1

I am trying to run one Ansible playbook for deploying Kubernetes cluster using the tool kubespray on Ubuntu 16.04 OS. I have one base machine which is installed with Ansible and cloned kubespray Git repository. And one master and two worker nodes containing in cluster.

My host (Updated) file like the followig screenshot,

[all]
MILDEVKUB020 ansible_ssh_host=MILDEVKUB020 ip=192.168.16.173 ansible_user=uName  ansible_ssh_pass=pwd
MILDEVKUB030 ansible_ssh_host=MILDEVKUB030 ip=192.168.16.176 ansible_user=uName  ansible_ssh_pass=pwd
MILDEVKUB040 ansible_ssh_host=MILDEVKUB040 ip=192.168.16.177 ansible_user=uName  ansible_ssh_pass=pwd

[kube-master]
MILDEVKUB020

[etcd]
MILDEVKUB020

[kube-node]
MILDEVKUB020
MILDEVKUB030
MILDEVKUB040

[k8s-cluster:children]
kube-master
kube-node

Location of hosts.ini file is /inventory/sample. And I am trying the following Ansible command

sudo ansible-playbook -i inventory/sample/hosts.ini cluster.yml --user=uName --extra-vars "ansible_sudo_pass=pwd"

And I am using the playbook "cluster.yml" from the following link

https://github.com/kubernetes-sigs/kubespray/blob/master/cluster.yml

And my /etc/hosts file containing the entries ,

127.0.0.1 MILDEVDCR01.Milletech.us MILDEVDCR01
192.168.16.173 MILDEVKUB020.Milletech.us MILDEVKUB020
192.168.16.176 MILDEVKUB030.Milletech.us MILDEVKUB030
192.168.16.177 MILDEVKUB040.Milletech.us MILDEVKUB040

Updated error

TASK [adduser : User | Create User Group] 
Thursday 04 April 2019  11:34:55 -0400 (0:00:00.508)       0:00:33.383 ********
fatal: [MILDEVKUB040]: FAILED! => {"changed": false, "msg": "groupadd: Permission denied.\ngroupadd: cannot lock /etc/group; try again later.\n", "name": "kube-cert"}
fatal: [MILDEVKUB020]: FAILED! => {"changed": false, "msg": "groupadd: Permission denied.\ngroupadd: cannot lock /etc/group; try again later.\n", "name": "kube-cert"}
fatal: [MILDEVKUB030]: FAILED! => {"changed": false, "msg": "groupadd: Permission denied.\ngroupadd: cannot lock /etc/group; try again later.\n", "name": "kube-cert"}

I am getting error like this even if I am able to connect all machine from base machine using ssh. How can I trace what is my issue for running this command to deploy Kubernetes cluster?

halfer
  • 19,824
  • 17
  • 99
  • 186
Mr.DevEng
  • 2,651
  • 14
  • 57
  • 115
  • 1
    Another question here on StackOverflow should be useful for you [How to run an ansible-playbook with a passphrase-protected-ssh-private-key?](https://stackoverflow.com/questions/50277495/how-to-run-an-ansible-playbook-with-a-passphrase-protected-ssh-private-key) – TinaC Apr 03 '19 at 08:01
  • I removed the ssh key way. I am using username and password , Then also I am getting error like a password is required. I updated the inventory file.can you please check? – Mr.DevEng Apr 03 '19 at 10:04

4 Answers4

1

You may need to specify ssh user or key

  • Add username to inventory with
ansible_ssh_user=<USERNAME>
  • Add password with:
ansible_ssh_pass=<PASSWORD>

if not - share the ssh command that is working.

devingops
  • 196
  • 4
  • I removed key identity by key-add -D. Now I am not using the key method. I am trying to use username and password authentication. Then also I am getting the password is required error. I updated my inventory and error result. Can you please check? – Mr.DevEng Apr 03 '19 at 10:07
  • Check out the docs on using --ask-before-pass - i believe it prompts for password. Quote: When speaking with remote machines, Ansible by default assumes you are using SSH keys. SSH keys are encouraged but password authentication can also be used where needed by supplying the option --ask-pass. If using sudo features and when sudo requires a password, also supply --ask-become-pass – devingops Apr 03 '19 at 20:57
1

