search

kairen / kube-ansible

Build a Kubernetes cluster via Ansible playbook. :wrench: :wrench: :wrench:
Apache License 2.0
437 stars 195 forks source link

etcd SSL cert creation fails #138

Open mikeholownych opened 5 years ago

mikeholownych commented 5 years ago

TASK [cert : Create etcd SSL certificate key files] *** Tuesday 12 February 2019 15:11:02 -0500 (0:00:00.194) 0:00:10.056 ** fatal: [k8s-m1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/home/mike/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n ^ here\n"}

espala commented 5 years ago

Hello,

I have a similar problem. I need a solution. Can you help me ?

pwd /Users/testuser/works/personal/test/ansible2/kube-ansible

ls

LICENSE             Vagrantfile         ansible.cfg         cluster.yml         extra-playbooks     inventory           roles
README.md           addons.yml          cluster.retry       contrib             hack                reset-cluster.yml   upgrade-cluster.yml

cat inventory/hosts.ini

[etcds]
192.168.1.11 ansible_ssh_user=testuser
192.168.1.12 ansible_ssh_user=testuser
192.168.1.13 ansible_ssh_user=testuser

[masters]
192.168.1.11 ansible_ssh_user=testuser

[nodes]
192.168.1.12 ansible_ssh_user=testuser
192.168.1.13 ansible_ssh_user=testuser

[kube-cluster:children]
masters
nodes

export ANSIBLE_HOST_KEY_CHECKING=False && time ansible-playbook -i inventory/hosts.ini cluster.yml

PLAY [masters] *****************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:08 +0300 (0:00:00.136)       0:00:00.136 *******
ok: [192.168.1.11]

TASK [cluster-default : Configure cluster default vars] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:04.009)       0:00:04.145 *******
ok: [192.168.1.11] => {
    "msg": "Check roles/k8s-default/defaults/main.yml"
}

TASK [cluster-path : Configure cluster path vars] ******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.092)       0:00:04.238 *******
ok: [192.168.1.11] => {
    "msg": "Check roles/cluster-path/defaults/main.yml"
}

TASK [download/package : Override local repository url] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.087)       0:00:04.326 *******

TASK [download/package : Create download binaries tmp directory] ***************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:12 +0300 (0:00:00.084)       0:00:04.410 *******
ok: [192.168.1.11]

TASK [download/package : Create cfssl release directory] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:13 +0300 (0:00:00.952)       0:00:05.362 *******
changed: [192.168.1.11]

TASK [download/package : Include download archive tasks] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.754)       0:00:06.117 *******

TASK [download/package : Include download binary tasks] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.090)       0:00:06.208 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/download/package/tasks/binary.yml for 192.168.1.11

TASK [download/package : Check cfssl binary already exists] ********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:14 +0300 (0:00:00.147)       0:00:06.356 *******
ok: [192.168.1.11]

TASK [download/package : Downloading cfssl file] *******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:15 +0300 (0:00:00.950)       0:00:07.306 *******
 [WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually

changed: [192.168.1.11]

TASK [download/package : Copy cfssl file to release directory] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:17 +0300 (0:00:02.061)       0:00:09.367 *******
changed: [192.168.1.11] => (item=cfssl)

TASK [download/package : Symlinks cfssl to /usr/local/bin] *********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:18 +0300 (0:00:01.354)       0:00:10.722 *******
changed: [192.168.1.11] => (item=cfssl)

TASK [download/package : Override local repository url] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:19 +0300 (0:00:00.797)       0:00:11.520 *******

TASK [download/package : Create download binaries tmp directory] ***************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:19 +0300 (0:00:00.091)       0:00:11.611 *******
ok: [192.168.1.11]

TASK [download/package : Create cfssljson release directory] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:20 +0300 (0:00:00.755)       0:00:12.367 *******
ok: [192.168.1.11]

TASK [download/package : Include download archive tasks] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.783)       0:00:13.150 *******

TASK [download/package : Include download binary tasks] ************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.088)       0:00:13.238 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/download/package/tasks/binary.yml for 192.168.1.11

TASK [download/package : Check cfssljson binary already exists] ****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:21 +0300 (0:00:00.144)       0:00:13.383 *******
ok: [192.168.1.11]

TASK [download/package : Downloading cfssljson file] ***************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:22 +0300 (0:00:01.435)       0:00:14.819 *******
changed: [192.168.1.11]

TASK [download/package : Copy cfssljson file to release directory] *************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:24 +0300 (0:00:01.644)       0:00:16.463 *******
changed: [192.168.1.11] => (item=cfssljson)

TASK [download/package : Symlinks cfssljson to /usr/local/bin] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:25 +0300 (0:00:01.273)       0:00:17.737 *******
changed: [192.168.1.11] => (item=cfssljson)

