Ansible role for installing etcd cluster
Home Page: https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-etcd/
License: GNU General Public License v3.0
Hi!
Try run and get error
TASK [githubixx.etcd : Copy certificates] *******************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
failed: [patroni1] (item=ca-etcd.pem) => {
"changed": false,
"item": "ca-etcd.pem"
}
MSG:
Could not find or access '/home/user/k8s/certs/ca-etcd.pem' on the Ansible Controller.
If you are using a module and expect the file to exist on the remote, see the remote_src option
- hosts: etcd
roles:
- githubixx.etcd
Try with become: yes and without become:yes
cat ansible.cfg
[defaults]
inventory = hosts
remote_user = user
host_key_checking = False
stdout_callback=debug
log_path=logfile
cat hosts
[etcd]
patroni1 ansible_host=192.168.88.197
patroni2 ansible_host=192.168.88.196
patroni3 ansible_host=192.168.88.195
role version:
githubixx.etcd, r4.2.0_v3.2.13
Os Release:
CentOS Linux release 7.6.1810 (Core)
Issue: for some reason the generated template contain double quotes and the etcd doesn't starts
Mar 21 12:45:10 node-1.example.local etcd[7198]: etcd --config-file
Mar 21 12:45:10 node-1.example.local etcd[7198]: path to the server configuration file
Mar 21 12:45:10 node-1.example.local etcd[7198]: etcd gateway
Mar 21 12:45:10 node-1.example.local etcd[7198]: run the stateless pass-through etcd TCP connection forwarding proxy
Mar 21 12:45:10 node-1.example.local etcd[7198]: etcd grpc-proxy
Mar 21 12:45:10 node-1.example.local etcd[7198]: run the stateless etcd v3 gRPC L7 reverse proxy
Mar 21 12:45:10 node-1.example.local systemd[1]: etcd.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 21 12:45:10 node-1.example.local systemd[1]: Failed to start etcd.
Mar 21 12:45:10 node-1.example.local systemd[1]: Unit etcd.service entered failed state.
Mar 21 12:45:10 node-1.example.local systemd[1]: etcd.service failed.
Workaroud:
If I remove the double quotes, it works
systemd manifest:
systemctl cat etcd
# /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
ExecStart=/usr/local/bin/etcd \
--advertise-client-urls="https://192.168.50.101:2379" \
--auto-compaction-retention="0" \
--cert-file="/etc/etcd/cert.pem" \
--client-cert-auth="true" \
--cors="" \
--data-dir="/var/lib/etcd" \
--election-timeout="1000" \
--heartbeat-interval="100" \
--initial-advertise-peer-urls="https://192.168.50.101:2380" \
--initial-cluster="node-1=https://192.168.50.101:2380,node-2=https://192.168.50.102:2380" \
--initial-cluster-state="new" \
--initial-cluster-token="etcd-cluster-0" \
--key-file="/etc/etcd/private.pem" \
--listen-client-urls="https://192.168.50.101:2379,https://127.0.0.1:2379" \
--listen-peer-urls="https://192.168.50.101:2380" \
--log-output="default" \
--log-package-levels="" \
--max-snapshots="5" \
--max-wals="5" \
--name="node-1" \
--peer-cert-file="/etc/etcd/cert.pem" \
--peer-client-cert-auth="true" \
--peer-key-file="/etc/etcd/private.pem" \
--peer-trusted-ca-file="/etc/etcd/cert.pem" \
--quota-backend-bytes="0" \
--snapshot-count="100000" \
--trusted-ca-file="/etc/etcd/cert.pem" \
--wal-dir=""
Restart=on-failure
RestartSec=5
Type=notify
Hello again,
I'm now in part 5 of the tutorial and I'm kind of stuck getting the etcd cluster up and running. It seems the etcd install succeeded and the service did start on all 3 controllers, however I cannot list the cluster members:
Also, it seems the controllers are unable to communicate with one another (the logs are identical on all controllers):
The VPN seems ok:
And the FW rules as well:
Any help would be more than welcome!
Thanks
The task "Downloading official etcd release" only specifies a destination directory without a filename :
- name: Downloading official etcd release
get_url:
url: https://github.com/coreos/etcd/releases/download/v{{etcd_version}}/etcd-v{{etcd_version}}-linux-amd64.tar.gz
dest: "{{etcd_download_dir}}"
mode: 0755
tags:
- etcd
As a result, the filename is not as expected by the next task "Unzip downloaded file" which then crashes:
A simple fix is to specify the full filename in the dest parameter such as this:
dest: "{{etcd_download_dir}}/etcd-v{{etcd_version}}-linux-amd64.tar.gz"
I ran into this problem on a btrfs filesystem, it might not be a problem on ext4.
Our etcd cluster does not have access to github.com. We saved the tarball to one of our internal webservers. We need an option to download it from there.
The "Unzip downloaded file" crashes as it tries to set the ownership of files and directories back to their original values. The original user and group do not exist and thus the task crashes.
- name: Unzip downloaded file
unarchive:
src: "{{etcd_download_dir}}/etcd-v{{etcd_version}}-linux-amd64.tar.gz"
dest: "{{etcd_download_dir}}/"
remote_src: yes
creates: "{{etcd_download_dir}}/etcd-v{{etcd_version}}-linux-amd64/etcd"
tags:
- etcd
A second playbook run "fixes" the problem as the task is then skipped and other tasks can go on (there is no real ownership problem).
So maybe the owner and group could be set by the task or the error ignored? What is the best option here in your opinion?
I should mention I ran into this problem on a btrfs filesystem, maybe the behaviour is different on ext4.
Hi there,
I've been following your ansible+kubernetes guide and when it's time to run this script I'm getting this error on all hosts:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/cfssl/ca-etcd.pem'
failed: [k8s-node-1.my-host.com] (item=ca-etcd.pem) => {"changed": false, "item": "ca-etcd.pem", "msg": "Could not find or access '/etc/cfssl/ca-etcd.pem'"}
do you have an idea what could be?
my certificates were generated in ~/.k8s/certs using:
k8s_ca_conf_directory: "{{ '~/.k8s/certs' | expanduser }}"
in group_vars/all (and they are there!)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.