Support Questions

Find answers, ask questions, and share your expertise

Template error creating HDP-Cloud Controller Service on AWS

Explorer

Please see the attached two documents for details:

Document 1: Create Failed-Stack Detail.pdf... contains the error details

Document 2: Create Failed-Procedure-I-Used.pdf ... contains the procedure I followed.

Please advise on how to move forward as I have not been able to create a cluster using the new HDP Cloud on AWS.

Regards

Joginder

create-failed-stack-detail.pdf

create-failed-stack-detail.pdf

1 ACCEPTED SOLUTION

@Joginder Sethi

One last thing that comes to my mind: Did you use any special characters in your password? At some point, we had problem with some special characters in the Admin Password parameter.

The log says time="2017-01-25T21:20:51Z" level="error" msg="[NewOAuth2HTTPClient] Error while connnecting to https://ec2-52-90-192-197.compute-1.amazonaws.com/identity/oauth/authorize as user: at46@yahoo.com, please check your username and password. (406 Not Acceptable)"

View solution in original post

25 REPLIES 25

@Marton Sereg Do you know why this error happens? The error is:

CREATE_FAILED

AWS::CloudFormation::WaitCondition InstanceWaitCondition

WaitCondition received failed message: 'ERROR: command 'hdc create­credential ­­ credential­name aws­access ­­role­arn $CREDENTIAL_ROLE_ARN ­­ssh­key­url http://169.254.169.254/latest/meta­data/public­keys/0/openssh­key ­­existing­ssh­key­pair $KEYPAIR_NAME' exited with status: 1 line: 1' for uniqueId: cbd­init

We don't have it documented in the Troubleshooting documentation at http://hortonworks.github.io/hdp-aws/trouble/index.html

Explorer

I don't know why this error occurred: I am seeking advise on resolving it. Can you please help?

@Marton Sereg

Contributor

@Joginder Sethi

can you SSH to the control plane VM and send me the logs from:

- /var/log/cbd-quick-start.log

- the output of the "docker logs cbreak_cloudbreak_1" command

I've seen this error message once when the SSH public key that was selected on the CFN create stack page had a length shorter than 2048. Please check if your public key's length is at least 2048 because only those are supported by HDC.

Explorer

I am unable to Putty into the vpc. The .pem file is 2kb while when I generate .ppk files: the private key is 2kb but the public key is 1kb. When generate another pair of keys using AWS' "Create Key Pair" I don'r see an option to set the size of the keys.

Please advise.

Regards @Marton Sereg

Joginder

Explorer

I am unable to Putty into the vpc. The .pem file is 2kb while when I generate .ppk files: the private key is 2kb but the public key is 1kb. When generate another pair of keys using AWS' "Create Key Pair" I don'r see an option to set the size of the keys.

Please advise.

Regards @Marton Sereg

Joginder

@Joginder Sethi

What Marton meant is, SSH to the EC2 instance on which the cloud controller is running, and get the output of the logs.

To determine your SSH public key length, you could use this command ssh-keygen -lf /etc/ssh/rsa_key.pub replacing rsa_key.pub with your public key name.

If you have already generated a new kaypair, you could just try and create a new cloud controller using the new SSH keypair.

By the way, if you run into any further issues, let us know which version of HDCloud you are using. I assume 1.8? Or the technical preview?

Explorer

I am using 1.8 version of HDCloud. I have terminated ec2 instance base on your recommendation to try with newly generated key pairs.

Will report soon.

Regards @Dominika Bialek

Joginder

Great. Let us know how it goes. If you generated a new SSH key, it should be a 2048-bit RSA key that meets the requirements. If the cloud controller still fails, then something else causes the problem.

Explorer

Same error after using the new key. I believe the problem is the key pair as I am still not able to Putty into the ec2 instance using the public dns name or the ip. Is there another way to ssh from windows os?


14:26:05 UTC-0600ROLLBACK_IN_PROGRESSAWS::CloudFormation::StackAWSMPBASICCloudControllerwithnewVPCThe following resource(s) failed to create: [InstanceWaitCondition]. . Rollback requested by user.14:26:03 UTC-0600CREATE_FAILEDAWS::CloudFormation::WaitConditionInstanceWaitConditionWaitCondition received failed message: 'ERROR: command 'hdc create-credential --credential-name aws-access --role-arn $CREDENTIAL_ROLE_ARN --ssh-key-url http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key --existing-ssh-key-pair $KEYPAIR_NAME' exited with status: 1 line: 1' for uniqueId: cbd-init14:19:01 UTC-0600CREATE_IN_PROGRESSAWS::CloudFormation::WaitConditionInstanceWaitConditionResource creation Initiated

Explorer

Can this cause the issue?