TASK [cert : Check SSL CA json config] *****************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:26 +0300 (0:00:00.899)       0:00:18.636 *******
ok: [192.168.1.11]

TASK [cert : Generate SSL CA config] *******************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:27 +0300 (0:00:00.794)       0:00:19.431 *******
changed: [192.168.1.11]

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:31 +0300 (0:00:04.152)       0:00:23.584 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-k8s-certs.yml for 192.168.1.11

TASK [cert : Ensure Kubernetes PKI directory already exists] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:31 +0300 (0:00:00.177)       0:00:23.761 *******
changed: [192.168.1.11]

TASK [cert : Check Kubernetes SSL certificate json files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:32 +0300 (0:00:00.887)       0:00:24.649 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'})

TASK [cert : Generate Kubernetes SSL certificate json files] *******************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:58:37 +0300 (0:00:04.553)       0:00:29.203 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'ca-csr.json', 'name': 'kubernetes', 'org': 'Kubernetes', 'bare': 'ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/admin.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'admin-csr.json', 'name': 'admin', 'org': 'system:masters', 'bare': 'admin'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/apiserver.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'apiserver-csr.json', 'name': 'kube-apiserver', 'org': 'Kubernetes', 'bare': 'apiserver'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/controller-manager.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'manager-csr.json', 'name': 'system:kube-controller-manager', 'org': 'system:kube-controller-manager', 'bare': 'controller-manager'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/scheduler.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'scheduler-csr.json', 'name': 'system:kube-scheduler', 'org': 'system:kube-scheduler', 'bare': 'scheduler'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-ca-csr.json', 'name': 'kubernetes-front', 'org': 'Kubernetes', 'bare': 'front-proxy-ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-client.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-client-csr.json', 'name': 'front-proxy-client', 'org': 'Kubernetes', 'bare': 'front-proxy-client'}})

TASK [cert : Check Kubernetes SSL certificate authority files] *****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:03 +0300 (0:00:26.610)       0:00:55.813 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'ca-csr.json', 'bare': 'ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'})

TASK [cert : Create Kubernetes SSL certificate authority files] ****************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:05 +0300 (0:00:01.345)       0:00:57.159 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'ca-csr.json', 'bare': 'ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'ca-csr.json', 'bare': 'ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-ca-csr.json', 'bare': 'front-proxy-ca'}})

TASK [cert : Check Kubernetes SSL certificate key files] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:07 +0300 (0:00:02.274)       0:00:59.434 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'})

TASK [cert : Create Kubernetes SSL certificate key files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:11 +0300 (0:00:03.518)       0:01:02.952 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/apiserver.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'apiserver-csr.json', 'ca': 'ca', 'hosts': '172.16.35.9,10.96.0.1,127.0.0.1,kubernetes.default,kubernetes', 'bare': 'apiserver'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/admin.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'admin-csr.json', 'ca': 'ca', 'bare': 'admin'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/controller-manager.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'manager-csr.json', 'ca': 'ca', 'bare': 'controller-manager'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/scheduler.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'scheduler-csr.json', 'ca': 'ca', 'bare': 'scheduler'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/front-proxy-client.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'front-proxy-client-csr.json', 'ca': 'front-proxy-ca', 'bare': 'front-proxy-client'}})

TASK [cert : Check service account key already exists] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:17 +0300 (0:00:05.886)       0:01:08.839 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create service account private and public key] ********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:17 +0300 (0:00:00.743)       0:01:09.583 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item=openssl genrsa -out /etc/kubernetes/pki/sa.key 2048)
changed: [192.168.1.11 -> 192.168.1.11] => (item=openssl rsa -in /etc/kubernetes/pki/sa.key -pubout -out /etc/kubernetes/pki/sa.pub)

TASK [common/copy-files : Check the files already exists] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:19 +0300 (0:00:01.534)       0:01:11.117 *******
ok: [192.168.1.11] => (item=/etc/kubernetes/pki/ca.pem)
ok: [192.168.1.11] => (item=/etc/kubernetes/pki/ca-key.pem)

