Giter Site home page Giter Site logo

Comments (24)

pawankkamboj avatar pawankkamboj commented on September 3, 2024 1

from kubernetes-ansible.

dberuben avatar dberuben commented on September 3, 2024 1

@harryliu123 on [10.1.52.144] what is your ethernet interface ?
eth0 ? just change the line : ansible_bond0 with ansible_eth0 or whatever you have on ip addr show

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024 1

thx for pawankkamboj and dberuben support

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

please complete playbook logs

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

[root@master1 log]# cat ansible.log
2016-12-21 00:00:34,131 p=11368 u=root | PLAY [all] *********************************************************************
2016-12-21 00:00:34,186 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:00:35,372 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:00:35,410 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:00:35,494 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:00:35,709 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:35,714 p=11368 u=root | TASK [yum-repo : Install epel] *************************************************
2016-12-21 00:00:43,152 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:00:43,300 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:45,720 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:00:45,813 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:00:45,816 p=11368 u=root | TASK [yum-repo : Adding Kubernetes repository] *********************************
2016-12-21 00:00:46,774 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:00:46,780 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:00:46,787 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:00:47,013 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:47,020 p=11368 u=root | PLAY [sslhost] *****************************************************************
2016-12-21 00:00:47,026 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:00:47,894 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:47,898 p=11368 u=root | TASK [sslcert : create ssl cert dir] *******************************************
2016-12-21 00:00:48,690 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:48,694 p=11368 u=root | TASK [sslcert : copy openssl conf file to create certificate] ******************
2016-12-21 00:00:49,788 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:49,791 p=11368 u=root | TASK [sslcert : copy openssl conf file to create certificate] ******************
2016-12-21 00:00:55,698 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:55,700 p=11368 u=root | TASK [sslcert : create kubenetes certificates] *********************************
2016-12-21 00:00:55,773 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl genrsa -out /opt/kubernetes/pki/apiserver-key.pem 2048)
2016-12-21 00:00:55,774 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl x509 -req -in /opt/kubernetes/pki/admin.csr -CA /opt/kubernetes/pki/ca.pem -CAkey /opt/kubernetes/pki/ca-key.pem -CAcreateserial -out /opt/kubernetes/pki/admin.pem -days 1000)
2016-12-21 00:00:55,774 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl req -new -key /opt/kubernetes/pki/admin-key.pem -out /opt/kubernetes/pki/admin.csr -subj '/CN=kube-admin')
2016-12-21 00:00:55,774 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl genrsa -out /opt/kubernetes/pki/admin-key.pem 2048)
2016-12-21 00:00:55,774 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl req -x509 -new -nodes -key /opt/kubernetes/pki/ca-key.pem -days 1000 -out /opt/kubernetes/pki/ca.pem -subj '/CN=kube-ca')
2016-12-21 00:00:55,774 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl genrsa -out /opt/kubernetes/pki/ca-key.pem 2048)
2016-12-21 00:00:55,777 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl x509 -req -in /opt/kubernetes/pki/apiserver.csr -CA /opt/kubernetes/pki/ca.pem -CAkey /opt/kubernetes/pki/ca-key.pem -CAcreateserial -out /opt/kubernetes/pki/apiserver.pem -days 1000 -extensions v3_req -extfile /opt/kubernetes/pki/openssl.conf)
2016-12-21 00:00:55,777 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl req -new -key /opt/kubernetes/pki/apiserver-key.pem -out /opt/kubernetes/pki/apiserver.csr -subj '/CN=kube-apiserver' -config /opt/kubernetes/pki/openssl.conf)
2016-12-21 00:00:55,780 p=11368 u=root | TASK [sslcert : create etcd certificate] ***************************************
2016-12-21 00:00:55,846 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl x509 -req -in /opt/kubernetes/pki/etcd.csr -CA /opt/kubernetes/pki/ca.pem -CAkey /opt/kubernetes/pki/ca-key.pem -CAcreateserial -out /opt/kubernetes/pki/etcd.pem -days 1000 -extensions v3_req -extfile /opt/kubernetes/pki/openssl-etcd.conf)
2016-12-21 00:00:55,847 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl req -new -key /opt/kubernetes/pki/etcd-key.pem -out /opt/kubernetes/pki/etcd.csr -subj '/CN=Etcd-server' -config /opt/kubernetes/pki/openssl-etcd.conf)
2016-12-21 00:00:55,847 p=11368 u=root | skipping: [10.1.52.135] => (item=openssl genrsa -out /opt/kubernetes/pki/etcd-key.pem 2048)
2016-12-21 00:00:55,852 p=11368 u=root | PLAY [etcd] ********************************************************************
2016-12-21 00:00:55,860 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:00:56,326 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:00:56,571 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:00:56,575 p=11368 u=root | TASK [etcd : Install etcd] *****************************************************
2016-12-21 00:01:03,887 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:05,388 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:05,392 p=11368 u=root | TASK [etcd : Create etcd config directory] *************************************
2016-12-21 00:01:05,757 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:05,973 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:05,976 p=11368 u=root | TASK [etcd : Write etcd config file] *******************************************
2016-12-21 00:01:06,666 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:12,076 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:12,079 p=11368 u=root | TASK [etcd : copy etcd certificate from ansible host] **************************
2016-12-21 00:01:12,167 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:12,170 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:12,174 p=11368 u=root | TASK [etcd : Enable and start etcd] ********************************************
2016-12-21 00:01:12,701 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:12,850 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:12,853 p=11368 u=root | TASK [etcd : Retart etcd] ******************************************************
2016-12-21 00:01:12,940 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:12,942 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:12,948 p=11368 u=root | PLAY [all] *********************************************************************
2016-12-21 00:01:12,955 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:01:13,570 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:01:13,575 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:13,578 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:01:13,742 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:13,747 p=11368 u=root | TASK [docker : Install Docker] *************************************************
2016-12-21 00:01:18,568 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:20,103 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:20,129 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:01:22,690 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:01:22,693 p=11368 u=root | TASK [docker : Add any insecure registrys to docker config] ********************
2016-12-21 00:01:22,871 p=11368 u=root | skipping: [10.1.52.143]
2016-12-21 00:01:22,873 p=11368 u=root | skipping: [10.1.52.144]
2016-12-21 00:01:22,875 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:22,877 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:22,881 p=11368 u=root | TASK [docker : add registry] ***************************************************
2016-12-21 00:01:23,058 p=11368 u=root | skipping: [10.1.52.144]
2016-12-21 00:01:23,060 p=11368 u=root | skipping: [10.1.52.143]
2016-12-21 00:01:23,062 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:23,065 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:23,068 p=11368 u=root | TASK [docker : Enable Docker] **************************************************
2016-12-21 00:01:23,647 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:23,650 p=11368 u=root | ok: [10.1.52.143]
2016-12-21 00:01:23,653 p=11368 u=root | ok: [10.1.52.144]
2016-12-21 00:01:23,891 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:23,896 p=11368 u=root | PLAY [masters] *****************************************************************
2016-12-21 00:01:23,903 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:01:24,356 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:24,664 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:24,668 p=11368 u=root | TASK [haproxy : create kubernetes manifests config directory] ******************
2016-12-21 00:01:25,019 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:25,265 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:25,298 p=11368 u=root | TASK [haproxy : create haproxy config directory] *******************************
2016-12-21 00:01:25,799 p=11368 u=root | ok: [10.1.52.135 -> 10.1.52.142]
2016-12-21 00:01:25,802 p=11368 u=root | ok: [10.1.52.142 -> 10.1.52.142]
2016-12-21 00:01:25,809 p=11368 u=root | TASK [haproxy : copy haproxy json config file] *********************************
2016-12-21 00:01:26,721 p=11368 u=root | ok: [10.1.52.142 -> 10.1.52.142]
2016-12-21 00:01:26,726 p=11368 u=root | ok: [10.1.52.135 -> 10.1.52.142]
2016-12-21 00:01:26,732 p=11368 u=root | TASK [haproxy : copy haproxy config file] **************************************
2016-12-21 00:01:27,627 p=11368 u=root | ok: [10.1.52.142 -> 10.1.52.142]
2016-12-21 00:01:27,640 p=11368 u=root | ok: [10.1.52.135 -> 10.1.52.142]
2016-12-21 00:01:27,644 p=11368 u=root | PLAY [masters] *****************************************************************
2016-12-21 00:01:27,655 p=11368 u=root | TASK [setup] *******************************************************************
2016-12-21 00:01:28,113 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:28,294 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:28,298 p=11368 u=root | TASK [master : Install Kubernetes packages] ************************************
2016-12-21 00:01:42,217 p=11368 u=root | ok: [10.1.52.135] => (item=[u'kubectl', u'kubelet', u'kubernetes-cni'])
2016-12-21 00:01:43,628 p=11368 u=root | ok: [10.1.52.142] => (item=[u'kubectl', u'kubelet', u'kubernetes-cni'])
2016-12-21 00:01:43,631 p=11368 u=root | TASK [master : create kubernetes config directory] *****************************
2016-12-21 00:01:43,934 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:44,112 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:44,115 p=11368 u=root | TASK [master : create weave dir] ***********************************************
2016-12-21 00:01:44,138 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:44,140 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:44,143 p=11368 u=root | TASK [master : copy weave file] ************************************************
2016-12-21 00:01:44,165 p=11368 u=root | skipping: [10.1.52.142]
2016-12-21 00:01:44,168 p=11368 u=root | skipping: [10.1.52.135]
2016-12-21 00:01:44,171 p=11368 u=root | TASK [master : copy api config file] *******************************************
2016-12-21 00:01:44,710 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:50,201 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:50,205 p=11368 u=root | TASK [master : copy controller config file] ************************************
2016-12-21 00:01:50,728 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:51,297 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:51,300 p=11368 u=root | TASK [master : copy scheduler config file] *************************************
2016-12-21 00:01:51,820 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:01:57,231 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:01:57,234 p=11368 u=root | TASK [master : copy kube config file] ******************************************
2016-12-21 00:01:57,765 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:02:03,102 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:02:03,105 p=11368 u=root | TASK [master : copy openssl certificate from ansible host] *********************
2016-12-21 00:02:04,045 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:02:14,757 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:02:14,760 p=11368 u=root | TASK [master : copy kubelet-config file] ***************************************
2016-12-21 00:02:15,316 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:02:20,756 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:02:20,759 p=11368 u=root | TASK [master : copy kubelet-service file] **************************************
2016-12-21 00:02:21,292 p=11368 u=root | ok: [10.1.52.142]
2016-12-21 00:02:26,863 p=11368 u=root | ok: [10.1.52.135]
2016-12-21 00:02:26,866 p=11368 u=root | TASK [master : start and enable kubelet] ***************************************
2016-12-21 00:02:27,187 p=11368 u=root | fatal: [10.1.52.142]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service kubelet: Failed to start kubelet.service: Unit not found.\n"}
2016-12-21 00:02:27,494 p=11368 u=root | fatal: [10.1.52.135]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service kubelet: Failed to start kubelet.service: Unit not found.\n"}
2016-12-21 00:02:27,528 p=11368 u=root | to retry, use: --limit @/root/HA-kubernetes-ansible/cluster.retry

2016-12-21 00:02:27,528 p=11368 u=root | PLAY RECAP *********************************************************************
2016-12-21 00:02:27,529 p=11368 u=root | 10.1.52.135 : ok=30 changed=0 unreachable=0 failed=1
2016-12-21 00:02:27,529 p=11368 u=root | 10.1.52.142 : ok=26 changed=0 unreachable=0 failed=1
2016-12-21 00:02:27,529 p=11368 u=root | 10.1.52.143 : ok=6 changed=0 unreachable=0 failed=0
2016-12-21 00:02:27,529 p=11368 u=root | 10.1.52.144 : ok=6 changed=0 unreachable=0 failed=0

[root@master1 log]# tail -f messages
Dec 21 00:17:03 master1 etcd: saved snapshot at index 20002
Dec 21 00:17:03 master1 etcd: compacted raft log at 15002
Dec 21 00:31:35 master1 systemd: Started Session 16 of user root.
Dec 21 00:31:35 master1 systemd-logind: New session 16 of user root.
Dec 21 00:31:35 master1 systemd: Starting Session 16 of user root.
Dec 21 00:35:43 master1 systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Dec 21 00:39:07 master1 systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Dec 21 00:42:15 master1 systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

Before running kubelet we need to create /var/lib/kubelet, it should be present, kubelet does not create it at startup, I added it, please check

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

ideally, kubelet should create during initialisation but it does not. added now both in master/node roles, please verify

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

i see add

  • name: start and enable kubelet
    service: name=kubelet enabled=no state=started
    register: kubelet_start

but the same problem has not changed

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

Please check again, I added those in master branch, both in master and node roles.

  • name: create kubelet directory
    file: path=/var/lib/kubelet state=directory

from kubernetes-ansible.

Zksteam avatar Zksteam commented on September 3, 2024

hi
same issue there i verified the folder is there on the master and on the nodes

log:
TASK [master : copy kubelet-config file] ***************************************
ok: [192.168.51.15]

TASK [master : copy kubelet-service file] **************************************
ok: [192.168.51.15]

TASK [master : create kubelet directory] ***************************************
ok: [192.168.51.15]

TASK [master : start and enable kubelet] ***************************************
fatal: [192.168.51.15]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service kubelet: Failed to start kubelet.service: Unit not found.\n"}
to retry, use: --limit @/var/lib/awx/projects/_493__zachis_project/zachi_test/cluster.retry

PLAY RECAP *********************************************************************
127.0.0.1 : ok=9 changed=1 unreachable=0 failed=1
192.168.51.15 : ok=29 changed=3 unreachable=0 failed=1
192.168.51.5 : ok=6 changed=0 unreachable=0 failed=0
192.168.51.6 : ok=6 changed=0 unreachable=0 failed=0

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

try to start it manually on master, check /var/log/message, and also see if file /etc/systemd/system/kubelet.service is present there. if you have earlier version of kubelet then file will be at /usr/lib/systemd/system/kubelet.service then delete it first.

from kubernetes-ansible.

Zksteam avatar Zksteam commented on September 3, 2024

hi thanks for your reply
all servers are fresh installed cantos(1 master ,2 nodes)

this is the txt in the file /etc/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet
$KUBELET_ADDRESS
$KUBELET_POD_INFRA_CONTAINER
$KUBELET_ARGS
$KUBE_LOGTOSTDERR
$KUBE_ALLOW_PRIV
$KUBELET_NETWORK_ARGS
$KUBELET_DNS_ARGS
Restart=on-failure

[Install]
WantedBy=multi-user.target

not sure its OK, look like the args didn't pass i am using ansible tower
maybe that the issue

will try to redeploy from CLI

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

please replace docker.service to docker-latest.service, actually I am using docker-latest package so need to replace it, earlier I built roles using docker but later I moved to docker-latest. I have updated in playbook also, you can take checkout.

from kubernetes-ansible.

jamstar avatar jamstar commented on September 3, 2024

i was having same issue as the original poster and this fixed it for me. Thanks!

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

thx your reply, but i have another problem
error log say Unable to find /opt/kubernetes/pki/XXXXX

TASK [node : copy CA certificate from ansible host] ****************************
failed: [10.1.52.143] (item=ca.pem) => {"failed": true, "item": "ca.pem", "msg": "Unable to find '/opt/kubernetes/pki/ca.pem' in expected paths."}
failed: [10.1.52.143] (item=ca-key.pem) => {"failed": true, "item": "ca-key.pem", "msg": "Unable to find '/opt/kubernetes/pki/ca-key.pem' in expected paths."}
failed: [10.1.52.143] (item=admin-key.pem) => {"failed": true, "item": "admin-key.pem", "msg": "Unable to find '/opt/kubernetes/pki/admin-key.pem' in expected paths."}
failed: [10.1.52.143] (item=admin.pem) => {"failed": true, "item": "admin.pem", "msg": "Unable to find '/opt/kubernetes/pki/admin.pem' in expected paths."}
failed: [10.1.52.144] (item=ca.pem) => {"failed": true, "item": "ca.pem", "msg": "Unable to find '/opt/kubernetes/pki/ca.pem' in expected paths."}
failed: [10.1.52.144] (item=ca-key.pem) => {"failed": true, "item": "ca-key.pem", "msg": "Unable to find '/opt/kubernetes/pki/ca-key.pem' in expected paths."}
failed: [10.1.52.144] (item=admin-key.pem) => {"failed": true, "item": "admin-key.pem", "msg": "Unable to find '/opt/kubernetes/pki/admin-key.pem' in expected paths."}
failed: [10.1.52.144] (item=admin.pem) => {"failed": true, "item": "admin.pem", "msg": "Unable to find '/opt/kubernetes/pki/admin.pem' in expected paths."}
to retry, use: --limit @/root/HA-kubernetes-ansible/cluster.retry

i see all.yml
cert_dir is /etc/kubernetes/pki not /opt/kubernetes/pki
[root@master1 HA-kubernetes-ansible]# grep -R cert_dir
group_vars/all.yml:cert_dir: /etc/kubernetes/pki
group_vars/all.yml:master_cert_dir: /opt/kubernetes/pki

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

[root@master1 HA-kubernetes-ansible]# cat inventory
[etcd]
10.1.52.135
10.1.52.142
10.1.52.147
[masters]
10.1.52.142
10.1.52.135
10.1.52.147
[sslhost]
10.1.52.135 # should be ansible host
[node]
10.1.52.143
10.1.52.144

[root@master1 HA-kubernetes-ansible]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:ae:af:b5 brd ff:ff:ff:ff:ff:ff
inet 10.1.52.135/24 brd 10.1.52.255 scope global dynamic ens192
valid_lft 79692sec preferred_lft 79692sec
inet6 fe80::250:56ff:feae:afb5/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:2f:be:c6:0f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

Now I set to true default in all.yml

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

thx your reply, but i have another problem

TASK [node : copy openssl] *****************************************************
fatal: [10.1.52.143]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'ansible_bond0' is undefined"}
fatal: [10.1.52.144]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'ansible_bond0' is undefined"}
to retry, use: --limit @/root/HA-kubernetes-ansible/cluster.retry

message log
Dec 23 00:31:17 master1 journal: E1223 05:31:17.630193 1 reflector.go:214] k8s.io/kubernetes/plugin/pkg/scheduler/factory/factory.go:388: Failed to list *api.Pod: Get https://10.1.52.199/api/v1/pods?fieldSelector=spec.nodeName%3D%2Cstatus.phase%21%3DFailed%2Cstatus.phase%21%3DSucceeded&resourceVersion=0: dial tcp 10.1.52.199:443: getsockopt: no route to host

my all.yml file

[root@master1 HA-kubernetes-ansible]# cat group_vars/all.yml
#- setup variable for cluster installation
#- kubernetes dir
kube_config_dir: /etc/kubernetes
manifest_config_dir: /etc/kubernetes/manifests
cert_dir: /etc/kubernetes/pki
master_cert_dir: /opt/kubernetes/pki
kube_addon_dir: /etc/kubernetes/addon
weavedir: /etc/cni/net.d
flannel_dir: /etc/sysconfig

#- image and other variable
api_image: gcr.io/google_containers/kube-apiserver-amd64:v1.4.5
controller_image: gcr.io/google_containers/kube-controller-manager-amd64:v1.4.5
scheduler_image: gcr.io/google_containers/kube-scheduler-amd64:v1.4.5
kube_proxy_image: gcr.io/google_containers/kube-proxy-amd64:v1.4.5

#- cluster service ip range
service_ip_range: 100.64.0.0/12
kubernetes_service_ip: 100.64.0.1
#- all certifactes for cluster
account_key: /etc/kubernetes/pki/apiserver-key.pem
ca_cert: /etc/kubernetes/pki/ca.pem
ca_key: /etc/kubernetes/pki/ca-key.pem
api_cert: /etc/kubernetes/pki/apiserver.pem
api_key: /etc/kubernetes/pki/apiserver-key.pem
admin_key: /etc/kubernetes/pki/admin-key.pem
admin_cert: /etc/kubernetes/pki/admin.pem
node_cert: /etc/kubernetes/pki/node.pem
node_key: /etc/kubernetes/pki/node-key.pem

#- api secure port and api loadbalancer IP
api_secure_port: 5443
api_lb_ip: https://10.1.52.199 # it should be haproxy host IP or network load balancer IP # if using onle one api server then setup IP of it
lb_ip: 10.1.52.199

#- kubeconfig file
kubeconfig: /etc/kubernetes/kubeconfig
kubeletconfig: /etc/kubernetes/kubeletconfig
kubeadminconfig: /etc/kubernetes/kubeadminconfig

all master fqdn name - it require to create ssl certificate

set it to only available api server

masters_fqdn: ['master1', 'master2', 'master3']

#- cluster dns name and IP
cluster_name: k8scluster

kube-proxy addon

kube_proxy: false # set true only if cluster is fully operation and running

#- kube-dns add-on
kube_dns: false # set true only if cluster is fully operation and running
#- if true then set following
dns_ip: 100.64.0.10 # it should be from cluster service_ip_range
dns_replicas: 1

#- weave ui port and IP
weave_net: false # set true only if cluster is fully operation and running
#- if true then set following
weaveui_port: 90
weaveui_ip: 10.1.52.135 # it should be one of cluster node IP

#flannel network # only one network plugin should be enable either weave or flannel
flannel: true
flannel_network: "10.200.0.0/16"
flannel_key: "/atomic.io/network"
flannel_subnet_len: 24

A list of insecure registrys you might need to define

insecure_registrys:

Turn to false to disable cluster monitoring with heapster and influxdb

cluster_monitoring: false # set true only if cluster is fully operation and running
#- if true then set following
heapster_ip: 100.64.0.11 # it should be from cluster service_ip_range
heapster_port: 80
grafana_ip: 10.1.52.135 # it should be one of cluster node IP
grafana_port: 100
influx_ip: 10.1.52.135 # it should be one of cluster node IP
influx_port: 8086

Turn to false to disable the kube-dash addon for this cluster

kube_dash: false # set true only if cluster is fully operation and running
#- if true then set following
kube_dash_ip: 10.1.52.135 # it should be one of cluster node IP
kube_dash_port: 80

#- setup haproxy for loadbalancing
haproxy: true # set false when already physical loadbalancer available
haproxy_dir: /etc/haproxy
haproxy_monitor_port: 9090
admin_user: admin
admin_password: admin123

#- ssl cert handler
sslcert_create: true # set true to create certificate, it should be true during ansible first run

#- etcd config
domain_name: test.com #- use to create wildcard ssl certificate for api and etcd
etcd_peer_url_scheme: http #- for http or https
etcd_ca_file: "/etc/kubernetes/pki/ca.pem"
etcd_cert_file: "/etc/kubernetes/pki/etcd.pem"
etcd_key_file: "/etc/kubernetes/pki/etcd-key.pem"
etcd_peer_ca_file: "/etc/kubernetes/pki/ca.pem"
etcd_peer_cert_file: "/etc/kubernetes/pki/etcd.pem"
etcd_peer_key_file: "/etc/kubernetes/pki/etcd-key.pem"

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:ae:c6:7c brd ff:ff:ff:ff:ff:ff
inet 10.1.52.143/24 brd 10.1.52.255 scope global dynamic ens192
valid_lft 46823sec preferred_lft 46823sec
inet6 fe80::5219:af8d:685c:d27/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:bb:9d:bc:d6 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever

# so i change network name ens192 to eth0 ??
thx your reply

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

i change sslcert_create: false

but happen new error

TASK [node : create certificate for node] **************************************
changed: [10.1.52.144] => (item=openssl genrsa -out /etc/kubernetes/pki/node-key.pem 2048)
changed: [10.1.52.143] => (item=openssl genrsa -out /etc/kubernetes/pki/node-key.pem 2048)
failed: [10.1.52.144] (item=openssl req -new -key /etc/kubernetes/pki/node-key.pem -out /etc/kubernetes/pki/node.csr -subj '/CN=kube-node' -config /etc/kubernetes/pki/openssl.conf) => {"changed": true, "cmd": ["openssl", "req", "-new", "-key", "/etc/kubernetes/pki/node-key.pem", "-out", "/etc/kubernetes/pki/node.csr", "-subj", "/CN=kube-node", "-config", "/etc/kubernetes/pki/openssl.conf"], "delta": "0:00:00.005893", "end": "2016-12-23 04:02:22.940397", "failed": true, "item": "openssl req -new -key /etc/kubernetes/pki/node-key.pem -out /etc/kubernetes/pki/node.csr -subj '/CN=kube-node' -config /etc/kubernetes/pki/openssl.conf", "rc": 1, "start": "2016-12-23 04:02:22.934504", "stderr": "error on line -1 of /etc/kubernetes/pki/openssl.conf\n140091812157344:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/etc/kubernetes/pki/openssl.conf','rb')\n140091812157344:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:\n140091812157344:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:", "stdout": "", "stdout_lines": [], "warnings": []}
failed: [10.1.52.143] (item=openssl req -new -key /etc/kubernetes/pki/node-key.pem -out /etc/kubernetes/pki/node.csr -subj '/CN=kube-node' -config /etc/kubernetes/pki/openssl.conf) => {"changed": true, "cmd": ["openssl", "req", "-new", "-key", "/etc/kubernetes/pki/node-key.pem", "-out", "/etc/kubernetes/pki/node.csr", "-subj", "/CN=kube-node", "-config", "/etc/kubernetes/pki/openssl.conf"], "delta": "0:00:00.007054", "end": "2016-12-23 04:02:22.209713", "failed": true, "item": "openssl req -new -key /etc/kubernetes/pki/node-key.pem -out /etc/kubernetes/pki/node.csr -subj '/CN=kube-node' -config /etc/kubernetes/pki/openssl.conf", "rc": 1, "start": "2016-12-23 04:02:22.202659", "stderr": "error on line -1 of /etc/kubernetes/pki/openssl.conf\n139954333685664:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/etc/kubernetes/pki/openssl.conf','rb')\n139954333685664:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:\n139954333685664:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:", "stdout": "", "stdout_lines": [], "warnings": []}
failed: [10.1.52.144] (item=openssl x509 -req -in /etc/kubernetes/pki/node.csr -CA /etc/kubernetes/pki/ca.pem -CAkey /etc/kubernetes/pki/ca-key.pem -CAcreateserial -out /etc/kubernetes/pki/node.pem -days 1000 -extensions v3_req -extfile /etc/kubernetes/pki/openssl.conf) => {"changed": true, "cmd": ["openssl", "x509", "-req", "-in", "/etc/kubernetes/pki/node.csr", "-CA", "/etc/kubernetes/pki/ca.pem", "-CAkey", "/etc/kubernetes/pki/ca-key.pem", "-CAcreateserial", "-out", "/etc/kubernetes/pki/node.pem", "-days", "1000", "-extensions", "v3_req", "-extfile", "/etc/kubernetes/pki/openssl.conf"], "delta": "0:00:00.016797", "end": "2016-12-23 04:02:23.228899", "failed": true, "item": "openssl x509 -req -in /etc/kubernetes/pki/node.csr -CA /etc/kubernetes/pki/ca.pem -CAkey /etc/kubernetes/pki/ca-key.pem -CAcreateserial -out /etc/kubernetes/pki/node.pem -days 1000 -extensions v3_req -extfile /etc/kubernetes/pki/openssl.conf", "rc": 1, "start": "2016-12-23 04:02:23.212102", "stderr": "error loading the config file '/etc/kubernetes/pki/openssl.conf'", "stdout": "", "stdout_lines": [], "warnings": []}
failed: [10.1.52.143] (item=openssl x509 -req -in /etc/kubernetes/pki/node.csr -CA /etc/kubernetes/pki/ca.pem -CAkey /etc/kubernetes/pki/ca-key.pem -CAcreateserial -out /etc/kubernetes/pki/node.pem -days 1000 -extensions v3_req -extfile /etc/kubernetes/pki/openssl.conf) => {"changed": true, "cmd": ["openssl", "x509", "-req", "-in", "/etc/kubernetes/pki/node.csr", "-CA", "/etc/kubernetes/pki/ca.pem", "-CAkey", "/etc/kubernetes/pki/ca-key.pem", "-CAcreateserial", "-out", "/etc/kubernetes/pki/node.pem", "-days", "1000", "-extensions", "v3_req", "-extfile", "/etc/kubernetes/pki/openssl.conf"], "delta": "0:00:00.019115", "end": "2016-12-23 04:02:22.529680", "failed": true, "item": "openssl x509 -req -in /etc/kubernetes/pki/node.csr -CA /etc/kubernetes/pki/ca.pem -CAkey /etc/kubernetes/pki/ca-key.pem -CAcreateserial -out /etc/kubernetes/pki/node.pem -days 1000 -extensions v3_req -extfile /etc/kubernetes/pki/openssl.conf", "rc": 1, "start": "2016-12-23 04:02:22.510565", "stderr": "error loading the config file '/etc/kubernetes/pki/openssl.conf'", "stdout": "", "stdout_lines": [], "warnings": []}
to retry, use: --limit @/root/HA-kubernetes-ansible/cluster.retry

PLAY RECAP *********************************************************************
10.1.52.135 : ok=32 changed=0 unreachable=0 failed=0
10.1.52.142 : ok=28 changed=0 unreachable=0 failed=0
10.1.52.143 : ok=16 changed=0 unreachable=0 failed=1
10.1.52.144 : ok=16 changed=0 unreachable=0 failed=1
10.1.52.147 : ok=28 changed=0 unreachable=0 failed=0

[root@node1 pki]# openssl req -new -key /etc/kubernetes/pki/node-key.pem -out /etc/kubernetes/pki/node.csr -subj '/CN=kube-node' -config /etc/kubernetes/pki/openssl.conf
error on line -1 of /etc/kubernetes/pki/openssl.conf
140425202223008:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/etc/kubernetes/pki/openssl.conf','rb')
140425202223008:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
140425202223008:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:
[root@node1 pki]# cat /etc/kubernetes/pki/openssl.conf
cat: /etc/kubernetes/pki/openssl.conf: No such file or directory

from kubernetes-ansible.

pawankkamboj avatar pawankkamboj commented on September 3, 2024

from kubernetes-ansible.

harryliu123 avatar harryliu123 commented on September 3, 2024

i see node/task/main.yml

  • name: copy openssl
    when: ca_cert|changed
    template: src="openssl.conf.j2" dest={{ kube_config_dir }}/pki/openssl.conf
    register: openssl_config

i see when: ca_cert|changed so i delete all file in /etc/kubernetes/pki
rerun ansible-playbook -i inventory cluster.yml
error message

TASK [node : copy CA certificate from ansible host] ****************************

changed: [10.1.52.144] => (item=ca-key.pem)
changed: [10.1.52.144] => (item=ca.pem)
changed: [10.1.52.144] => (item=admin.pem)
changed: [10.1.52.144] => (item=admin-key.pem)

TASK [node : copy openssl] *****************************************************
fatal: [10.1.52.144]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'ansible_bond0' is undefined"}

but i didn't see that openssl.conf was created in /etc/kubernetes/pki/

from kubernetes-ansible.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.