The following resource(s) require capabilities: [AWS::IAM::Role]

This template contains Identity and Access Management (IAM) resources that might provide entities access to make changes to your AWS account. Check that you want to create each of these resources and that they have the minimum required permissions

Explorer

Finally I am able to Putty into the ec2 instance. Attached are:

- /var/log/cbd-quick-start.log

- the output of the "docker logs cbreak_cloudbreak_1" command

Regards @Dominika Bialek @Marton Sereg

Joginder

cbreak-cloudbreak-1log.txt

cbd-quick-startlog.txt

Explorer

I see the following error in cbd-quick-startlog.txt

time="2017-01-25T21:20:51Z" level="error" msg="[NewOAuth2HTTPClient] Error while connnecting to https://ec2-52-90-192-197.compute-1.amazonaws.com/identity/oauth/authorize as user: at46@yahoo.com, please check your username and password. (406 Not Acceptable)" + [TRACE /var/lib/cloud/instance/scripts/part-001:1][ellapsed: 212] _trap_error 1 1 247 'hdc create-credential --credential-name aws-access --role-arn $CREDENTIAL_ROLE_ARN --ssh-key-url http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key --existing-ssh-key-pair $KEYPAIR_NAME' + [TRACE /var/lib/cloud/instance/scripts/part-001:29][ellapsed: 212] local err=1 line=1 _=247 'badcommand=hdc create-credential --credential-name aws-access --role-arn $CREDENTIAL_ROLE_ARN --ssh-key-url http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key --existing-ssh-key-pair $KEYPAIR_NAME' + [TRACE /var/lib/cloud/instance/scripts/part-001:31][ellapsed: 212] '[' 1 -eq 0 ']' + [TRACE /var/lib/cloud/instance/scripts/part-001:37][ellapsed: 212] [[ -n '' ]] + [TRACE /var/lib/cloud/instance/scripts/part-001:38][ellapsed: 212] SIGNAL_REASON='ERROR: command '\''hdc create-credential --credential-name aws-access --role-arn $CREDENTIAL_ROLE_ARN --ssh-key-url http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key --existing-ssh-key-pair $KEYPAIR_NAME'\'' exited with status: 1 line: 1' + [TRACE /var/lib/cloud/instance/scripts/part-001:42][ellapsed: 212] /opt/aws/bin/cfn-signal -s false -e 1 --id cbd-init --reason 'ERROR: command '\''hdc create-credential --credential-name aws-access --role-arn $CREDENTIAL_ROLE_ARN --ssh-key-url http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key --existing-ssh-key-pair $KEYPAIR_NAME'\'' exited with status: 1 line: 1' 'https://cloudformation-waitcondition-us-east-1.s3.amazonaws.com/arn%3Aaws%3Acloudformation%3Aus-east-1%3A872510204642%3Astack/AWSMPBASICCloudControllerwithnewVPC1/c20ac050-e342-11e6-9c9a-503acac41ed1/InstanceWaitHandle?AWSAccessKeyId=AKIAIIT3CWAIMJYUTISA&Expires=1485465063&Signature=he%2FIYeQ2160nJVrJ2eeQVqDZ7p4%3D' CloudFormation signaled successfully with FAILURE.

@Joginder Sethi

Marton can advise on the log output.

On a different note:

I noticed that you are using 0.0.0.0/24 as your Remote Access setting. This setting will not allow you to access the cloud controller web UI.

In the future, try using 0.0.0.0/0 as a Remote Access setting (but know that this allows access from all IP addresses, so it is suitable only if you are just getting started and not in a production setting) or, PREFERABLY, use this tool to convert your external IP address to CIDR: http://www.ipaddressguide.com/cidr.

@Joginder Sethi

One last thing that comes to my mind: Did you use any special characters in your password? At some point, we had problem with some special characters in the Admin Password parameter.

The log says time="2017-01-25T21:20:51Z" level="error" msg="[NewOAuth2HTTPClient] Error while connnecting to https://ec2-52-90-192-197.compute-1.amazonaws.com/identity/oauth/authorize as user: at46@yahoo.com, please check your username and password. (406 Not Acceptable)"

Explorer

yes I do have a special character in my password. Do I need to reset my password with no special characters?

Also this time I changed to 0.0.0.0/0 in remote access setting: And perhaps that is the reason I able to Putty into the ec2 instance.

Regards

Joginder

Explorer

After removing special character from the password, I am able get to create cluster.

Thank you for your help

Regards

Joginder

@Joginder Sethi Great! It will be helpful for other users if you mark the correct answer so if anyone else encounters the issue and find this post, they will be able to find the answer without reading through the whole thread.

Explorer

yes I do have a special character in my password. Do I need to reset my password with no special characters?

@Joginder Sethi

You could try... or just wait until Marton gets back to you; but he is in Central Europe, so it will be a while.

@Joginder Sethi

There was an issue about $, \, :, ", and | being unsupported:

http://docs.hortonworks.com/HDPDocuments/HDCloudAWS/HDCloudAWS-1.8.0/bk_hdcloud-aws/content/releasen...

So make sure that you don't use these characters and make sure to get the Remote Access setting right.