Ansible:kubernetes使用vagrant安装,错误:“服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt“

问题描述 投票:0回答:2

尝试使用ansible在virtualbox上安装kubernetes:

在master-playbook.yml中

  - name: Install comodo cert
    copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt

  - name: Update cert index
    shell: /usr/sbin/update-ca-certificates

  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://packages.cloud.google.com/apt/dists/  kubernetes-xenial main
      state: present
      filename: kubernetes.list
      validate_certs: False

现在,Vagrantfile调用了剧本:

config.vm.define "k8s-master" do |master|
    master.vm.box = IMAGE_NAME
    master.vm.network "private_network", ip: "192.168.50.10"
    master.vm.hostname = "k8s-master"
    master.vm.provision "ansible" do |ansible|
    ansible.playbook = "kubernetes-setup/master-playbook.yml"
    end
end

但我得到错误:

TASK [Adding apt repository for Kubernetes] ************************************
fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",

“module_stdout”:“Traceback(最近一次调用最后一次):\ r \ n文件\”/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \“,第113行,在\ r \ n \ n _ansiballz_main()\ r \ n文件\“/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \”,第105行,位于_ansiballz_main \ r \ n invoke_module(zipped_mod,temp_path ,ANSIBALLZ_PARAMS)\ r \ n文件\“/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \”,第48行,在invoke_module \ r \ n \ imp.load_module('main' ,mod,module,MOD_DESC)\ r \ n File \“/ tmp / ansible_apt_repository_payload_GXYAmU / main.py \”,第550行,在\ r \ n文件\“/ tmp / ansible_apt_repository_payload_GXYAmU / main.py \”,第542行,在主\ r \ n文件\“/ usr / lib / python2.7 / dist-packages / apt / cache.py \”,第487行,在update \ r \ n中引发FetchFailedException(e)\ r \ napt.cache .FetchFailedException:W:存储库'https://packages.cloud.google.com/apt/dists kubernetes-xenial Release'没有Release文件。,W:Data从这样的存储库无法进行身份验证,因此使用起来很危险。,W:请参阅apt-secure(8)联机帮助页以了解存储库创建和用户配置详细信息。,E:无法获取https://packages.cloud.google.com/apt/dists/dists/kubernetes-xenial/main/binary-amd64/Packages服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:none,E:某些索引文件无法下载。它们已被忽略,或旧的被使用。\ r \ n“,”msg“:”MODULE FAILURE \ n查看stdout / stderr的确切错误“,”rc“:1}

kubernetes ansible vagrant virtualbox
2个回答
1
投票

the fine manual中所述,您必须首先使用apt-key或ansible模块添加GPG签名密钥apt_key:

同样在该页面上列出,正确的apt repo是deb https://apt.kubernetes.io/ kubernetes-xenial main

所以是的,虽然你用第一个命令完全塞住了你的CA信任链,但我怀疑你后来会遇到不受信任的包签名,接下来的步骤是因为你没有教会使用kubernetes包签名密钥。

0
投票

运行以下命令,然后重试:

#git config --global http.sslverify false

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.