Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

etcd SSL cert creation fails #138

Open
mikeholownych opened this issue Feb 12, 2019 · 2 comments
Open

etcd SSL cert creation fails #138

mikeholownych opened this issue Feb 12, 2019 · 2 comments

Comments

@mikeholownych
Copy link

TASK [cert : Create etcd SSL certificate key files] ***********************************************************************************************************************
Tuesday 12 February 2019 15:11:02 -0500 (0:00:00.194) 0:00:10.056 ******
fatal: [k8s-m1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/home/mike/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n ^ here\n"}
@espala
Copy link

espala commented Apr 3, 2019

Hello,

I have a similar problem. I need a solution. Can you help me ?

pwd
/Users/testuser/works/personal/test/ansible2/kube-ansible

ls

LICENSE             Vagrantfile         ansible.cfg         cluster.yml         extra-playbooks     inventory           roles
README.md           addons.yml          cluster.retry       contrib             hack                reset-cluster.yml   upgrade-cluster.yml

cat inventory/hosts.ini

[etcds]
192.168.1.11 ansible_ssh_user=testuser
192.168.1.12 ansible_ssh_user=testuser
192.168.1.13 ansible_ssh_user=testuser

[masters]
192.168.1.11 ansible_ssh_user=testuser

[nodes]
192.168.1.12 ansible_ssh_user=testuser
192.168.1.13 ansible_ssh_user=testuser

[kube-cluster:children]
masters
nodes

export ANSIBLE_HOST_KEY_CHECKING=False && time ansible-playbook -i inventory/hosts.ini cluster.yml

PLAY [masters] *****************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:08 +0300 (0:00:00.136)       0:00:00.136 *******
ok: [192.168.1.11]

TASK [cluster-default : Configure cluster default vars] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:04.009)       0:00:04.145 *******
ok: [192.168.1.11] => {
    "msg": "Check roles/k8s-default/defaults/main.yml"
}

TASK [cluster-path : Configure cluster path vars] ******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.092)       0:00:04.238 *******
ok: [192.168.1.11] => {
    "msg": "Check roles/cluster-path/defaults/main.yml"
}

TASK [download/package : Override local repository url] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.087)       0:00:04.326 *******

TASK [download/package : Create download binaries tmp directory] ***************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.084)       0:00:04.410 *******
ok: [192.168.1.11]

TASK [download/package : Create cfssl release directory] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:13 +0300 (0:00:00.952)       0:00:05.362 *******
changed: [192.168.1.11]

TASK [download/package : Include download archive tasks] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.754)       0:00:06.117 *******

TASK [download/package : Include download binary tasks] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.090)       0:00:06.208 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/download/package/tasks/binary.yml for 192.168.1.11

TASK [download/package : Check cfssl binary already exists] ********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.147)       0:00:06.356 *******
ok: [192.168.1.11]

TASK [download/package : Downloading cfssl file] *******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:15 +0300 (0:00:00.950)       0:00:07.306 *******
 [WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually

changed: [192.168.1.11]

TASK [download/package : Copy cfssl file to release directory] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:17 +0300 (0:00:02.061)       0:00:09.367 *******
changed: [192.168.1.11] => (item=cfssl)

TASK [download/package : Symlinks cfssl to /usr/local/bin] *********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:18 +0300 (0:00:01.354)       0:00:10.722 *******
changed: [192.168.1.11] => (item=cfssl)

TASK [download/package : Override local repository url] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:19 +0300 (0:00:00.797)       0:00:11.520 *******

TASK [download/package : Create download binaries tmp directory] ***************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:19 +0300 (0:00:00.091)       0:00:11.611 *******
ok: [192.168.1.11]

TASK [download/package : Create cfssljson release directory] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:20 +0300 (0:00:00.755)       0:00:12.367 *******
ok: [192.168.1.11]

TASK [download/package : Include download archive tasks] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.783)       0:00:13.150 *******

TASK [download/package : Include download binary tasks] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.088)       0:00:13.238 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/download/package/tasks/binary.yml for 192.168.1.11

