Trying to install kubernetes on virtualbox using ansible:

in master-playbook.yml

  - name: Install comodo cert
    copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt

  - name: Update cert index
    shell: /usr/sbin/update-ca-certificates

  - name: Adding apt repository for Kubernetes
      repo: deb  kubernetes-xenial main
      state: present
      filename: kubernetes.list
      validate_certs: False

now, Vagrantfile calls the playbook:

config.vm.define "k8s-master" do |master| = IMAGE_NAME "private_network", ip: ""
    master.vm.hostname = "k8s-master"
    master.vm.provision "ansible" do |ansible|
    ansible.playbook = "kubernetes-setup/master-playbook.yml"

but i am getting error:

TASK [Adding apt repository for Kubernetes] ************************************
fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to closed.\r\n",

"module_stdout": "Traceback (most recent call last):\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/\", line 113, in \r\n _ansiballz_main()\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/\", line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1555907987.70663-229510485563848/\", line 48, in invoke_module\r\n imp.load_module('main', mod, module, MOD_DESC)\r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/\", line 550, in \r\n File \"/tmp/ansible_apt_repository_payload_GXYAmU/\", line 542, in main\r\n File \"/usr/lib/python2.7/dist-packages/apt/\", line 487, in update\r\n raise FetchFailedException(e)\r\napt.cache.FetchFailedException: W:The repository ' kubernetes-xenial Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Failed to fetch server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none, E:Some index files failed to download. They have been ignored, or old ones used instead.\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

1 Answers

Matthew L Daniel On

As is described in the fine manual, you must first add the GPG signing key with apt-key or the ansible module apt_key:

Similarly listed on that page, the correct apt repo is deb kubernetes-xenial main

So yes, while you entirely borked your CA chain of trust with the first command, I suspect you would have subsequently encountered untrusted package signatures with the next steps since you did not teach apt apt the kubernetes package signing key.