Ansible:kubernetes install using vagrant, error: "server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt"

4/22/2019

Trying to install kubernetes on virtualbox using ansible:

in master-playbook.yml

  - name: Install comodo cert
    copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt

  - name: Update cert index
    shell: /usr/sbin/update-ca-certificates

  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://packages.cloud.google.com/apt/dists/  kubernetes-xenial main
      state: present
      filename: kubernetes.list
      validate_certs: False

now, Vagrantfile calls the playbook:

config.vm.define "k8s-master" do |master|
    master.vm.box = IMAGE_NAME
    master.vm.network "private_network", ip: "192.168.50.10"
    master.vm.hostname = "k8s-master"
    master.vm.provision "ansible" do |ansible|
    ansible.playbook = "kubernetes-setup/master-playbook.yml"
    end
end

but i am getting error:

TASK [Adding apt repository for Kubernetes] ************************************
fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",

"module_stdout": "Traceback (most recent call last):\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 113, in \r\n _ansiballz_main()\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 48, in invoke_module\r\n imp.load_module('main', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 550, in \r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 542, in main\r\n File \"/usr/lib/python2.7/dist-packages/apt/cache.py\", line 487, in update\r\n raise FetchFailedException(e)\r\napt.cache.FetchFailedException: W:The repository 'https://packages.cloud.google.com/apt/dists kubernetes-xenial Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Failed to fetch https://packages.cloud.google.com/apt/dists/dists/kubernetes-xenial/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none, E:Some index files failed to download. They have been ignored, or old ones used instead.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

-- kamal
ansible
kubernetes
vagrant
virtualbox

2 Answers

6/26/2019

Run the command below and try again:

# git config --global http.sslverify false

-- Marcos Henrique
Source: StackOverflow

4/23/2019

As is described in the fine manual, you must first add the GPG signing key with apt-key or the ansible module apt_key:

Similarly listed on that page, the correct apt repo is deb https://apt.kubernetes.io/ kubernetes-xenial main

So yes, while you entirely borked your CA chain of trust with the first command, I suspect you would have subsequently encountered untrusted package signatures with the next steps since you did not teach apt apt the kubernetes package signing key.

-- mdaniel
Source: StackOverflow