TASK [download/package : Check cfssljson binary already exists] ****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.144)       0:00:13.383 *******
ok: [192.168.1.11]

TASK [download/package : Downloading cfssljson file] ***************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:22 +0300 (0:00:01.435)       0:00:14.819 *******
changed: [192.168.1.11]

TASK [download/package : Copy cfssljson file to release directory] *************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:24 +0300 (0:00:01.644)       0:00:16.463 *******
changed: [192.168.1.11] => (item=cfssljson)

TASK [download/package : Symlinks cfssljson to /usr/local/bin] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:25 +0300 (0:00:01.273)       0:00:17.737 *******
changed: [192.168.1.11] => (item=cfssljson)

TASK [cert : Check SSL CA json config] *****************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:26 +0300 (0:00:00.899)       0:00:18.636 *******
ok: [192.168.1.11]

TASK [cert : Generate SSL CA config] *******************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:27 +0300 (0:00:00.794)       0:00:19.431 *******
changed: [192.168.1.11]

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:31 +0300 (0:00:04.152)       0:00:23.584 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-k8s-certs.yml for 192.168.1.11

TASK [cert : Ensure Kubernetes PKI directory already exists] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:31 +0300 (0:00:00.177)       0:00:23.761 *******
changed: [192.168.1.11]

TASK [cert : Check Kubernetes SSL certificate json files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:32 +0300 (0:00:00.887)       0:00:24.649 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'})

TASK [cert : Generate Kubernetes SSL certificate json files] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:37 +0300 (0:00:04.553)       0:00:29.203 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/admin.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/apiserver.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/controller-manager.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/scheduler.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-client.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'}})

TASK [cert : Check Kubernetes SSL certificate authority files] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:03 +0300 (0:00:26.610)       0:00:55.813 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'ca-csr.json', 'bare': 'ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'})

TASK [cert : Create Kubernetes SSL certificate authority files] ****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:05 +0300 (0:00:01.345)       0:00:57.159 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'ca-csr.json', 'bare': 'ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'ca-csr.json', 'bare': 'ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'}})

TASK [cert : Check Kubernetes SSL certificate key files] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:07 +0300 (0:00:02.274)       0:00:59.434 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'})

TASK [cert : Create Kubernetes SSL certificate key files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:11 +0300 (0:00:03.518)       0:01:02.952 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/apiserver.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/admin.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/controller-manager.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/scheduler.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-client.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'}})

TASK [cert : Check service account key already exists] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:17 +0300 (0:00:05.886)       0:01:08.839 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create service account private and public key] ********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:17 +0300 (0:00:00.743)       0:01:09.583 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item=openssl genrsa -out /etc/kubernetes/pki/sa.key 2048)
changed: [192.168.1.11 -> 192.168.1.11] => (item=openssl rsa -in /etc/kubernetes/pki/sa.key -pubout -out /etc/kubernetes/pki/sa.pub)

TASK [common/copy-files : Check the files already exists] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:19 +0300 (0:00:01.534)       0:01:11.117 *******
ok: [192.168.1.11] => (item=/etc/kubernetes/pki/ca.pem)
ok: [192.168.1.11] => (item=/etc/kubernetes/pki/ca-key.pem)

TASK [common/copy-files : Read the config files] *******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:20 +0300 (0:00:01.418)       0:01:12.536 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'charset': 'us-ascii', 'uid': 0, 'exists': True, 'attr_flags': '', 'woth': False, 'isreg': True, 'device_type': 0, 'mtime': 1554289146.4989, 'block_size': 4096, 'inode': 17544020, 'isgid': False, 'size': 1428, 'executable': False, 'isuid': False, 'readable': True, 'version': '931548068', 'pw_name': 'root', 'gid': 0, 'ischr': False, 'wusr': True, 'writeable': True, 'mimetype': 'text/plain', 'blocks': 8, 'xoth': False, 'islnk': False, 'nlink': 1, 'issock': False, 'rgrp': True, 'gr_name': 'root', 'path': '/etc/kubernetes/pki/ca.pem', 'xusr': False, 'atime': 1554289152.0834353, 'isdir': False, 'ctime': 1554289146.4989, 'isblk': False, 'wgrp': False, 'checksum': '5287e52d1257c9690d30390230a0082814767bc6', 'dev': 2049, 'roth': True, 'isfifo': False, 'mode': '0644', 'xgrp': False, 'rusr': True, 'attributes': []}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, 'item': '/etc/kubernetes/pki/ca.pem', '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': '/etc/kubernetes/pki/ca.pem'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca-key.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'charset': 'us-ascii', 'uid': 0, 'exists': True, 'attr_flags': '', 'woth': False, 'isreg': True, 'device_type': 0, 'mtime': 1554289146.4989, 'block_size': 4096, 'inode': 17544023, 'isgid': False, 'size': 1675, 'executable': False, 'isuid': False, 'readable': True, 'version': '18446744072552176892', 'pw_name': 'root', 'gid': 0, 'ischr': False, 'wusr': True, 'writeable': True, 'mimetype': 'text/plain', 'blocks': 8, 'xoth': False, 'islnk': False, 'nlink': 1, 'issock': False, 'rgrp': False, 'gr_name': 'root', 'path': '/etc/kubernetes/pki/ca-key.pem', 'xusr': False, 'atime': 1554289152.0834353, 'isdir': False, 'ctime': 1554289146.4989, 'isblk': False, 'wgrp': False, 'checksum': 'adb5bf2d8111cee560ec96d8003a9ee10b66e70b', 'dev': 2049, 'roth': False, 'isfifo': False, 'mode': '0600', 'xgrp': False, 'rusr': True, 'attributes': []}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, 'item': '/etc/kubernetes/pki/ca-key.pem', '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': '/etc/kubernetes/pki/ca-key.pem'})

TASK [common/copy-files : Write the content of files] **************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:01.647)       0:01:14.184 *******

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:00.166)       0:01:14.350 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-k8s-kubelet-certs.yml for 192.168.1.11

TASK [cert : Check kubelet SSL certificate key files] **************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:00.077)       0:01:14.428 *******
ok: [192.168.1.11]

TASK [cert : Generate kubelet SSL certificate json files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:23 +0300 (0:00:00.690)       0:01:15.119 *******
changed: [192.168.1.11]

TASK [cert : Create kubelet SSL certificate key files] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:27 +0300 (0:00:04.684)       0:01:19.803 *******
changed: [192.168.1.11]

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:29 +0300 (0:00:01.232)       0:01:21.036 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-etcd-certs.yml for 192.168.1.11

TASK [cert : Ensure etcd PKI directory already exists] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:29 +0300 (0:00:00.104)       0:01:21.141 *******
changed: [192.168.1.11]

TASK [cert : Check etcd SSL certificate json files] ****************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:30 +0300 (0:00:00.976)       0:01:22.117 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'})

TASK [cert : Generate etcd SSL certificate json files] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:32 +0300 (0:00:01.750)       0:01:23.868 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/etcd/etcd-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/etcd/etcd.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'}})

TASK [cert : Check etcd SSL certificate authority files] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:39 +0300 (0:00:07.655)       0:01:31.524 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create etcd SSL certificate authority files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:40 +0300 (0:00:00.755)       0:01:32.279 *******
changed: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Check etcd SSL certificate key file] ******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:41 +0300 (0:00:00.976)       0:01:33.256 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create etcd SSL certificate key files] ****************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:42 +0300 (0:00:00.728)       0:01:33.984 *******
fatal: [192.168.1.11]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n  ^ here\n"}

NO MORE HOSTS LEFT *************************************************************************************************************************************************************************************************************************************************************
	to retry, use: --limit @/Users/testuser/works/personal/test/ansible2/kube-ansible/cluster.retry

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************
192.168.1.11              : ok=42   changed=18   unreachable=0    failed=1

