Common issues with worker nodes
Virtual Private Cloud Classic infrastructure
Review common error messages and learn how to resolve them. Messages might begin with the prefix, '<provider>' infrastructure exception:
, where <provider>
identifies which infrastructure provider the worker
node uses.
Account prohibited from ordering
Message:
Your account is currently prohibited from ordering 'Computing Instances'.
Description and resolution:
Your IBM Cloud infrastructure account might be restricted from ordering compute resources. Contact IBM Cloud support by opening an IBM Cloud support case.
Could not place order
Message:
Could not place order.
Could not place order. There are insufficient resources behind router 'router_name' to fulfill the request for the following guests: 'worker_id'.
Description and resolution: The zone that you selected might not have enough infrastructure capacity to provision your worker nodes. Or, you might have exceeded a limit in your IBM Cloud infrastructure account.
To resolve, try one of the following options:
- Infrastructure resource availability in zones can fluctuate often. Wait a few minutes and try again.
- For a single zone cluster, create the cluster in a different zone. For a multizone cluster, add a zone to the cluster.
- Specify a different pair of public and private VLANs for your worker nodes in your IBM Cloud infrastructure account. For worker nodes that are in a worker pool, you can use the
ibmcloud oc zone network-set
[command]( - Contact your IBM Cloud infrastructure account manager to verify that you don't exceed an account limit, such as a global quota.
- Open an IBM Cloud infrastructure support case.
Could not obtain network VLAN
Message:
Could not obtain network VLAN with ID: <vlan-id>
Description and resolution:
Your worker node could not be provisioned because the selected VLAN ID could not be found for one of the following reasons:
- You might have specified the VLAN number instead of the VLAN ID. The VLAN number is 3 or 4 digits long, whereas the VLAN ID is 7 digits long. To retrieve the VLAN ID, run
ibmcloud oc vlan ls --zone <zone>
. - The VLAN ID might not be associated with the IBM Cloud infrastructure account that you use. To list available VLAN IDs for your account, run
ibmcloud oc vlan ls --zone <zone>
. To change the IBM Cloud infrastructure account, seeibmcloud oc credential set
.
Location invalid
Message:
The location provided for this order is invalid
Description and resolution:
Your IBM Cloud infrastructure is not set up to order compute resources in the selected data center. Contact IBM Cloud support to verify that you account is set up correctly.
Permissions error
Message:
The user does not have the necessary classic infrastructure permissions to add servers
'Item' must be ordered with permission.
The credentials could not be validated.
'<Provider>' infrastructure request not authorized
Description and resolution:
You might not have the required permissions to perform the action in your IBM Cloud infrastructure portfolio, or you are using the wrong infrastructure credentials. See Setting up the API key to enable access to the infrastructure portfolio.
Firewall error
Message:
Worker unable to talk to IBM Cloud Kubernetes Service servers. Please verify your firewall setup is allowing traffic from this worker.
Description and resolution:
If you have a firewall, configure your firewall settings to allow outgoing traffic to the appropriate ports and IP addresses.
Hard reboot
Message:
The worker did not respond to the soft reboot request. A hard reboot might be necessary.
Description and resolution:
Although you issued a reboot on your worker node, the worker node is unresponsive. You can rerun the reboot command with the --hard
option to
power off the worker node, or run the worker reload
command.
Instance can't be found
Message:
can't create IMS portal token, as no IMS account is linked to the selected BSS account
Provided user not found or active
User account is currently cancel_pending.
The worker node instance '<ID>' can't be found. Review '<provider>' infrastructure user permissions.
The worker node instance can't be found. Review '<provider>' infrastructure user permissions.
The worker node instance can't be identified. Review '<provider>' infrastructure user permissions.
Description and resolution:
The owner of the API key that is used to access the IBM Cloud infrastructure portfolio does not have the required permissions to perform the action, or might be pending deletion.
As the user, follow these steps:
- If you have access to multiple accounts, make sure that you are logged in to the account where you want to work with Red Hat OpenShift on IBM Cloud.
- Run
ibmcloud oc api-key info --cluster <cluster_name_or_ID>
to view the current API key owner that is used to access the IBM Cloud infrastructure portfolio. - Run
ibmcloud account list
to view the owner of the IBM Cloud account that you currently use. - Contact the owner of the IBM Cloud account and report that the API key owner has insufficient permissions in IBM Cloud infrastructure or might be pending to be deleted.
As the account owner, follow these steps:
- Review the required classic permissions in IBM Cloud infrastructure to perform the action that previously failed. For the VPC infrastructure provider, the API key owner must have the Administrator platform access role.
- Fix the permissions of the API key owner or create a new API key by using the
ibmcloud oc api-key reset --region <region>
command. - If you or another account admin manually set IBM Cloud infrastructure credentials in your account, run
ibmcloud oc credential unset --region <region>
to remove the credentials from your account.