Skip to content

Instantly share code, notes, and snippets.

@someara

someara/gist:9083529

Created February 19, 2014 00:22
Show Gist options
  • Save someara/9083529 to your computer and use it in GitHub Desktop.
Save someara/9083529 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
derpy:~/src/opscode-cookbooks/sudo$ b kitchen converge create-centos-64
-----> Starting Kitchen (v1.2.1)
-----> Creating <create-centos-64>...
Digital Ocean instance <1176786> created.
..................... (server ready)
(ssh ready)
Finished creating <create-centos-64> (0m38.55s).
-----> Converging <create-centos-64>...
Preparing files for transfer
Resolving cookbook dependencies with Berkshelf 3.0.0.beta6...
Removing non-cookbook files before transfer
-----> Installing Chef Omnibus (latest)
downloading https://www.getchef.com/chef/install.sh
to file /tmp/install.sh
trying wget...
Downloading Chef for el...
downloading https://www.getchef.com/chef/metadata?v=&prerelease=false&p=el&pv=6&m=x86_64
to file /tmp/install.sh.1108/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.10.2-1.el6.x86_64.rpm
md5 53af40ca3ba1787e87b7b670c21fd9cc
sha256 89b32fd69674c33de2d037d02ef01e4fa8698743eb8d0c36c01af02daae1c0f0
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.10.2-1.el6.x86_64.rpm
to file /tmp/install.sh.1108/chef-11.10.2-1.el6.x86_64.rpm
trying wget...
Checksum compare with sha256sum succeeded.
Installing Chef
installing with rpm...
warning: /tmp/install.sh.1108/chef-11.10.2-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ##### ########################################### [100%]
1:chef ########################################### [100%]
Thank you for installing Chef!
Transfering files to <create-centos-64>
[2014-02-19T00:10:05+00:00] INFO: Starting chef-zero on port 8889 with repository at repository at /tmp/kitchen
One version per cookbook
[2014-02-19T00:10:05+00:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 11.10.2
[2014-02-19T00:10:05+00:00] INFO: *** Chef 11.10.2 ***
[2014-02-19T00:10:05+00:00] INFO: Chef-client pid: 1183
Creating a new client identity for create-centos-64 using the validator key.
[2014-02-19T00:10:06+00:00] INFO: Client key /tmp/kitchen/client.pem is not present - registering
[2014-02-19T00:10:06+00:00] INFO: HTTP Request Returned 404 Not Found: Object not found: http://127.0.0.1:8889/nodes/create-centos-64
[2014-02-19T00:10:06+00:00] INFO: Setting the run_list to ["fake::create"] from JSON
[2014-02-19T00:10:06+00:00] INFO: Run List is [recipe[fake::create]]
[2014-02-19T00:10:06+00:00] INFO: Run List expands to [fake::create]
[2014-02-19T00:10:06+00:00] INFO: Starting Chef Run for create-centos-64
[2014-02-19T00:10:06+00:00] INFO: Running start handlers
[2014-02-19T00:10:06+00:00] INFO: Start handlers complete.
[2014-02-19T00:10:06+00:00] INFO: HTTP Request Returned 404 Not Found: Object not found: /reports/nodes/create-centos-64/runs
resolving cookbooks for run list: ["fake::create"]
[2014-02-19T00:10:06+00:00] INFO: Loading cookbooks [fake, sudo]
Synchronizing Cookbooks:
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/fake/recipes/create.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/fake/recipes/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/fake/attributes/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/fake/metadata.json in the cache.
- fake
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/resources/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/providers/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/recipes/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/attributes/default.rb in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/README.md in the cache.
[2014-02-19T00:10:06+00:00] INFO: Storing updated cookbooks/sudo/metadata.json in the cache.
- sudo
Compiling Cookbooks...
Converging 6 resources
Recipe: sudo::default
* package[sudo] action install
[2014-02-19T00:10:06+00:00] INFO: Processing package[sudo] action install (sudo::default line 22)
(skipped due to not_if)
* directory[/etc/sudoers.d] action create[2014-02-19T00:10:06+00:00] INFO: Processing directory[/etc/sudoers.d] action create (sudo::default line 27)
[2014-02-19T00:10:06+00:00] INFO: directory[/etc/sudoers.d] mode changed to 755
- change mode from '0750' to '0755'
* cookbook_file[/etc/sudoers.d/README] action create[2014-02-19T00:10:06+00:00] INFO: Processing cookbook_file[/etc/sudoers.d/README] action create (sudo::default line 33)
[2014-02-19T00:10:06+00:00] INFO: cookbook_file[/etc/sudoers.d/README] created file /etc/sudoers.d/README
- create new file /etc/sudoers.d/README
[2014-02-19T00:10:06+00:00] INFO: cookbook_file[/etc/sudoers.d/README] updated file contents /etc/sudoers.d/README
- update content in file /etc/sudoers.d/README from none to 9ded17
--- /etc/sudoers.d/README 2014-02-19 00:10:06.841999933 +0000
+++ /tmp/.README20140219-1183-1o0qrfn 2014-02-19 00:10:06.857999931 +0000
@@ -1 +1,18 @@
+#
+# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
+# installation of the package now includes the directive:
+#
+# #includedir /etc/sudoers.d
+#
+# This will cause sudo to read and parse any files in the /etc/sudoers.d
+# directory that do not end in '~' or contain a '.' character.
