What happened?
I found problemwhile cluster scaling in task "TASK [etcd : Gen_certs | Gather node certs from first etcd node]"
I try to scale current cluster with new worker node node-worker-001.domain.local in cluster (node added to kube-node group in inventory)
with scale.yml. Certificates for these new hosts are not generated and because of that whole process fails due to missing cert files.
What did you expect to happen?
Certificates for these new hosts are generated in gen_certs task under etcd role.
How can we reproduce it (as minimally and precisely as possible)?
Adding new worker node to existing cluster and execute scale.yaml
OS
Rocky Linux 8
Version of Ansible
ansible --version
ansible [core 2.16.14]
ansible python module location = /usr/local/lib/python3.10/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.16 (main, Mar 17 2025, 23:21:14) [GCC 10.2.1 20210110] (/usr/local/bin/python3.10)
jinja version = 3.1.6
libyaml = True
Version of Python
python version = 3.10.16
Version of Kubespray (commit)
3305ae9
Network plugin used
calico
Full inventory with variables
"groups": {
"add_worker": [
"addnode.domain.local"
],
"all": [
master-1.domain.local,
master-2.domain.local,
master-3.domain.local
node1.domain.local
],
"etcd": [
master-1.domain.local,
master-2.domain.local,
master-3.domain.local
],
"k8s_cluster": [
master-1.domain.local,
master-2.domain.local,
master-3.domain.local
node1.domain.local
addnode.domain.local
],
"kube_control_plane": [
master-1.domain.local,
master-2.domain.local,
master-3.domain.local
],
"kube_node": [
node1.domain.local
addnode.domain.local
],
Command used to invoke ansible
ansible-playbook --become --become-user=root scale.yml
Output of ansible run
TASK [etcd : Gen_certs | Gather node certs from first etcd node] ***************
failed: [master-2.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem'
failed: [master-3.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem'
failed: [master-2.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem'
failed: [master-3.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem'
Anything else we need to know
No response
What happened?
I found problemwhile cluster scaling in task "TASK [etcd : Gen_certs | Gather node certs from first etcd node]"
I try to scale current cluster with new worker node node-worker-001.domain.local in cluster (node added to kube-node group in inventory)
with scale.yml. Certificates for these new hosts are not generated and because of that whole process fails due to missing cert files.
What did you expect to happen?
Certificates for these new hosts are generated in gen_certs task under etcd role.
How can we reproduce it (as minimally and precisely as possible)?
Adding new worker node to existing cluster and execute scale.yaml
OS
Rocky Linux 8
Version of Ansible
ansible --version
ansible [core 2.16.14]
ansible python module location = /usr/local/lib/python3.10/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.16 (main, Mar 17 2025, 23:21:14) [GCC 10.2.1 20210110] (/usr/local/bin/python3.10)
jinja version = 3.1.6
libyaml = True
Version of Python
python version = 3.10.16
Version of Kubespray (commit)
3305ae9
Network plugin used
calico
Full inventory with variables
"groups": {
"add_worker": [
"addnode.domain.local"
],
"all": [
master-1.domain.local,
master-2.domain.local,
master-3.domain.local
node1.domain.local
Command used to invoke ansible
ansible-playbook --become --become-user=root scale.yml
Output of ansible run
TASK [etcd : Gen_certs | Gather node certs from first etcd node] ***************
failed: [master-2.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem'
failed: [master-3.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local.pem'
failed: [master-2.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem'
failed: [master-3.domain.local -> master-1.domain.local(x.x.x.x)] (item=/etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem) => changed=false
ansible_loop_var: item
item: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem
msg: 'file not found: /etc/ssl/etcd/ssl/node-addnode.domain.local-key.pem'
Anything else we need to know
No response