[chef] [CHEF] error creating jenkins user with the sudo cookbook

[Phil Cryer < >]

I'm using the Opscode sudo cookbook, and I've walked through the sudo
example on their site (http://docs.opscode.com/lwrp_sudo.html) but I
get an error 'validate_fragment' I've tried a few different things,
but can't find much else online on the topic; most refer to using sudo
to install chef, run chef-client, etc. Thanks

via a GIST here: https://gist.github.com/philcryer/7439401

text:

[...CONFIG...]
user "jenkins" do
    supports :manage_home => true
    comment "The Jenkins user that handles all deploys"
    home "/home/jenkins"
    shell "/bin/bash"
    password "12341234"
end
node['authorization']['sudo']['include_sudoers_d'] = true
include_recipe "sudo"
sudo "jenkins" do
  user "%jenkins"
  runas "app_user"
  commands ["/etc/init.d/httpd restart","chown -R apache:apache /var/www"]
  host "ALL"
  nopasswd true
end


[...LOGS...]
[2013-11-12T15:45:34-06:00] DEBUG: package[sudo] is already installed
- nothing to do
[2013-11-12T15:45:34-06:00] INFO: Processing directory[/etc/sudoers.d]
action create (sudo::default line 25)
[2013-11-12T15:45:34-06:00] INFO: Processing
cookbook_file[/etc/sudoers.d/README] action create (sudo::default line
31)
[2013-11-12T15:45:34-06:00] INFO: Processing template[/etc/sudoers]
action create (sudo::default line 39)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoers.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
6f178ce07803096acacaca23d243f2c2; manifest checksum:
6f178ce07803096acacaca23d243f2c2)
[2013-11-12T15:45:34-06:00] DEBUG: Current content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: Rendered content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: template[/etc/sudoers] content has
not changed.
[2013-11-12T15:45:34-06:00] INFO: Processing sudo[jenkins] action
install (base::default line 135)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoer.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
f1a732fa44ee8eacc9ada77f75d580d3; manifest checksum:
f1a732fa44ee8eacc9ada77f75d580d3)
[2013-11-12T15:45:34-06:00] ERROR: Fragment validation failed:


[2013-11-12T15:45:34-06:00] ERROR: # This file is managed by Chef.
# Do NOT modify this file directly.

%jenkins  ALL=(app_user) NOPASSWD:/etc/init.d/httpd restart
%jenkins  ALL=(app_user) NOPASSWD:chown -R apache:apache /var/www

[2013-11-12T15:45:34-06:00] FATAL: Template
/tmp/sudoer20131112-12809-j5303y failed fragment validation!

================================================================================
Error executing action `install` on resource 'sudo[jenkins]'
================================================================================

SystemExit
----------
exit

Cookbook Trace:
---------------
/var/chef/cache/cookbooks/sudo/providers/default.rb:51:in `validate_fragment!'
/var/chef/cache/cookbooks/sudo/providers/default.rb:96:in `render_sudoer'
/var/chef/cache/cookbooks/sudo/providers/default.rb:104:in `block in
class_from_file'

Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/base/recipes/default.rb

135: sudo "jenkins" do
136:   user "%jenkins"
137:   runas "app_user"
138:   commands ["/etc/init.d/httpd restart","chown -R apache:apache 
/opt/iaas"]
139:   host "ALL"
140:   nopasswd true
141: end

Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/base/recipes/default.rb:135:in
`from_file'

sudo("jenkins") do
  action :install
  supports {:report=>true, :exception=>true}
  retries 0
  retry_delay 2
  cookbook_name "base"
  recipe_name "default"
  user "%jenkins"
  runas "app_user"
  commands ["/etc/init.d/httpd restart", "chown -R apache:apache /opt/iaas"]
  host "ALL"
  nopasswd true
end

[2013-11-12T15:45:34-06:00] DEBUG: Re-raising exception: SystemExit -
sudo[jenkins] (base::default line 135) had an error: SystemExit: exit