Cluster installation failed with error code OCM3020 : InvalidInstallConfigSubnet

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA 4)
  • Red Hat Openshift Dedicated 4 (OSD 4)
  • Red Hat OpenShift Container Platform 4 (OCP 4)

Issue

  • Cluster installation failed with error code OCM3020 : InvalidInstallConfigSubnet
  • Following error log is observed in the install logs:
platform.aws.subnets[1]: Invalid value: "subnet-0babad72exxxxxxxx": subnet's CIDR range start 10.69.1x.3x is outside of the specified machine networks, 
platform.aws.subnets[2]: Invalid value: "subnet-02fab648fxxxxxxxx": subnet's CIDR range start 10.69.1x.6x is outside of the specified machine networks, 
platform.aws.subnets[3]: Invalid value: "subnet-0e157656dxxxxxxxx": subnet's CIDR range start 10.69.1x.9x is outside of the specified machine networks,
platform.aws.subnets[4]: Invalid value: "subnet-0db752d68xxxxxxxx": subnet's CIDR range start 10.69.1x.1x is outside of the specified machine networks, 
platform.aws.subnets[5]: Invalid value: "subnet-01e42f275xxxxxxxx": subnet's CIDR range start 10.69.1x.16x is outside of the specified machine networks

Resolution

Subnet's CIDR range start was outside of the specified machine networks. You can check your subnet configuration and try again.

Below are some points that needs to be considered:

  • The CIDR specified for machineNetwork must contain the VPC CIDR in which the subnets range is coming.
networking:
  machineNetwork:
  - cidr: 10.0.0.0/16
  • If you specify multiple IP address blocks, the blocks must not overlap.
  • If the machineNetwork CIDR doesn't contain the specified subnet's IP address range then the installation will fail.
  • As the OpenShift nodes will be getting the IP addresses from the subnet IP range only, the machineNetwork CIDR must be specified accordingly.

If you need help from Red Hat, please open a support case with us by clicking here.

Root Cause

The subnet specified during cluster installation was invalid. Subnet's CIDR range start was outside of the specified machine networks.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments