Trying to install kubernetes on virtualbox using ansible:
in master-playbook.yml
- name: Install comodo cert
copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt
- name: Update cert index
shell: /usr/sbin/update-ca-certificates
- name: Adding apt repository for Kubernetes
apt_repository:
repo: deb https://packages.cloud.google.com/apt/dists/ kubernetes-xenial main
state: present
filename: kubernetes.list
validate_certs: False
now, Vagrantfile calls the playbook:
config.vm.define "k8s-master" do |master|
master.vm.box = IMAGE_NAME
master.vm.network "private_network", ip: "192.168.50.10"
master.vm.hostname = "k8s-master"
master.vm.provision "ansible" do |ansible|
ansible.playbook = "kubernetes-setup/master-playbook.yml"
end
end
but i am getting error:
TASK [Adding apt repository for Kubernetes] ************************************ fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",
"module_stdout": "Traceback (most recent call last):\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 113, in \r\n _ansiballz_main()\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 48, in invoke_module\r\n imp.load_module('main', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 550, in \r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 542, in main\r\n File \"/usr/lib/python2.7/dist-packages/apt/cache.py\", line 487, in update\r\n raise FetchFailedException(e)\r\napt.cache.FetchFailedException: W:The repository 'https://packages.cloud.google.com/apt/dists kubernetes-xenial Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Failed to fetch https://packages.cloud.google.com/apt/dists/dists/kubernetes-xenial/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none, E:Some index files failed to download. They have been ignored, or old ones used instead.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Run the command below and try again:
# git config --global http.sslverify false
As is described in the fine manual, you must first add the GPG signing key with apt-key
or the ansible module apt_key:
Similarly listed on that page, the correct apt repo is deb https://apt.kubernetes.io/ kubernetes-xenial main
So yes, while you entirely borked your CA chain of trust with the first command, I suspect you would have subsequently encountered untrusted package signatures with the next steps since you did not teach apt apt the kubernetes package signing key.