Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Vagrant::Butcher "sudo: no tty present and no askpass program specified" when trying to "cat /etc/chef/client.pem"

Ubuntu 10.04.1 LTS with Vagrant 1.4.3 and Vagrant::Butcher 2.1.5.

I get the following error at the end of "vagrant up":

...
[2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds
[2014-03-17T22:50:56+00:00] INFO: Running report handlers
[2014-03-17T22:50:56+00:00] INFO: Report handlers complete

[Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher
[Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

cat /etc/chef/client.pem

Stdout from the command:



Stderr from the command:

sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts

The Chef client runs successfully, and our cookbooks are all installed. One of them is the sudo community cookbook, and I'm thinking we blew away an entry that the vagrant user needs to execute cat to read the client.pem file.

Can anyone tell me what that might be?

UPDATE:

1) The vagrant user is part of the "sudo" group:

$ grep sudo /etc/group
sudo:x:27:vagrant

2) The sudoers file contains an entry to let the "sudo" group run any command:

# This file is managed by Chef.
# Do NOT modify this file directly.

Defaults      env_reset
Defaults      secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# User privilege specification
root      ALL=(ALL:ALL) ALL
nagios    ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/


# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo     ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d
like image 255
Alan Avatar asked Mar 17 '14 23:03

Alan


2 Answers

This is ultimately not a vagrant-butcher issue; that plugin only happened to suffer from the problem first. Also any following vagrant operation would have failed too.

Vagrant requires password-less sudo permissions. Seems that the base box declared it in /etc/sudoers which you overwrite with the sudo cookbook.

You have at least the following choices:

  1. Set the node['authorization']['sudo']['passwordless'] attribute to true.
  2. Don't include the default recipe of the sudo cookbook at all.
  3. Use the sudo LWRP to grant password-less sudo access to the vagrant user.
  4. Use or build a base box which already uses /etc/sudoers.d/.
like image 93
tmatilai Avatar answered Nov 09 '22 09:11

tmatilai


tmatilai covered the issue very well, however I thought I'd post my solution here for future reference. I found the same workaround as he mentioned as option #3, to write a recipe adding a sudoers.d config file for the vagrant user. This forced me to modify the sudo community cookbook to support the SETENV option. Otherwise you get the error:

sudo: sorry, you are not allowed to preserve the environment

The resulting file is /etc/sudoers.d/vagrant, note that it requires both NOPASSWD and SETENV:

# This file is managed by Chef.
# Do NOT modify this file directly.

vagrant  ALL=(ALL) NOPASSWD:SETENV: /bin/

Here are the changes I made:

File: sudo/recipes/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

File: sudo/resources/default.rb

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

File: sudo/providers/default.rb

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

File: sudo/templates/default/sudoer.erb

# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %>  <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>
like image 5
Alan Avatar answered Nov 09 '22 10:11

Alan