Wednesday 03 April 2019  13:59:42 +0300 (0:00:00.118)       0:01:34.102 *******
===============================================================================
cert : Generate Kubernetes SSL certificate json files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 26.61s
cert : Generate etcd SSL certificate json files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7.66s
cert : Create Kubernetes SSL certificate key files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 5.89s
cert : Generate kubelet SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.68s
cert : Check Kubernetes SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.55s
cert : Generate SSL CA config ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.15s
Gathering Facts --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.01s
cert : Check Kubernetes SSL certificate key files ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.52s
cert : Create Kubernetes SSL certificate authority files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.27s
download/package : Downloading cfssl file ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.06s
cert : Check etcd SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.75s
common/copy-files : Read the config files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.65s
download/package : Downloading cfssljson file --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.64s
cert : Create service account private and public key -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.53s
download/package : Check cfssljson binary already exists ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.44s
common/copy-files : Check the files already exists ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.42s
download/package : Copy cfssl file to release directory ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.35s
cert : Check Kubernetes SSL certificate authority files ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.35s
download/package : Copy cfssljson file to release directory ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.27s
cert : Create kubelet SSL certificate key files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.23s
ansible-playbook -i inventory/hosts.ini cluster.yml  16.81s user 6.57s system 24% cpu 1:35.93 total

@ScantyDaemon
Copy link

ScantyDaemon commented Apr 28, 2021
edited
Loading

I have a similar problem.

TASK [cert : Check etcd SSL certificate authority files] ***************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.573)       0:00:13.658 *******
ok: [192.168.1.101 -> 192.168.1.101]

TASK [cert : Create etcd SSL certificate authority files] **************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.308)       0:00:13.966 *******

TASK [cert : Check etcd SSL certificate key file] **********************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.088)       0:00:14.055 *******
ok: [192.168.1.101 -> 192.168.1.101]

TASK [cert : Create etcd SSL certificate key files] ********************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.277)       0:00:14.333 *******
fatal: [192.168.1.101]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/root/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n  ^ here\n"}

NO MORE HOSTS LEFT *****************************************************************************************************
        to retry, use: --limit @/root/kube-ansible/cluster.retry

PLAY RECAP *************************************************************************************************************
192.168.1.101              : ok=31   changed=0    unreachable=0    failed=1

===============================================================================
cert : Check Kubernetes SSL certificate json files -------------------------------------------------------------- 1.47s
download/package : Create download binaries tmp directory ------------------------------------------------------- 1.38s
cert : Check Kubernetes SSL certificate key files --------------------------------------------------------------- 1.18s
download/package : Copy cfssl file to release directory --------------------------------------------------------- 0.59s
cert : Generate etcd SSL certificate json files ----------------------------------------------------------------- 0.57s
common/copy-files : Read the config files ----------------------------------------------------------------------- 0.54s
common/copy-files : Check the files already exists -------------------------------------------------------------- 0.52s
cert : Check Kubernetes SSL certificate authority files --------------------------------------------------------- 0.50s
download/package : Check cfssl binary already exists ------------------------------------------------------------ 0.49s
cert : Check etcd SSL certificate json files -------------------------------------------------------------------- 0.48s
download/package : Copy cfssljson file to release directory ----------------------------------------------------- 0.39s
download/package : Create cfssl release directory --------------------------------------------------------------- 0.35s
download/package : Check cfssljson binary already exists -------------------------------------------------------- 0.33s
download/package : Symlinks cfssljson to /usr/local/bin --------------------------------------------------------- 0.32s
download/package : Symlinks cfssl to /usr/local/bin ------------------------------------------------------------- 0.31s
cert : Check etcd SSL certificate authority files --------------------------------------------------------------- 0.31s
download/package : Create download binaries tmp directory ------------------------------------------------------- 0.31s
cert : Check service account key already exists ----------------------------------------------------------------- 0.29s
cert : Check SSL CA json config --------------------------------------------------------------------------------- 0.28s
cert : Check etcd SSL certificate key file ---------------------------------------------------------------------- 0.28s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikeholownych @espala @ScantyDaemon