Chef infra 流浪汉:屠夫;sudo:不存在tty,也未指定askpass程序;当试图;cat/etc/chef/client.pem“;
Ubuntu10.04.1 LTS,带有Vagrant 1.4.3和Vagrant::Butcher 2.1.5 我在“Wagrant up”的结尾处出现以下错误: Chef客户端运行成功,我们的烹饪书都已安装。其中一个是sudo社区食谱,我想我们去掉了一个条目,流浪用户需要执行cat来读取client.pem文件 有人能告诉我那可能是什么吗 更新: 1) 流浪用户是“sudo”组的一部分: 2) sudoers文件包含一个条目,用于让“sudo”组运行任何命令:Chef infra 流浪汉:屠夫;sudo:不存在tty,也未指定askpass程序;当试图;cat/etc/chef/client.pem“;,chef-infra,vagrant,sudo,Chef Infra,Vagrant,Sudo,Ubuntu10.04.1 LTS,带有Vagrant 1.4.3和Vagrant::Butcher 2.1.5 我在“Wagrant up”的结尾处出现以下错误: Chef客户端运行成功,我们的烹饪书都已安装。其中一个是sudo社区食谱,我想我们去掉了一个条目,流浪用户需要执行cat来读取client.pem文件 有人能告诉我那可能是什么吗 更新: 1) 流浪用户是“sudo”组的一部分: 2) sudoers文件包含一个条目,用于让“sudo”组运行任何命令: # This file is
# This file is managed by Chef.
# Do NOT modify this file directly.
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# User privilege specification
root ALL=(ALL:ALL) ALL
nagios ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/
# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d
这最终不是一个流浪屠夫问题;那个插件只是碰巧首先遇到了这个问题。此外,任何后续的流浪手术也会失败 Vagrant需要无密码的sudo权限。基本框似乎在您用sudo食谱覆盖的
/etc/sudoers
中声明了它
您至少有以下选择:
节点['authorization']['sudo']['passwordless']
属性设置为true/etc/sudoers.d/
的基本框sudo: sorry, you are not allowed to preserve the environment
生成的文件是/etc/sudoers.d/vagrant,请注意,它需要NOPASSWD和SETENV:
# This file is managed by Chef.
# Do NOT modify this file directly.
vagrant ALL=(ALL) NOPASSWD:SETENV: /bin/
以下是我所做的更改:
文件:sudo/recipes/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
文件:sudo/resources/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
文件:sudo/providers/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
文件:sudo/templates/default/sudoer.erb
# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>
#在配置文件条目中生成SETENV选项
=()
所以。。。为什么不报告这个流浪屠夫插件?sudo
组具有sudo访问权限,但它不是无密码的@tmatilai的回答似乎恰到好处。不完全清楚为什么,但我不得不做第1和第4题