AnsibleFileNotFound: Could not find or access '/etc/cfssl/ca-etcd.pem'

Question

AnsibleFileNotFound: Could not find or access '/etc/cfssl/ca-etcd.pem'

tscolari opened this issue 7 years ago · 6 comments

Hi there,

I've been following your ansible+kubernetes guide and when it's time to run this script I'm getting this error on all hosts:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '/etc/cfssl/ca-etcd.pem'
failed: [k8s-node-1.my-host.com] (item=ca-etcd.pem) => {"changed": false, "item": "ca-etcd.pem", "msg": "Could not find or access '/etc/cfssl/ca-etcd.pem'"}

do you have an idea what could be?
my certificates were generated in ~/.k8s/certs using:

k8s_ca_conf_directory: "{{ '~/.k8s/certs' | expanduser }}"

in group_vars/all (and they are there!)

Answer 1 · 2018-01-10T20:36:07.000Z

Hi,
hmmm... That's pretty strange. In my setup I also defined k8s_ca_conf_directory in group_vars/all. And I just updated and tested the role a few days ago. The directory /etc/cfssl/ was used in a earlier version as default value for k8s_ca_conf_directory. Also the task which copies the the certificates to the destination is pretty simple:

- name: Copy certificates
  copy:
    src: "{{k8s_ca_conf_directory}}/{{item}}"
    dest: "{{etcd_conf_dir}}/{{item}}"
    mode: 0640
    owner: root
    group: root
  with_items:
    - "{{etcd_certificates}}"
  tags:
    - etcd

So I suspect that somewhere k8s_ca_conf_directory: "/etc/cfssl" is defined in your setup which overrides your setting. Please run fgrep -R "/etc/cfssl" * in your Ansible roles_path directory (or directories) and see if it matches somewhere. If so please remove the entry and try rolling out the role again.

Answer 2 · 2018-01-11T00:53:02.000Z

ha interesting, it found this:

fgrep -R "/etc/cfssl" *                                                                                                                                     
githubixx.etcd/README.md:local_cert_dir: /etc/cfssl
githubixx.etcd/defaults/main.yml:local_cert_dir: /etc/cfssl

I installed it by running ansible-galaxy install githubixx.etcd. I've replaced that with a git clone and it seems to work now. Maybe the ansible-galaxy thing is out of sync with the git repo? I've ran it today for the first time if that matters.

Answer 3 · 2018-01-11T07:33:20.000Z

Looks like I've forgotten to tag the latest release correctly and my changes where only im master branch. I've pushed tag r2.0.0_v3.2.13 now to Github and updated Ansible Galaxy. Hopefully this works now. Thanks for reporting!

Answer 4 · 2018-05-11T15:19:08.000Z

I have the same problem using the ansible galaxy version. It works if I clone the role from GitHub... It seems the update did not work.

Answer 5 · 2018-05-13T20:37:21.000Z

Great... Ansible Galaxy considered the very first version/tag (v1.0.0_r3.0.15) of this role as the latest one. I changed the name schema a quite while ago and it seems that this confused Galaxy. Now it works correctly:

ansible-galaxy install githubixx.etcd
- downloading role 'etcd', owned by githubixx
- downloading role from https://github.com/githubixx/ansible-role-etcd/archive/r4.0.0_v3.2.13.tar.gz
- extracting githubixx.etcd to githubixx.etcd
- githubixx.etcd (r4.0.0_v3.2.13) was installed successfully

r4.0.0_v3.2.13 is the latest version ATM. But keep in mind that for K8s v1.9 the latest etcd version supported is v3.1.11! So you should change this. For K8s v1.10 I haven't checked the requirements yet.

Answer 6 · 2018-05-14T13:23:28.000Z

Alright thanks, yes I'm using v3.1.11 for now.