Vagrant::Butcher "sudo: no tty present and no askpass program specified" when trying to "cat /etc/chef/client.pem"
Solution 1
This is ultimately not a vagrant-butcher issue; that plugin only happened to suffer from the problem first. Also any following vagrant operation would have failed too.
Vagrant requires password-less sudo permissions. Seems that the base box declared it in /etc/sudoers which you overwrite with the sudo cookbook.
You have at least the following choices:
- Set the
node['authorization']['sudo']['passwordless']attribute to true. - Don't include the default recipe of the sudo cookbook at all.
- Use the sudo LWRP to grant password-less sudo access to the vagrant user.
- Use or build a base box which already uses
/etc/sudoers.d/.
Solution 2
tmatilai covered the issue very well, however I thought I'd post my solution here for future reference. I found the same workaround as he mentioned as option #3, to write a recipe adding a sudoers.d config file for the vagrant user. This forced me to modify the sudo community cookbook to support the SETENV option. Otherwise you get the error:
sudo: sorry, you are not allowed to preserve the environment
The resulting file is /etc/sudoers.d/vagrant, note that it requires both NOPASSWD and SETENV:
# This file is managed by Chef.
# Do NOT modify this file directly.
vagrant ALL=(ALL) NOPASSWD:SETENV: /bin/
Here are the changes I made:
File: sudo/recipes/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
File: sudo/resources/default.rb
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
File: sudo/providers/default.rb
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
File: sudo/templates/default/sudoer.erb
# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>
Alan
android (java), ios (obj-c), windows (dotnet), *nix (perl, php), html+jquery+css
Updated on June 29, 2022Comments
-
Alan almost 2 years
Ubuntu 10.04.1 LTS with Vagrant 1.4.3 and Vagrant::Butcher 2.1.5.
I get the following error at the end of "vagrant up":
... [2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds [2014-03-17T22:50:56+00:00] INFO: Running report handlers [2014-03-17T22:50:56+00:00] INFO: Report handlers complete [Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher [Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status. Vagrant assumes that this means the command failed! cat /etc/chef/client.pem Stdout from the command: Stderr from the command: sudo: no tty present and no askpass program specified Sorry, try again. sudo: no tty present and no askpass program specified Sorry, try again. sudo: no tty present and no askpass program specified Sorry, try again. sudo: 3 incorrect password attemptsThe Chef client runs successfully, and our cookbooks are all installed. One of them is the sudo community cookbook, and I'm thinking we blew away an entry that the vagrant user needs to execute cat to read the client.pem file.
Can anyone tell me what that might be?
UPDATE:
1) The vagrant user is part of the "sudo" group:
$ grep sudo /etc/group sudo:x:27:vagrant2) The sudoers file contains an entry to let the "sudo" group run any command:
# This file is managed by Chef. # Do NOT modify this file directly. Defaults env_reset Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # User privilege specification root ALL=(ALL:ALL) ALL nagios ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/ # Members of the group 'admin' may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d -
Chris over 9 yearsNot entirely sure why, but I had to do #1 and #4
