of setup of your managed identity/storage account. Best way to know what's wrong is to send us screenshots of your managed identity/storage account setup in Azure portal + how you call them in the environment creation wizard in CDP.

avatar

Hi Paul,

 

thanks for your answer.

 

1 - I can, but since I tried to delete the Data Lake and I delete the associated Storage account in Azure, they are not available now. Perhaps they were, at the beginning. I should try again, I guess.

 

2 - Luckily I documented everything. The storage account doesn't exist anymore, but here are all the screenshots I took while I was following the guide step by step. Maybe you can spot something. Note: the storage account was created with a colleague's account, as he has privileges to do so, while CDP is under my own account.

 

(let me know if the link doesn't work)

 

Thanks and best regards,
Valerio

avatar
Rising Star

Hola Valerio,

 

Looking at Screenshot (34), it looks like you used the AssumerIdentity everywhere.

Instead, you should use a combination of Logger/Ranger/Assumer/DataAccess identities, as detailed here: https://docs.cloudera.com/management-console/cloud/azure-quickstart/topics/mc-azure-quickstart-envir...

 

Could you try with the proper identity combination and see if that helps?

avatar

Hi Paul,

 

well, that's embarassing... 🙂 Thanks a lot! Will try tomorrow morning and update the thread.

 

Thanks and best regards,
Valerio

avatar

Hi Paul,

 

eventually I managed to create the environment. Thanks! The old one is still there, apparently corrupted, and I'm unable to delete it. It's a bit annoying but I don't think it's a major deal.

 

However, I'm not getting some role error in the Data Hub creation. I used the Data Engineering for Azure template, but it fails with the following message:

com.sequenceiq.cloudbreak.cm.ClouderaManagerOperationFailedException: Cluster template install failed: [Command [Start], with id [1546334305] failed: Failed to start role., Command [Start], with id [1546334302] failed: Failed to start role., Command [Start], with id [1546334303] failed: Failed to start role.'

 

I attach a couple of useful screenshots. If I click on the 'full log file' link from the 'details' one, I get"

[Errno 2] No such file or directory: '/var/log/hue/runcpserver.log'

avatar
Rising Star

Hi there,

 

Regarding your datahub failure, it may be due to the fact that your FQDN is too long. Could you try launching a cluster with a shorter name?

 

As for the environment not being deleted: what error are you facing when trying to delete it?

avatar

Hi Paul,

 

thanks for your answer.

 

For the errors, here they are. Please keep in mind the underlying Azure resource group doesn't exist anymore, therefore in a way I understand these errors now.

The thing is that I could not delete them right away, therefore I had to delete the resource group in Azure in order to free up the resources in our Azure subscription.

In all honesty, I don't remember if the errors were looking the same before I deleted the environment in Azure or not, but I remember the deletion failed, even if I tried 'forcing' it, on both sides.

By the way, clicking on 'Repair' doesn't trigger any action at this point.

DataLakeDataLake

 

EnvironmentEnvironment

 

As per the Data Hub, I managed to create it. However:

  1. even though the previous data hub 'failed' to be provisioned, I just realized it was fully instantiated on Azure, and it cost me about 80 euros for 2 days. I understand I could have looked, just in case, but since the data hub failed for a 'naive' error such as the length of the name, also apparently uncontrolled, one would expect the whole process to fail and the resources not to be created on Azure... I think this scenario could have been handled much better and avoid such a bad surprise for the user.
  2. I'm trying to run simple workloads, for example in Zeppelin, but:
    1. one of the provided examples starts with a %sh interpreter (a wget command)... However the shell interpreter is not even defined!
    2. If I try to run any Spark command, even "sc" in pyspark, I get the following error:

20/10/06 11:29:23 ERROR common.DefaultRequestExecutor: Error executing request: org.apache.knox.gateway.shell.ErrorResponse: https://azure-cdp-poc-cp-dl-idbroker0.azure-cd.odjv-kfil.cloudera.site:8444/gateway/azure-cab/cab/ap...: HTTP/1.1 403 Forbidden 20/10/06 11:29:23 ERROR idbroker.AbstractIDBClient: Cloud Access Broker response: { "error": "There is no mapped role for the group(s) associated with the authenticated user.", "auth_id": "csso_valeriodimatteo" }

 

I'm the only user, and I have the Environment Admin role... Is there anything else I should be doing before I can actually run some simple workload?

 

I understand these are many, and quite low-level questions, so please let me know if I can open a direct channel to get some support.

 

Thanks and best regards,
Valerio

avatar
Rising Star

Hi Valerio,

 

There is some mapping to be done to enable your permissions.

I think the best way for you to move forward would be to use the resources available to you:

1. Free training, e.g. https://www.cloudera.com/about/training/courses/cloudera-essentials-for-cdp.html 

2. Tutorials, e.g. https://www.cloudera.com/tutorials/cdp-how-to-create-a-data-hub.html

3. If you are a Cloudera customer, I do recommend to reach out to your account team. We have CDP experts that can help you quickly rather than asynchronously.

avatar

Hi Paul,

 

thanks for the links your provided. I'll try to have a look, hopefully I'll see if there is some step that I missed using the guide that I followed...

 

By the way, we are partners, not clients... Do we still get to have some CDP expert to help us (as you say, quickly rather than asynchronously)? It would be just what I was hoping for... 🙂

 

Best regards,
Valerio