+#
+# Note that there must be at least one file in the sudoers.d directory (this
+# one will do), and all files in this directory should be mode 0440.
+#
+# Note also, that because sudoers contents can vary widely, no attempt is
+# made to add this directive to existing sudoers files on upgrade. Feel free
+# to add the above directive to the end of your /etc/sudoers file to enable
+# this functionality for existing installations if you wish!
+#
[2014-02-19T00:10:06+00:00] INFO: cookbook_file[/etc/sudoers.d/README] owner changed to 0
[2014-02-19T00:10:06+00:00] INFO: cookbook_file[/etc/sudoers.d/README] group changed to 0
[2014-02-19T00:10:06+00:00] INFO: cookbook_file[/etc/sudoers.d/README] mode changed to 440
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/sudoers] action create[2014-02-19T00:10:06+00:00] INFO: Processing template[/etc/sudoers] action create (sudo::default line 41)
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers] backed up to /tmp/kitchen/backup/etc/sudoers.chef-20140219001006.878326
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers] updated file contents /etc/sudoers
- update content in file /etc/sudoers from de7773 to dc94b8
--- /etc/sudoers 2012-03-01 17:18:24.000000000 +0000
+++ /tmp/chef-rendered-template20140219-1183-2hv1dn 2014-02-19 00:10:06.873999930 +0000
@@ -1,119 +1,16 @@
-## Sudoers allows particular users to run various commands as
-## the root user, without needing the root password.
-##
-## Examples are provided at the bottom of the file for collections
-## of related commands, which can then be delegated out to particular
-## users or groups.
-##
-## This file must be edited with the 'visudo' command.
+# This file is managed by Chef.
+# Do NOT modify this file directly.
-## Host Aliases
-## Groups of machines. You may prefer to use hostnames (perhaps using
-## wildcards for entire domains) or IP addresses instead.
-# Host_Alias FILESERVERS = fs1, fs2
-# Host_Alias MAILSERVERS = smtp, smtp2
+Defaults !lecture,tty_tickets,!fqdn
-## User Aliases
-## These aren't often necessary, as you can use regular groups
-## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
-## rather than USERALIAS
-# User_Alias ADMINS = jsmith, mikem
+# User privilege specification
+root ALL=(ALL) ALL
+vagrant ALL=(ALL) NOPASSWD:ALL
+root ALL=(ALL) NOPASSWD:ALL
-## Command Aliases
-## These are groups of related commands...
+# Members of the group 'sysadmin' may gain root privileges
+%sysadmin ALL=(ALL) NOPASSWD:ALL
-## Networking
-# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
-
-## Installation and management of software
-# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
-
-## Services
-# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
-
-## Updating the locate database
-# Cmnd_Alias LOCATE = /usr/bin/updatedb
-
-## Storage
-# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
-
-## Delegating permissions
-# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
-
-## Processes
-# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
-
-## Drivers
-# Cmnd_Alias DRIVERS = /sbin/modprobe
-
-# Defaults specification
-
-#
-# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
-# You have to run "ssh -t hostname sudo <cmd>".
-#
-Defaults requiretty
-
-#
-# Refuse to run if unable to disable echo on the tty. This setting should also be
-# changed in order to be able to use sudo without a tty. See requiretty above.
-#
-Defaults !visiblepw
-
-#
-# Preserving HOME has security implications since many programs
-# use it when searching for configuration files. Note that HOME
-# is already set when the the env_reset option is enabled, so
-# this option is only effective for configurations where either
-# env_reset is disabled or HOME is present in the env_keep list.
-#
-Defaults always_set_home
-
-Defaults env_reset
-Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
-Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
-Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
-Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
-Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
-
-#
-# Adding HOME to env_keep may enable a user to run unrestricted
-# commands via sudo.
-#
-# Defaults env_keep += "HOME"
-
-Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
-
-## Next comes the main part: which users can run what software on
-## which machines (the sudoers file can be shared between multiple
-## systems).
-## Syntax:
-##
-## user MACHINE=COMMANDS
-##
-## The COMMANDS section may have other options added to it.
-##
-## Allow root to run any commands anywhere
-root ALL=(ALL) ALL
-
-## Allows members of the 'sys' group to run networking, software,
-## service management apps and more.
-# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
-
-## Allows people in group wheel to run all commands
-# %wheel ALL=(ALL) ALL
-
-## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
-
-## Allows members of the users group to mount and unmount the
-## cdrom as root
-# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
-
-## Allows members of the users group to shutdown this system
-# %users localhost=/sbin/shutdown -h now
-
-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
Recipe: fake::create
* sudo[tomcat] action install[2014-02-19T00:10:06+00:00] INFO: Processing sudo[tomcat] action install (fake::create line 3)
Recipe: fake::none
* directory[/etc/sudoers.d/] action create[2014-02-19T00:10:06+00:00] INFO: Processing directory[/etc/sudoers.d/] action create (fake::none line 107)
(up to date)
* template[/etc/sudoers.d/tomcat] action create[2014-02-19T00:10:06+00:00] INFO: Processing template[/etc/sudoers.d/tomcat] action create (fake::none line 80)
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers.d/tomcat] created file /etc/sudoers.d/tomcat
- create new file /etc/sudoers.d/tomcat
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers.d/tomcat] updated file contents /etc/sudoers.d/tomcat
- update content in file /etc/sudoers.d/tomcat from none to e9493a
--- /etc/sudoers.d/tomcat 2014-02-19 00:10:06.934999929 +0000
+++ /tmp/chef-rendered-template20140219-1183-1s6batz 2014-02-19 00:10:06.936999931 +0000
@@ -1 +1,9 @@
+# This file is managed by Chef.
+# Do NOT modify this file directly.
+
+%tomcat ALL=(app_user) /etc/init.d/tomcat restart
+%tomcat ALL=(app_user) /etc/init.d/tomcat stop
+%tomcat ALL=(app_user) /etc/init.d/tomcat start
+
+Defaults:%tomcat !requiretty,env_reset
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers.d/tomcat] owner changed to 0
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers.d/tomcat] group changed to 0
[2014-02-19T00:10:06+00:00] INFO: template[/etc/sudoers.d/tomcat] mode changed to 440
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/etc/sudoers.d/] action create[2014-02-19T00:10:06+00:00] INFO: Processing directory[/etc/sudoers.d/] action create (fake::none line 107)
(up to date)
* template[/etc/sudoers.d/tomcat] action nothing
[2014-02-19T00:10:06+00:00] INFO: Processing template[/etc/sudoers.d/tomcat] action nothing (fake::none line 80)
(skipped due to action :nothing)
Recipe: fake::create
* sudo[bob] action install[2014-02-19T00:10:06+00:00] INFO: Processing sudo[bob] action install (fake::create line 10)
[2014-02-19T00:10:06+00:00] WARN: Cloning resource attributes for directory[/etc/sudoers.d/] from prior resource (CHEF-3694)
[2014-02-19T00:10:06+00:00] WARN: Previous directory[/etc/sudoers.d/]: /tmp/kitchen/cache/cookbooks/sudo/providers/default.rb:107:in `block in class_from_file'
[2014-02-19T00:10:06+00:00] WARN: Current directory[/etc/sudoers.d/]: /tmp/kitchen/cache/cookbooks/sudo/providers/default.rb:107:in `block in class_from_file'
Recipe: fake::none
* directory[/etc/sudoers.d/] action create[2014-02-19T00:10:06+00:00] INFO: Processing directory[/etc/sudoers.d/] action create (fake::none line 107)
(up to date)
[2014-02-19T00:10:06+00:00] ERROR: Fragment validation failed:
[2014-02-19T00:10:06+00:00] ERROR: # This file is managed by Chef.
# Do NOT modify this file directly.
bob ALL=(ALL) ALL
Defaults:bob
[2014-02-19T00:10:06+00:00] FATAL: Template /tmp/sudoer20140219-1183-1opaoxl failed fragment validation!
================================================================================
Error executing action `install` on resource 'sudo[bob]'
================================================================================
SystemExit
----------
exit
Cookbook Trace:
---------------
/tmp/kitchen/cache/cookbooks/sudo/providers/default.rb:51:in `validate_fragment!'
/tmp/kitchen/cache/cookbooks/sudo/providers/default.rb:97:in `render_sudoer'
/tmp/kitchen/cache/cookbooks/sudo/providers/default.rb:110:in `block in class_from_file'
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/fake/recipes/create.rb
10: sudo 'bob' do
11: user 'bob'
12: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/fake/recipes/create.rb:10:in `from_file'
sudo("bob") do
action :install
supports {:report=>true, :exception=>true}
retries 0
retry_delay 2
cookbook_name "fake"
recipe_name "create"
user "bob"
runas "ALL"
commands ["ALL"]
host "ALL"
end
[2014-02-19T00:10:06+00:00] INFO: Running queued delayed notifications before re-raising exception
Running handlers:
[2014-02-19T00:10:06+00:00] ERROR: Running exception handlers
Running handlers complete
[2014-02-19T00:10:06+00:00] ERROR: Exception handlers complete
[2014-02-19T00:10:06+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
Chef Client failed. 5 resources updated in 1.199648432 seconds
[2014-02-19T00:10:07+00:00] ERROR: sudo[bob] (fake::create line 10) had an error: SystemExit: exit
[2014-02-19T00:10:07+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
>>>>>> Converge failed on instance <create-centos-64>.
>>>>>> Please see .kitchen/logs/create-centos-64.log for more details
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: SSH exited (1) for command: [sudo -E chef-client -z --config /tmp/kitchen/client.rb --log_level info --json-attributes /tmp/kitchen/dna.json]
>>>>>> ----------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment