当试图"cat /etc/chef/client.pem"时,Vagrant :: Butcher"sudo:没有tty存在且没有指定askpass程序"

Question

Ubuntu 10.04.1 LTS与Vagrant 1.4.3和Vagrant :: Butcher 2.1.5.

我在"vagrant up"结束时收到以下错误:

...
[2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds
[2014-03-17T22:50:56+00:00] INFO: Running report handlers
[2014-03-17T22:50:56+00:00] INFO: Report handlers complete

[Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher
[Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

cat /etc/chef/client.pem

Stdout from the command:



Stderr from the command:

sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts

Chef客户端成功运行,我们的cookbook都已安装完毕.其中一个是sudo社区食谱,我想我们吹走了一个条目,流浪者用户需要执行cat来读取client.pem文件.

谁能告诉我那可能是什么？

更新:

1)vagrant用户是"sudo"组的一部分:

$ grep sudo /etc/group
sudo:x:27:vagrant

2)sudoers文件包含一个条目,让"sudo"组运行任何命令:

# This file is managed by Chef.
# Do NOT modify this file directly.

Defaults      env_reset
Defaults      secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# User privilege specification
root      ALL=(ALL:ALL) ALL
nagios    ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/


# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo     ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

Answer 1

这最终不是流浪汉问题; 该插件只是碰巧遇到了问题.此外任何以下的流浪手术也会失败.

Vagrant需要无密码的sudo权限.似乎基本框声明了/etc/sudoers你用sudo cookbook覆盖它.

您至少有以下选择:

1. 将该node['authorization']['sudo']['passwordless']属性设置为true.
2. 根本不要包含sudo cookbook的默认配方.
3. 使用sudo LWRP授予对vagrant用户的无密码sudo访问权限.
4. 使用或构建已使用的基本框/etc/sudoers.d/.

Answer 2

tmatilai很好地解决了这个问题,但我想我会在这里发布我的解决方案以供将来参考.我找到了与他提到的选项#3相同的解决方法,为臭名昭着的用户编写添加sudoers.d配置文件的配方.这迫使我修改sudo社区食谱以支持SETENV选项.否则你会收到错误:

sudo: sorry, you are not allowed to preserve the environment

得到的文件是/etc/sudoers.d/vagrant,请注意,它需要双方 NOPASSWD和SETENV:

# This file is managed by Chef.
# Do NOT modify this file directly.

vagrant  ALL=(ALL) NOPASSWD:SETENV: /bin/

以下是我所做的更改:

文件:sudo/recipes/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

文件:sudo/resources/default.rb

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

文件:sudo/providers/default.rb

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

文件:sudo/templates/default/sudoer.erb

# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %>  <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>