K
Q

Ansible:kubernetes install using vagrant, error: "server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt"

4/22/2019

Trying to install kubernetes on virtualbox using ansible:

in master-playbook.yml

  - name: Install comodo cert
    copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt

  - name: Update cert index
    shell: /usr/sbin/update-ca-certificates

  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://packages.cloud.google.com/apt/dists/  kubernetes-xenial main
      state: present
      filename: kubernetes.list
      validate_certs: False

now, Vagrantfile calls the playbook:

config.vm.define "k8s-master" do |master|
    master.vm.box = IMAGE_NAME
    master.vm.network "private_network", ip: "192.168.50.10"
    master.vm.hostname = "k8s-master"
    master.vm.provision "ansible" do |ansible|
    ansible.playbook = "kubernetes-setup/master-playbook.yml"
    end
end

but i am getting error:

TASK [Adding apt repository for Kubernetes] ************************************
fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",

"module_stdout": "Traceback (most recent call last):\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 113, in \r\n _ansiballz_main()\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/AnsiballZ_apt_repository.py\", line 48, in invoke_module\r\n imp.load_module('main', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 550, in \r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/main.py\", line 542, in main\r\n File \"/usr/lib/python2.7/dist-packages/apt/cache.py\", line 487, in update\r\n raise FetchFailedException(e)\r\napt.cache.FetchFailedException: W:The repository 'https://packages.cloud.google.com/apt/dists kubernetes-xenial Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Failed to fetch https://packages.cloud.google.com/apt/dists/dists/kubernetes-xenial/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none, E:Some index files failed to download. They have been ignored, or old ones used instead.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

-- kamal
ansible
kubernetes
vagrant
virtualbox

Similar Questions

Failed to open topo server on vitess with etcd
How does Docker image clean up works on kubernetes?
What's the value proposition of running Cloud Run versus a normal service in GKE?
Kubernetes Python Client: connecting to a pod/service using Autobahn websocket/Twisted using bearer token
Running Spark on Kubernetes with Dynamic Allocation
Running a docker container which uses GPU from kubernetes fails to find the GPU
Using minikube with --driver=docker fails to forward from localhost to minikube internal address
Conditional Istio EnvoyFilter based on Cookie presence

2 Answers

6/26/2019

Run the command below and try again:

# git config --global http.sslverify false

-- Marcos Henrique
Source: StackOverflow
4/23/2019

As is described in the fine manual, you must first add the GPG signing key with apt-key or the ansible module apt_key:

Similarly listed on that page, the correct apt repo is deb https://apt.kubernetes.io/ kubernetes-xenial main

So yes, while you entirely borked your CA chain of trust with the first command, I suspect you would have subsequently encountered untrusted package signatures with the next steps since you did not teach apt apt the kubernetes package signing key.

-- mdaniel
Source: StackOverflow