unable to launch cloud formation

[ghost]

Hello,
I am getting below error while trying to launch the cloud formation template. can you please help me on that.

Error
Template validation error: S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html

Thanks,
sneha

[dpwrussell]

1. How are you trying to launch the template?
2. What region are you using?
3. What parameters did you provide?

[ghost]

Hello Dpwrussell
Thanks for the reply. I tried to launch from your link directly but I'm unable to do it. After that i created New VPC, subnets, key-pair and I launched EC2 instance on the same VPC, downloaded your code and tried changing the launch_stack.sh file and replaced with my VPC ID and Subnet ID's. When I try to execute the launch_stack.sh It is giving following errors
/home/ubuntu/omero.cloudarchive-cloudformation-master# ./launch_stack.sh
Invalid endpoint: https://cloudformation.us east 1.amazonaws.com

Can you please help me on that
Thanks
sneha

[dpwrussell]

launch_stack.sh is really just for testing, but it should work if you customize it to your environment. When you did that, did you change the S3 bucket being used?

What was the problem with launching from the cloudformation link as that would be how I recommend you do that?

[ghost]

Hello Dpwrussell

Initially we tried to use that cloudformation links it is giving us "Template validation error: S3 error: Access Denied For more information check " so we moved to launch_stack.sh way

I didn't understand what I need to give value for "ParameterKey=S3Bucket,ParameterValue"
so I keep this as comment and tried then we getting below error when running launch_stack.sh
"An error occurred (InvalidClientTokenId) when calling the ValidateTemplate operation: The security token included in the request is invalid"

[dpwrussell]

So the S3 bucket you only have to specify if you want to build a new deployment based on a previously dehydrated deployment. So if you want a blank instance, then not setting that configuration is the correct thing to do.

It sounds like your problems might be related to permissions on AWS in general. Do you have credentials configured on the machine on which you are trying to launch the cloudformation template from? Do those credentials have permission to launch cloudformation templates, create S3 buckets, configure networking, etc? It's best to start with a user that has admin permission.

Are you able to use the AWS CLI to perform other tasks? E.g.

$ aws s3 ls

and

$ aws s3api create-bucket --bucket <bucket_name>

If that works, then perhaps trying deploying another cloudformation template, e.g. https://s3-us-west-2.amazonaws.com/cloudformation-templates-us-west-2/S3_Website_Bucket_With_Retain_On_Delete.template

If all that works, then it probably is a cloudarchive specific problem and we can debug from there.

[dpwrussell]

Did you resolve this?

[ghost]

Hello Russell
Thanks for your help omero server is up and running but there are some errors generated from container . omero-ms-pixel-buffer/ms-pixel-buffer/1fdc87cd-1125-47ad-875a-680e488c692f**

io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)ke
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)

can you please look into above error
we have error in 2 more containers having diffrent error which I'm try to resolve

[dpwrussell]

Is there more stacktrace? What are you doing when you see this error?

[ghost]

Hello Russell
I trying to login to container to find what are causing these error but I didn't find clue about it.
I'm attaching remaining error

1.omero-ms-image-region

2.omero-ms-pixel-buffer

3.omer-ms-thumbnail

[dpwrussell]

OK, but what is not working? I can't really debug it without a lot more information.

…

On Tue, 19 Dec 2017 at 17:07 Sneha676 ***@***.***> wrote: Hello Russell I trying to login to container to find what are causing these error but I didn't find clue about it. I'm attaching remaining error [image: omero-ms-image-region] <https://urldefense.proofpoint.com/v2/url?u=https-3A__user-2Dimages.githubusercontent.com_34038801_34169350-2D19fdb762-2De4b5-2D11e7-2D835d-2D328e9dc9a59d.png&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=hG980ESxUhpWXeq9BOrnOv3CUpq5lW8uGu7OdRUzoVI&m=NV6XPER3QyZ6yXdSlHlM35nS5kc_vCZCqvCGYljWEWo&s=JIF4_f3bUQynJP9-pTiUwNZq_Ub1_pB5WPiL17hOarw&e=> — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_sorgerlab_omero.cloudarchive-2Dcloudformation_issues_1-23issuecomment-2D352823414&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=hG980ESxUhpWXeq9BOrnOv3CUpq5lW8uGu7OdRUzoVI&m=NV6XPER3QyZ6yXdSlHlM35nS5kc_vCZCqvCGYljWEWo&s=JpnutbEjWm55SqQd3eSXbYrx5I-1zVdM7624V-f64Io&e=>, or mute the thread <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ABzTE4Ey7Vg9x1Ua01EkEmIHyD1yo0O2ks5tB-2D1DgaJpZM4Q6isj&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=hG980ESxUhpWXeq9BOrnOv3CUpq5lW8uGu7OdRUzoVI&m=NV6XPER3QyZ6yXdSlHlM35nS5kc_vCZCqvCGYljWEWo&s=Ufv1cSvurf5fpA1nwrvl4G53U-KfABzH_EukM4Zn4gY&e=> .

[ghost]

Hello Russell,
Actually the omero.server and omero.web client are working fine. If I check the stack in CloudFormation, I have seen that instances for the omero-ms-pixel-buffer, omero-ms-thumbnail, omero-ms-image-region, and the redis services are still in "CREATE_IN_PROGRESS" status. If I check the logs for those services in CloudWatch, I can see the actual errors stopping those services from working(The above screenshots are those errors).

[dpwrussell]

Are you sure that everything is working properly as web should not work properly without redis and the microservices. Does the ECS console say that they are running?

Other than the services saying they are still creating and the logs, is anything actually not working? Can you import and then visualize data with the web client for example?

Can you put the actual logs somewhere, annoyingly there is no way to get them from the console, but like this: https://forums.aws.amazon.com/message.jspa?messageID=676376

[akmukherjee]

Hi @dpwrussell , I believe your S3 object(s) in that bucket do not have public access and thus am unable to access them. Can you please make them available so I can try out your deployment.

[dpwrussell]

@akmukherjee I don't think that is the problem as the template object is definitely public. I just tested it.

Caveat emptor: I am no longer developing on this as I am now working on a system which works more natively in the cloud: https://github.com/sorgerlab/minerva-infrastructure