TASK [common/copy-files : Read the config files] *******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:20 +0300 (0:00:01.418)       0:01:12.536 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'charset': 'us-ascii', 'uid': 0, 'exists': True, 'attr_flags': '', 'woth': False, 'isreg': True, 'device_type': 0, 'mtime': 1554289146.4989, 'block_size': 4096, 'inode': 17544020, 'isgid': False, 'size': 1428, 'executable': False, 'isuid': False, 'readable': True, 'version': '931548068', 'pw_name': 'root', 'gid': 0, 'ischr': False, 'wusr': True, 'writeable': True, 'mimetype': 'text/plain', 'blocks': 8, 'xoth': False, 'islnk': False, 'nlink': 1, 'issock': False, 'rgrp': True, 'gr_name': 'root', 'path': '/etc/kubernetes/pki/ca.pem', 'xusr': False, 'atime': 1554289152.0834353, 'isdir': False, 'ctime': 1554289146.4989, 'isblk': False, 'wgrp': False, 'checksum': '5287e52d1257c9690d30390230a0082814767bc6', 'dev': 2049, 'roth': True, 'isfifo': False, 'mode': '0644', 'xgrp': False, 'rusr': True, 'attributes': []}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, 'item': '/etc/kubernetes/pki/ca.pem', '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': '/etc/kubernetes/pki/ca.pem'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/ca-key.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'charset': 'us-ascii', 'uid': 0, 'exists': True, 'attr_flags': '', 'woth': False, 'isreg': True, 'device_type': 0, 'mtime': 1554289146.4989, 'block_size': 4096, 'inode': 17544023, 'isgid': False, 'size': 1675, 'executable': False, 'isuid': False, 'readable': True, 'version': '18446744072552176892', 'pw_name': 'root', 'gid': 0, 'ischr': False, 'wusr': True, 'writeable': True, 'mimetype': 'text/plain', 'blocks': 8, 'xoth': False, 'islnk': False, 'nlink': 1, 'issock': False, 'rgrp': False, 'gr_name': 'root', 'path': '/etc/kubernetes/pki/ca-key.pem', 'xusr': False, 'atime': 1554289152.0834353, 'isdir': False, 'ctime': 1554289146.4989, 'isblk': False, 'wgrp': False, 'checksum': 'adb5bf2d8111cee560ec96d8003a9ee10b66e70b', 'dev': 2049, 'roth': False, 'isfifo': False, 'mode': '0600', 'xgrp': False, 'rusr': True, 'attributes': []}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, 'item': '/etc/kubernetes/pki/ca-key.pem', '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': '/etc/kubernetes/pki/ca-key.pem'})

TASK [common/copy-files : Write the content of files] **************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:01.647)       0:01:14.184 *******

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:00.166)       0:01:14.350 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-k8s-kubelet-certs.yml for 192.168.1.11

TASK [cert : Check kubelet SSL certificate key files] **************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:22 +0300 (0:00:00.077)       0:01:14.428 *******
ok: [192.168.1.11]

TASK [cert : Generate kubelet SSL certificate json files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:23 +0300 (0:00:00.690)       0:01:15.119 *******
changed: [192.168.1.11]

TASK [cert : Create kubelet SSL certificate key files] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:27 +0300 (0:00:04.684)       0:01:19.803 *******
changed: [192.168.1.11]

TASK [cert : include_tasks] ****************************************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:29 +0300 (0:00:01.232)       0:01:21.036 *******
included: /Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-etcd-certs.yml for 192.168.1.11

TASK [cert : Ensure etcd PKI directory already exists] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:29 +0300 (0:00:00.104)       0:01:21.141 *******
changed: [192.168.1.11]

TASK [cert : Check etcd SSL certificate json files] ****************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:30 +0300 (0:00:00.976)       0:01:22.117 *******
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'})
ok: [192.168.1.11 -> 192.168.1.11] => (item={'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'})

TASK [cert : Generate etcd SSL certificate json files] *************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:32 +0300 (0:00:01.750)       0:01:23.868 *******
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/etcd/etcd-ca.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'etcd-ca-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd-ca'}})
changed: [192.168.1.11 -> 192.168.1.11] => (item={'invocation': {'module_args': {'checksum_algorithm': 'sha1', 'get_checksum': True, 'follow': False, 'path': '/etc/kubernetes/pki/etcd/etcd.pem', 'get_md5': None, 'get_mime': True, 'get_attributes': True}}, 'stat': {'exists': False}, 'changed': False, '_ansible_parsed': True, '_ansible_no_log': False, 'failed': False, '_ansible_delegated_vars': {'ansible_delegated_host': '192.168.1.11', 'ansible_host': '192.168.1.11'}, 'item': {'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'}, '_ansible_item_result': True, '_ansible_ignore_errors': None, '_ansible_item_label': {'file': 'etcd-csr.json', 'name': 'etcd', 'org': 'etcd', 'bare': 'etcd'}})

TASK [cert : Check etcd SSL certificate authority files] ***********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:39 +0300 (0:00:07.655)       0:01:31.524 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create etcd SSL certificate authority files] **********************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:40 +0300 (0:00:00.755)       0:01:32.279 *******
changed: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Check etcd SSL certificate key file] ******************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:41 +0300 (0:00:00.976)       0:01:33.256 *******
ok: [192.168.1.11 -> 192.168.1.11]

