chef-infra - Vagrant::Butcher "sudo: no tty present and no askpass program specified"尝试 "cat/etc/chef/client.pem"时

Question

带有 Vagrant 1.4.3 和 Vagrant::Butcher 2.1.5 的 Ubuntu 10.04.1 LTS。

在“vagrant up”结束时出现以下错误:

...
[2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds
[2014-03-17T22:50:56+00:00] INFO: Running report handlers
[2014-03-17T22:50:56+00:00] INFO: Report handlers complete

[Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher
[Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

cat /etc/chef/client.pem

Stdout from the command:



Stderr from the command:

sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts

Chef客户端运行成功，我们的cookbook都安装好了。其中之一是 sudo 社区食谱，我想我们吹走了一个条目， Vagrant 用户需要执行 cat 才能读取 client.pem 文件。

谁能告诉我那可能是什么？

更新:

1) Vagrant 用户是“sudo”组的一部分:

$ grep sudo /etc/group
sudo:x:27:vagrant

2) sudoers 文件包含一个条目，让“sudo”组运行任何命令:

# This file is managed by Chef.
# Do NOT modify this file directly.

Defaults      env_reset
Defaults      secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# User privilege specification
root      ALL=(ALL:ALL) ALL
nagios    ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/


# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo     ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

Answer 1

tmatilai 很好地涵盖了这个问题，但是我想我会在这里发布我的解决方案以供将来引用。我找到了与他在选项 #3 中提到的相同的解决方法，编写一个配方，为 vagrant 用户添加 sudoers.d 配置文件。这迫使我修改 sudo 社区手册以支持 SETENV 选项。否则你会得到错误:

sudo: sorry, you are not allowed to preserve the environment

生成的文件是/etc/sudoers.d/vagrant，注意它需要NOPASSWD和SETENV:

# This file is managed by Chef.
# Do NOT modify this file directly.

vagrant  ALL=(ALL) NOPASSWD:SETENV: /bin/

以下是我所做的更改:

文件:sudo/recipes/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

文件:sudo/resources/default.rb

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

文件:sudo/providers/default.rb

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

文件:sudo/templates/default/sudoer.erb

# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %>  <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>