Chef infra 流浪汉：屠夫；sudo：不存在tty，也未指定askpass程序；当试图；cat/etc/chef/client.pem“；

Ubuntu10.04.1 LTS，带有Vagrant 1.4.3和Vagrant:：Butcher 2.1.5

我在“Wagrant up”的结尾处出现以下错误：

Chef客户端运行成功，我们的烹饪书都已安装。其中一个是sudo社区食谱，我想我们去掉了一个条目，流浪用户需要执行cat来读取client.pem文件

有人能告诉我那可能是什么吗

更新：

1） 流浪用户是“sudo”组的一部分：

2） sudoers文件包含一个条目，用于让“sudo”组运行任何命令：

# This file is managed by Chef.
# Do NOT modify this file directly.

Defaults      env_reset
Defaults      secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# User privilege specification
root      ALL=(ALL:ALL) ALL
nagios    ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/


# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo     ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

---

这最终不是一个流浪屠夫问题；那个插件只是碰巧首先遇到了这个问题。此外，任何后续的流浪手术也会失败

Vagrant需要无密码的sudo权限。基本框似乎在您用sudo食谱覆盖的

/etc/sudoers

中声明了它

您至少有以下选择：

将

节点['authorization']['sudo']['passwordless']

属性设置为true

根本不包括sudo食谱的默认配方

使用授予流浪用户无密码sudo访问权限

使用或构建已使用

/etc/sudoers.d/

的基本框

tmatilai很好地解决了这个问题，但是我想我会在这里发布我的解决方案以供将来参考。我找到了与他提到的选项#3相同的解决方法，为流浪用户编写添加sudoers.d配置文件的配方。这迫使我修改sudo社区食谱以支持SETENV选项。否则会出现错误：

sudo: sorry, you are not allowed to preserve the environment

生成的文件是/etc/sudoers.d/vagrant，请注意，它需要NOPASSWD和SETENV：

# This file is managed by Chef.
# Do NOT modify this file directly.

vagrant  ALL=(ALL) NOPASSWD:SETENV: /bin/

以下是我所做的更改：

文件：sudo/recipes/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

文件：sudo/resources/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

文件：sudo/providers/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password
  end
end

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,
            :group,
            :host,
            :nopasswd,
            :setenv,
            :runas,
            :template,
            :user,
            :variables

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host => new_resource.host,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

文件：sudo/templates/default/sudoer.erb

# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %>  <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>

#在配置文件条目中生成SETENV选项
=()  

所以。。。为什么不报告这个流浪屠夫插件？

sudo

组具有sudo访问权限，但它不是无密码的@tmatilai的回答似乎恰到好处。不完全清楚为什么，但我不得不做第1和第4题