TASK [cert : Create etcd SSL certificate key files] ****************************************************************************************************************************************************************************************************************************
Wednesday 03 April 2019  13:59:42 +0300 (0:00:00.728)       0:01:33.984 *******
fatal: [192.168.1.11]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/Users/testuser/works/personal/test/ansible2/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n  ^ here\n"}

NO MORE HOSTS LEFT *************************************************************************************************************************************************************************************************************************************************************
    to retry, use: --limit @/Users/testuser/works/personal/test/ansible2/kube-ansible/cluster.retry

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************
192.168.1.11              : ok=42   changed=18   unreachable=0    failed=1

Wednesday 03 April 2019  13:59:42 +0300 (0:00:00.118)       0:01:34.102 *******
===============================================================================
cert : Generate Kubernetes SSL certificate json files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 26.61s
cert : Generate etcd SSL certificate json files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7.66s
cert : Create Kubernetes SSL certificate key files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 5.89s
cert : Generate kubelet SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.68s
cert : Check Kubernetes SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.55s
cert : Generate SSL CA config ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.15s
Gathering Facts --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.01s
cert : Check Kubernetes SSL certificate key files ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.52s
cert : Create Kubernetes SSL certificate authority files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.27s
download/package : Downloading cfssl file ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.06s
cert : Check etcd SSL certificate json files ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.75s
common/copy-files : Read the config files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.65s
download/package : Downloading cfssljson file --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.64s
cert : Create service account private and public key -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.53s
download/package : Check cfssljson binary already exists ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.44s
common/copy-files : Check the files already exists ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.42s
download/package : Copy cfssl file to release directory ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.35s
cert : Check Kubernetes SSL certificate authority files ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.35s
download/package : Copy cfssljson file to release directory ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.27s
cert : Create kubelet SSL certificate key files ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.23s
ansible-playbook -i inventory/hosts.ini cluster.yml  16.81s user 6.57s system 24% cpu 1:35.93 total
ScantyDaemon commented 3 years ago

I have a similar problem.

TASK [cert : Check etcd SSL certificate authority files] ***************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.573)       0:00:13.658 *******
ok: [192.168.1.101 -> 192.168.1.101]

TASK [cert : Create etcd SSL certificate authority files] **************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.308)       0:00:13.966 *******

TASK [cert : Check etcd SSL certificate key file] **********************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.088)       0:00:14.055 *******
ok: [192.168.1.101 -> 192.168.1.101]

TASK [cert : Create etcd SSL certificate key files] ********************************************************************
Wednesday 28 April 2021  13:01:18 +0000 (0:00:00.277)       0:00:14.333 *******
fatal: [192.168.1.101]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'ansible_default_ipv4'\n\nThe error appears to have been in '/root/kube-ansible/roles/cert/tasks/create-etcd-certs.yml': line 49, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create etcd SSL certificate key files\n  ^ here\n"}

NO MORE HOSTS LEFT *****************************************************************************************************
        to retry, use: --limit @/root/kube-ansible/cluster.retry

PLAY RECAP *************************************************************************************************************
192.168.1.101              : ok=31   changed=0    unreachable=0    failed=1

===============================================================================
cert : Check Kubernetes SSL certificate json files -------------------------------------------------------------- 1.47s
download/package : Create download binaries tmp directory ------------------------------------------------------- 1.38s
cert : Check Kubernetes SSL certificate key files --------------------------------------------------------------- 1.18s
download/package : Copy cfssl file to release directory --------------------------------------------------------- 0.59s
cert : Generate etcd SSL certificate json files ----------------------------------------------------------------- 0.57s
common/copy-files : Read the config files ----------------------------------------------------------------------- 0.54s
common/copy-files : Check the files already exists -------------------------------------------------------------- 0.52s
cert : Check Kubernetes SSL certificate authority files --------------------------------------------------------- 0.50s
download/package : Check cfssl binary already exists ------------------------------------------------------------ 0.49s
cert : Check etcd SSL certificate json files -------------------------------------------------------------------- 0.48s
download/package : Copy cfssljson file to release directory ----------------------------------------------------- 0.39s
download/package : Create cfssl release directory --------------------------------------------------------------- 0.35s
download/package : Check cfssljson binary already exists -------------------------------------------------------- 0.33s
download/package : Symlinks cfssljson to /usr/local/bin --------------------------------------------------------- 0.32s
download/package : Symlinks cfssl to /usr/local/bin ------------------------------------------------------------- 0.31s
cert : Check etcd SSL certificate authority files --------------------------------------------------------------- 0.31s
download/package : Create download binaries tmp directory ------------------------------------------------------- 0.31s
cert : Check service account key already exists ----------------------------------------------------------------- 0.29s
cert : Check SSL CA json config --------------------------------------------------------------------------------- 0.28s
cert : Check etcd SSL certificate key file ---------------------------------------------------------------------- 0.28s