If you are using user/password combination to login. The user with which ansible is getting executed should be present in the sudoers file to switch to root or another other privileged user

Check the sudoers and try to manually do a sudo su root on the target server

error404
  • 2,684
  • 2
  • 13
  • 21
  • But I am using the keyword sudo before the ansible-playbook ommand. I am running the ansible command with sudo to give the root permission. – Mr.DevEng Apr 04 '19 at 10:54
  • that is not enough sudo: yes works only when the user is present in the sudoers file. try to run the same command on the remote node with and check the output – error404 Apr 04 '19 at 11:50
  • This user is already a member of sudo - this message I got. But still I am getting the same error. – Mr.DevEng Apr 04 '19 at 11:56
  • 1
    can you send the link of the playbook i.e cluster.yml if hosted on github? or update in case you have written it – error404 Apr 04 '19 at 12:00
  • 1
    One of the tasks has become true in it so use the above parameter and for password https://stackoverflow.com/questions/21870083/specify-sudo-password-for-ansible – error404 Apr 04 '19 at 12:09
  • Its working.password required error resolved.But after continuing long time in terminal I am getting another error - I am updating in question. It also showing authentication faillure. Can you please look on that? And thank you for your proper response. – Mr.DevEng Apr 04 '19 at 12:22
  • 1
    @Jacob sure. the above is not related to the password I believe let me check the code. I will update soon. Also please try to add the links of the repo in case you are using something from community. kubespray is popular but handy to check – error404 Apr 04 '19 at 12:24
  • I updated my host file and etc/hosts. I make changes when I got the unconfigured hostname error. Can you please look on this ? – Mr.DevEng Apr 04 '19 at 14:21
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/191273/discussion-between-error404-and-jacob). – error404 Apr 04 '19 at 16:41
1

After trying lot of research I found that need to put the parameters "--ask-pass --become --ask-become-pass" when we are running the ansible playbook. I tried the following command,

sudo ansible-playbook -i inventory/sample/hosts.ini cluster.yml --user=docker --ask-pass --become --ask-become-pass

And , when it is continuing with kubernetes cluster deployment , it will again arise the problem of inventory name need to use only with small letteres. So I edited all the inventory name and etc/hostname and /etc/hosts with small case hostname . And also putted all small letters in inventory file. Now its working successfully.

the /etc/hosts contain like following,

127.0.0.1 MILDEVDCR01.Milletech.us mildevdcr01
192.168.16.173 MILDEVKUB020.Milletech.us mildevkub020
192.168.16.176 MILDEVKUB030.Milletech.us mildevkub030
192.168.16.177 MILDEVKUB040.Milletech.us mildevkub040

etc/hostname

mildevdcr01

And hosts.ini file like the following,

[all]
mildevkub020 ansible_ssh_host=mildevkub020 ip=192.168.16.173 ansible_user=uName  
ansible_ssh_pass=pwd
mildevkub030 ansible_ssh_host=mildevkub030 ip=192.168.16.176 ansible_user=uName  
ansible_ssh_pass=pwd
mildevkub040 ansible_ssh_host=mildevkub040 ip=192.168.16.177 ansible_user=uName  
ansible_ssh_pass=pwd

[kube-master]
mildevkub020

[etcd]
mildevkub020

[kube-node]
mildevkub020
mildevkub030
mildevkub040

[k8s-cluster:children]
kube-master
kube-node

It we are doing like this, we will get the deployed Kubernetes cluster on destination host machines.

halfer
  • 19,824
  • 17
  • 99
  • 186
Mr.DevEng
  • 2,651
  • 14
  • 57
  • 115
0

If you removed passphrase, ssh connection should be ok now. Have you updated ssh keys on remote hosts after your changes?

TinaC
  • 266
  • 2
  • 5
  • No. I did not updated. Because I tried to access all those only by using username and password. Before updation of key, it was asking passphrase for every ssh. Now it directly asking the remote machine's password. Because I did not updated key in all those machine. Please correct me If I went wrong. – Mr.DevEng Apr 03 '19 at 12:25