Fails to create Core Instace

Question

Fails to create Core Instace

Closed this issue 3 years ago · 12 comments

I'm using root user access key and then when I try to run the script it creates the network just fine but fails to create the actual instance.

╷
│ Error: 404-NotAuthorizedOrNotFound
│ Provider version: 4.67.0, released on 2022-03-10.
│ Service: Core Instance
│ Error Message: Authorization failed or requested resource not found.
│ OPC request ID: f39808081be0c66f025ee81eb87dbf3a/37EFF46E0A38072AF67D0343D2CDAC94/4F30CD595B5C0CC47C715402A16EA37A
│ Suggestion: Either the resource has been deleted or service Core Instance need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│
│
│   with module.compute.oci_core_instance.server_1,
│   on compute/main.tf line 1, in resource "oci_core_instance" "server_1":
│    1: resource "oci_core_instance" "server_1" {
│

Answer 1 · 2022-03-13T16:25:43.000Z

Hi, I have updated the ubuntu instance images today that could be solve the issue. Could you check that in your case too?

Answer 2 · 2022-03-23T12:53:40.000Z

Just to update, I also have this issue, running latest commit.

module.compute.oci_core_instance.server_1: Creating...
╷
│ Error: 404-NotAuthorizedOrNotFound
│ Provider version: 4.68.0, released on 2022-03-17.
│ Service: Core Instance
│ Error Message: Authorization failed or requested resource not found.
│ OPC request ID: 280c37588bdf011c5b63352bed1f2ad4/4450568828D8A663541B7CCD5CCFE2FA/8228C228BCBBE8D1246EB7198982D038
│ Suggestion: Either the resource has been deleted or service Core Instance need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│
│
│ with module.compute.oci_core_instance.server_1,
│ on compute/main.tf line 1, in resource "oci_core_instance" "server_1":
│ 1: resource "oci_core_instance" "server_1" {
│

Answer 3 · 2022-03-23T13:18:56.000Z

Hey, did you go through all the steps of the manual to setup your credentials?
https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/tf-provider/01-summary.htm

Answer 4 · 2022-03-23T13:55:21.000Z

I did and I I am able to create the VCN successfully so it shouldnt be an auth issue.

Answer 5 · 2022-03-23T21:13:42.000Z

So, I have changed the oci provider to a newer one (commit) and also tested it to deploy the cluster from scratch without any issue. Could you test it again?

Answer 6 · 2022-03-24T16:36:43.000Z

I tested and unfortunately same result:

module.compute.oci_core_instance.server_1: Creating...
╷
│ Error: 404-NotAuthorizedOrNotFound
│ Provider version: 4.69.0, released on 2022-03-23.
│ Service: Core Instance
│ Error Message: Authorization failed or requested resource not found.
│ OPC request ID: d79fcfc3b4215e47c45a63fef7098312/EDF2DF21C76A5BC0271328F028067895/65F771C5CAD8D44ADFCA40691D96C801
│ Suggestion: Either the resource has been deleted or service Core Instance need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│
│
│ with module.compute.oci_core_instance.server_1,
│ on compute/main.tf line 1, in resource "oci_core_instance" "server_1":
│ 1: resource "oci_core_instance" "server_1" {
│

Still creates the vcn perfectly fine. I am trying to deploy on us-phoeninx-1 and using fedora, I doubt any of that makes a difference but just wanted to let you know.

Answer 7 · 2022-03-24T17:53:55.000Z

Thanks @r3dlobst3r, that was the missing information, you use another region. You have to change the vm-image-id in terraform/compute/variables.tf to a proper image-id for your region. You can find the id here:

https://docs.oracle.com/en-us/iaas/images/image/e9cc4ddd-9879-45d7-88f8-149282fce460/

Answer 8 · 2022-03-24T17:58:37.000Z

And additionally, the deployment is adjusted and developed for Ubuntu. If you change the OS you have to check the k3os documentation to a just it.

Answer 9 · 2022-03-24T18:10:57.000Z

Okay makes sense, thank you for the help. Would you be able to point me in the right direction for the E2 instances as well? I am trying to use image: ocid1.image.oc1.phx.aaaaaaaan3xenf5nz6jgwmseebf2moledl23zsnwekvqok2u3kh77fhketeq but i didnt know if you used ubuntu minimal or not

Answer 10 · 2022-03-24T18:25:25.000Z

disregard, E2 instances are only allowed in AD3, fixed in compute/main.tf. Thanks again for the help!

Answer 11 · 2022-03-24T18:44:46.000Z

Okay, I do have one more question, is there a way to bring up the cluster on server1 with the public IP? When I grab the config file, it doesnt allow me to do kubectl get nodes since its trying 127.0.0.1:6443, when I try to change the address to the public IP and open the port in the vcn, it says: Unable to connect to the server: x509: certificate is valid for 10.0.0.11, 10.0.0.12, 10.43.0.1, 127.0.0.1, not 129.146.39.223

Answer 12 · 2022-03-25T06:17:06.000Z

Here you can find how to add SANs to your cluster.
k3s-io/k3s#3369 (comment)