Cluster installation failed with error code OCM3021: PendingVerification

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA 4)
  • Red Hat Openshift Dedicated 4 (OSD 4)

Issue

  • Cluster installation failed with error code OCM3021: PendingVerification
  • Following error log is observed in the install logs:
level=error msg="\t* aws_instance.bootstrap: Error launching source instance: PendingVerification: Your request for accessing resources in this region is being validated, and you will not be able to launch additional resources in this region until the validation is complete. We will notify you by email once your request has been validated. While normally resolved within minutes, please allow up to 4 hours for this process to complete. If the issue still persists, please let us know by writing to aws-verification@amazon.com for further assistance."

Resolution

This error suggests that your account verification may not be complete. This issue can also occur if you try creating a cluster in a region you haven't used before.

When creating a cluster, the Red Hat OpenShift Service on AWS service creates small instances in all supported regions. This check ensures the AWS account being used can deploy to each supported region.

For AWS accounts that are not using all supported regions, AWS may send one or more emails confirming that "Your Request For Accessing AWS Resources Has Been Validated". Typically the sender of this email is aws-verification@amazon.com. This is expected behavior as the Red Hat OpenShift Service on AWS service is validating your AWS account configuration.

Normally, this validation gets completed within minutes (~15 minutes) but in some cases, it can take upto 4 hours to get this validated from AWS. In order to attempt successful provisioning, we have configured our installer to reattempt installation if this issue occurs but the installation can still get failed if the validation takes more time or if the validation itself gets failed.

In such situation, customers can wait until they receive a confirmation email about request validation from AWS. For further assistance, customers can reach out to the AWS team by writing to aws-verification@amazon.com.

Root Cause

This issue can occur if the customer is using a new AWS account or is trying to create a cluster in a region they haven't used before. When creating a cluster, the Red Hat OpenShift Service on AWS service creates small instances in all supported regions. This check ensures the AWS account being used can deploy to each supported region. As a result, the request gets blocked until it gets validated by AWS.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments