unable to load certificate (kubespray setup on AWS) #3571

ankitam23 · 2018-10-23T10:07:11Z

my hosts.ini file is

[k8s-cluster:children]
kube-master
kube-node

[all]
node1 ansible_host=10.250.199.89 ip=10.250.199.89
node2 ansible_host=10.250.204.191 ip=10.250.204.191
node3 ansible_host=10.250.204.33 ip=10.250.204.33
node4 ansible_host=10.250.217.249 ip=10.250.217.249

[kube-master]
node2

[kube-node]
node3
node4

[etcd]
node1

[calico-rr]
node1
node2
node3
node4

[vault]
node1
node2
node3
node4

Error:

fatal: [node4]: FAILED! => {"changed": false, "cmd": ["openssl", "x509", "-in", "/etc/ssl/etcd/ssl/node-node4.pem", "-noout", "-serial"], "delta": "0:00:00.004458", "end": "2018-10-23 09:38:22.521354", "msg": "non-zero return code", "rc": 1, "start": "2018-10-23 09:38:22.516896", "stderr": "Error opening Certificate /etc/ssl/etcd/ssl/node-node4.pem\n140461387085464:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/etcd/ssl/node-node4.pem','r')\n140461387085464:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:\nunable to load certificate", "stderr_lines": ["Error opening Certificate /etc/ssl/etcd/ssl/node-node4.pem", "140461387085464:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/etcd/ssl/node-node4.pem','r')", "140461387085464:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:", "unable to load certificate"], "stdout": "", "stdout_lines": []}
fatal: [node2]: FAILED! => {"changed": false, "cmd": ["openssl", "x509", "-in", "/etc/ssl/etcd/ssl/node-node2.pem", "-noout", "-serial"], "delta": "0:00:00.004473", "end": "2018-10-23 09:38:22.592505", "msg": "non-zero return code", "rc": 1, "start": "2018-10-23 09:38:22.588032", "stderr": "Error opening Certificate /etc/ssl/etcd/ssl/node-node2.pem\n139762824988312:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/etcd/ssl/node-node2.pem','r')\n139762824988312:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:\nunable to load certificate", "stderr_lines": ["Error opening Certificate /etc/ssl/etcd/ssl/node-node2.pem", "139762824988312:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/etcd/ssl/node-node2.pem','r')", "139762824988312:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:", "unable to load certificate"], "stdout": "", "stdout_lines": []}
ok: [node1]

NO MORE HOSTS LEFT *******************************************************************************************
to retry, use: --limit @/root/kubespray-sar/kubespray/cluster.retry

PLAY RECAP ***************************************************************************************************
node1 : ok=238 changed=29 unreachable=0 failed=0
node2 : ok=190 changed=14 unreachable=0 failed=1
node3 : ok=205 changed=15 unreachable=0 failed=0
node4 : ok=190 changed=14 unreachable=0 failed=1

Ansible version is--- ansible 2.7.0

mirwan · 2018-10-23T18:56:22Z

Duplicate of #3464. Long story short downgrade to ansible 2.6.X until PR #3486 is merged.
Closing

ankitam23 · 2018-10-24T07:11:45Z

sloved by downgrading ansible version to 2.6.3 and by not including nodes in calico-rr
Thanks...

mirwan closed this as completed Oct 23, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

unable to load certificate (kubespray setup on AWS) #3571

unable to load certificate (kubespray setup on AWS) #3571

ankitam23 commented Oct 23, 2018

mirwan commented Oct 23, 2018

ankitam23 commented Oct 24, 2018 •

edited

Loading

unable to load certificate (kubespray setup on AWS) #3571

unable to load certificate (kubespray setup on AWS) #3571

Comments

ankitam23 commented Oct 23, 2018

mirwan commented Oct 23, 2018

ankitam23 commented Oct 24, 2018 • edited Loading

ankitam23 commented Oct 24, 2018 •

edited

Loading