Fortinet white logo
Fortinet white logo

AliCloud Administration Guide

Troubleshooting

Troubleshooting

Debugging cloud-init

Retrieving the cloud-init log can be useful when issues are occurring at boot up. To retrieve the log, log in to the FortiGate-VM and type the following into the CLI:

diag debug cloudinit show

Output will look similar to the following:

 >> Checking metadata source ali
 >> ALI user data obtained
 >> Fos-instance-id: i-p0w3dr3bf9rck4jub4vb
 >> Cloudinit trying to get config script from https://************.ap-southeast-2-internal.fc.aliyuncs.com/2016-08-15/proxy/FortigateAutoScale-wke/FortigateAutoScale-rrr/
 >> Cloudinit download config script successfully
 >> Found metadata source: ali
 >> Run config script
 >> Finish running script
 >> FortiGate-VM64-ALI $  config system dns
 >> FortiGate-VM64-ALI (dns) $     unset primary
 >> FortiGate-VM64-ALI (dns) $     unset secondary
 >> FortiGate-VM64-ALI (dns) $  end
 >> FortiGate-VM64-ALI $  config system auto-scale
 >> FortiGate-VM64-ALI (auto-scale) $     set status enable
 >> FortiGate-VM64-ALI (auto-scale) $     set sync-interface port 1
 >> FortiGate-VM64-ALI (auto-scale) $     set role  master
 >> FortiGate-VM64-ALI (auto-scale) $     set callback-url
 https://************.ap-southeast-2-internal.fc.aliyuncs.com/2016-08-15/proxy/FortigateAutoScale-wke/FortigateAutoScale-rrr/

TableStore destroy time

TableStore deletion can take up to 10 minutes and may appear as follows:

alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m0s elapsed)
alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m10s elapsed)
alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m20s elapsed)

If you are seeing these messages after 10 minutes, it is likely that TableStore contains data. You will need to manually delete TableStore and then re-run the terraform destroy command. For details on manually deleting TableStore, refer to the section Destroying the cluster.

Resource availability

If a region runs out of a specified resource an error like the following displays. In this case the cluster will need to be deployed into a different region.

 1 error occurred:
	* alicloud_slb.default: 1 error occurred:
	* alicloud_slb.default: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_slb.go:324: Resource alicloud_slb CreateLoadBalancer Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
SDK.ServerError
ErrorCode: OperationFailed.ZoneResourceLimit
Recommend:
RequestId: 83972A94-0640-49DA-8586-DCF535D14886
Message: The operation failed because of resource limit of the specified zone.

Timeout

If a timeout such as the following occurs, rerun the command.

Error: Error applying plan:

1 error occurred:
	* alicloud_vswitch.vsw2: 1 error occurred:
	* alicloud_vswitch.vsw2: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_vswitch.go:58:
[ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_vswitch.go:170:
[ERROR] terraform-provider-alicloud/alicloud/service_alicloud_ecs.go:51: Resource us-east-1b DescribeZones Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
net/http: request canceled (Client.Timeout exceeded while reading body)

How to reset the elected primary FortiGate

To reset the elected primary FortiGate, go to TableStore > FortiGateMasterElection and delete the only item. A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating TableStore > FortiGateMasterElection , refer to the section Verify the deployment.

Troubleshooting

Troubleshooting

Debugging cloud-init

Retrieving the cloud-init log can be useful when issues are occurring at boot up. To retrieve the log, log in to the FortiGate-VM and type the following into the CLI:

diag debug cloudinit show

Output will look similar to the following:

 >> Checking metadata source ali
 >> ALI user data obtained
 >> Fos-instance-id: i-p0w3dr3bf9rck4jub4vb
 >> Cloudinit trying to get config script from https://************.ap-southeast-2-internal.fc.aliyuncs.com/2016-08-15/proxy/FortigateAutoScale-wke/FortigateAutoScale-rrr/
 >> Cloudinit download config script successfully
 >> Found metadata source: ali
 >> Run config script
 >> Finish running script
 >> FortiGate-VM64-ALI $  config system dns
 >> FortiGate-VM64-ALI (dns) $     unset primary
 >> FortiGate-VM64-ALI (dns) $     unset secondary
 >> FortiGate-VM64-ALI (dns) $  end
 >> FortiGate-VM64-ALI $  config system auto-scale
 >> FortiGate-VM64-ALI (auto-scale) $     set status enable
 >> FortiGate-VM64-ALI (auto-scale) $     set sync-interface port 1
 >> FortiGate-VM64-ALI (auto-scale) $     set role  master
 >> FortiGate-VM64-ALI (auto-scale) $     set callback-url
 https://************.ap-southeast-2-internal.fc.aliyuncs.com/2016-08-15/proxy/FortigateAutoScale-wke/FortigateAutoScale-rrr/

TableStore destroy time

TableStore deletion can take up to 10 minutes and may appear as follows:

alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m0s elapsed)
alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m10s elapsed)
alicloud_ots_instance.tablestore: Still destroying... (ID: FortiGateASG-rrr, 7m20s elapsed)

If you are seeing these messages after 10 minutes, it is likely that TableStore contains data. You will need to manually delete TableStore and then re-run the terraform destroy command. For details on manually deleting TableStore, refer to the section Destroying the cluster.

Resource availability

If a region runs out of a specified resource an error like the following displays. In this case the cluster will need to be deployed into a different region.

 1 error occurred:
	* alicloud_slb.default: 1 error occurred:
	* alicloud_slb.default: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_slb.go:324: Resource alicloud_slb CreateLoadBalancer Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
SDK.ServerError
ErrorCode: OperationFailed.ZoneResourceLimit
Recommend:
RequestId: 83972A94-0640-49DA-8586-DCF535D14886
Message: The operation failed because of resource limit of the specified zone.

Timeout

If a timeout such as the following occurs, rerun the command.

Error: Error applying plan:

1 error occurred:
	* alicloud_vswitch.vsw2: 1 error occurred:
	* alicloud_vswitch.vsw2: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_vswitch.go:58:
[ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_vswitch.go:170:
[ERROR] terraform-provider-alicloud/alicloud/service_alicloud_ecs.go:51: Resource us-east-1b DescribeZones Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
net/http: request canceled (Client.Timeout exceeded while reading body)

How to reset the elected primary FortiGate

To reset the elected primary FortiGate, go to TableStore > FortiGateMasterElection and delete the only item. A new primary FortiGate will be elected and a new record will be created as a result.

For details on locating TableStore > FortiGateMasterElection , refer to the section Verify the deployment.