尝试使用ansible在virtualbox上安装kubernetes:
在master-playbook.yml中
- name: Install comodo cert
copy: src=BCPSG.pem dest=/etc/ssl/certs/ca-certificates.crt
- name: Update cert index
shell: /usr/sbin/update-ca-certificates
- name: Adding apt repository for Kubernetes
apt_repository:
repo: deb https://packages.cloud.google.com/apt/dists/ kubernetes-xenial main
state: present
filename: kubernetes.list
validate_certs: False
现在,Vagrantfile调用了剧本:
config.vm.define "k8s-master" do |master|
master.vm.box = IMAGE_NAME
master.vm.network "private_network", ip: "192.168.50.10"
master.vm.hostname = "k8s-master"
master.vm.provision "ansible" do |ansible|
ansible.playbook = "kubernetes-setup/master-playbook.yml"
end
end
但我得到错误:
TASK [Adding apt repository for Kubernetes] ************************************ fatal: [k8s-master]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",
“module_stdout”:“Traceback(最近一次调用最后一次):\ r \ n文件\”/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \“,第113行,在\ r \ n \ n _ansiballz_main()\ r \ n文件\“/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \”,第105行,位于_ansiballz_main \ r \ n invoke_module(zipped_mod,temp_path ,ANSIBALLZ_PARAMS)\ r \ n文件\“/ home / vagrant / .ansible / tmp / ansible-tmp-1555907987.70663-229510485563848 / AnsiballZ_apt_repository.py \”,第48行,在invoke_module \ r \ n \ imp.load_module('main' ,mod,module,MOD_DESC)\ r \ n File \“/ tmp / ansible_apt_repository_payload_GXYAmU / main.py \”,第550行,在\ r \ n文件\“/ tmp / ansible_apt_repository_payload_GXYAmU / main.py \”,第542行,在主\ r \ n文件\“/ usr / lib / python2.7 / dist-packages / apt / cache.py \”,第487行,在update \ r \ n中引发FetchFailedException(e)\ r \ napt.cache .FetchFailedException:W:存储库'https://packages.cloud.google.com/apt/dists kubernetes-xenial Release'没有Release文件。,W:Data从这样的存储库无法进行身份验证,因此使用起来很危险。,W:请参阅apt-secure(8)联机帮助页以了解存储库创建和用户配置详细信息。,E:无法获取https://packages.cloud.google.com/apt/dists/dists/kubernetes-xenial/main/binary-amd64/Packages服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:none,E:某些索引文件无法下载。它们已被忽略,或旧的被使用。\ r \ n“,”msg“:”MODULE FAILURE \ n查看stdout / stderr的确切错误“,”rc“:1}
如the fine manual中所述,您必须首先使用apt-key
或ansible模块添加GPG签名密钥apt_key:
同样在该页面上列出,正确的apt repo是deb https://apt.kubernetes.io/ kubernetes-xenial main
所以是的,虽然你用第一个命令完全塞住了你的CA信任链,但我怀疑你后来会遇到不受信任的包签名,接下来的步骤是因为你没有教会使用kubernetes包签名密钥。
运行以下命令,然后重试:
#git config --global http.sslverify false