The user attribute just gets passed through to mixlib-shellout which sets Process.{euid,uid} to the user (most likely just setreuid(2) getting directly called by ruby). If chef-client itself is not running as root, this is unlikely to work -- it works going from root to other users because root can switch to anyone.
The easiest solution is to run chef-client (or chef-solo) as root and to use sudo to invoke it: "sudo chef-client"
If the client isn't running as root, then /etc/sudoers needs to be setup so that the user running chef-client can execute pip and fluentd as root with the NOPASSWD setting so that the user isn't prompted for a password. Trying to be this fine-grained is foolish, though, since once you've allowed 'pip install' you can probably backdoor python and get root on the box fairly easily. The user trying to do this install must, therefore, inherently be trusted, and so the easiest way to solve the problem is to run chef itself as root.
On 5/26/13 2:36 PM, Cassiano Leal wrote:
You should probably not use sudo in the script, and pass the user resource attribute to bash:
bash "compile_td-agent" docwd "#{Chef::Config[:file_cache_path]}"code <<-EOHpip install fluent-loggerfluentd --setup /etc/fluentEOHuser 'root'not_if {File.exists?("#{Chef::Config[:file_cache_path]}/fluent_install")}end
- cassiano
On Sunday, May 26, 2013 at 18:02, David Montgomery wrote:
Hi,Of course not using chef and I run the code ..yup install works. What to I have to do to get chef to install . I am running ubuntu on ec2.
I am getting this error that is rather annoying.....
bash "compile_td-agent" do
cwd "#{Chef::Config[:file_cache_path]}"
code <<-EOH
curl -L http://toolbelt.treasure-data.com/sh/install-ubuntu-precise.sh | sh
sudo pip install fluent-logger
sudo fluentd --setup /etc/fluent
EOH
not_if {File.exists?("#{Chef::Config[:file_cache_path]}/fluent_install")}
end
================================================================================
Error executing action `run` on resource 'bash[compile_td-agent]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of "bash" "/tmp/chef-script20130526-7026-1f02aju" ----
STDOUT: This script requires superuser access to install apt packages.
You will be prompted for your password by sudo.
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise Release.gpg
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates Release.gpg
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise Release
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates Release
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/main Sources
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/universe Sources
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/main amd64 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/universe amd64 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/main i386 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/universe i386 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/main TranslationIndex
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/universe TranslationIndex
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/main Sources
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/universe Sources
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/main amd64 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/universe amd64 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/main i386 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/universe i386 Packages
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/main TranslationIndex
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/universe TranslationIndex
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/main Translation-en
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise/universe Translation-en
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/main Translation-en
Hit http://ap-southeast-1.ec2.archive.ubuntu.com precise-updates/universe Translation-en
Hit http://security.ubuntu.com precise-security Release.gpg
Hit http://security.ubuntu.com precise-security Release
Ign http://packages.treasure-data.com precise Release.gpg
Hit http://security.ubuntu.com precise-security/main Sources
Hit http://packages.treasure-data.com precise Release
Hit http://security.ubuntu.com precise-security/universe Sources
Ign http://packages.treasure-data.com precise/contrib amd64 Packages/DiffIndex
Hit http://security.ubuntu.com precise-security/main amd64 Packages
Ign http://packages.treasure-data.com precise/contrib i386 Packages/DiffIndex
Hit http://security.ubuntu.com precise-security/universe amd64 Packages
Ign http://packages.treasure-data.com precise/contrib TranslationIndex
Hit http://security.ubuntu.com precise-security/main i386 Packages
Hit http://security.ubuntu.com precise-security/universe i386 Packages
Hit http://security.ubuntu.com precise-security/main TranslationIndex
Hit http://security.ubuntu.com precise-security/universe TranslationIndex
Hit http://security.ubuntu.com precise-security/main Translation-en
Hit http://security.ubuntu.com precise-security/universe Translation-en
Hit http://packages.treasure-data.com precise/contrib amd64 Packages
Hit http://packages.treasure-data.com precise/contrib i386 Packages
Ign http://packages.treasure-data.com precise/contrib Translation-en
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
td-agent is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Requirement already satisfied (use --upgrade to upgrade): fluent-logger in /usr/local/lib/python2.7/dist-packages
Requirement already satisfied (use --upgrade to upgrade): msgpack-python in /usr/local/lib/python2.7/dist-packages (from fluent-logger)
Cleaning up...
STDERR: % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 483 100 483 0 0 605 0 --:--:-- --:--:-- --:--:-- 1568
sudo: fluentd: command not found
---- End output of "bash" "/tmp/chef-script20130526-7026-1f02aju" ----
Ran "bash" "/tmp/chef-script20130526-7026-1f02aju" returned 1
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/fluentd/recipes/default.rb
10: bash "compile_td-agent" do
11: user "root"
12: cwd "#{Chef::Config[:file_cache_path]}"
13: code <<-EOH
14: curl -L http://toolbelt.treasure-data.com/sh/install-ubuntu-precise.sh | sh
15: sudo pip install fluent-logger
16: sudo fluentd --setup /etc/fluent
17: EOH
18: not_if {File.exists?("#{Chef::Config[:file_cache_path]}/fluent_install")}
19: end
20:
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/fluentd/recipes/default.rb:10:in `from_file'
bash("compile_td-agent") do
action "run"
retries 0
retry_delay 2
command "\"bash\" \"/tmp/chef-script20130526-7026-1f02aju\""
backup 5
cwd "/var/chef/cache"
returns 0
user "root"
code " curl -L http://toolbelt.treasure-data.com/sh/install-ubuntu-precise.sh | sh\n sudo pip install fluent-logger\n sudo fluentd --setup /etc/fluent\n"
interpreter "bash"
cookbook_name "fluentd"
recipe_name "default"
not_if { #code block }
end
[2013-05-26T20:55:07+00:00] INFO: Running queued delayed notifications before re-raising exception
[2013-05-26T20:55:07+00:00] ERROR: Running exception handlers
[2013-05-26T20:55:07+00:00] ERROR: Creating JSON exception report
[2013-05-26T20:55:07+00:00] FATAL: Saving node information to /var/chef/cache/failed-run-data.json
[2013-05-26T20:55:07+00:00] ERROR: Exception handlers complete
Chef Client failed. 3 resources updated
[2013-05-26T20:55:07+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2013-05-26T20:55:07+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: bash[compile_td-agent] (fluentd::default line 10) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
Archive powered by MHonArc 2.6.16.