Error creating jenkins user with the sudo cookbook

I’m using the Opscode sudo cookbook, and I’ve walked through the sudo
example on their site (http://docs.opscode.com/lwrp_sudo.html) but I
get an error ‘validate_fragment’ I’ve tried a few different things,
but can’t find much else online on the topic; most refer to using sudo
to install chef, run chef-client, etc. Thanks

via a GIST here: https://gist.github.com/philcryer/7439401

text:

[…CONFIG…]
user “jenkins” do
supports :manage_home => true
comment "The Jenkins user that handles all deploys"
home "/home/jenkins"
shell "/bin/bash"
password "12341234"
end
node[‘authorization’][‘sudo’][‘include_sudoers_d’] = true
include_recipe "sudo"
sudo “jenkins” do
user “%jenkins"
runas “app_user"
commands [”/etc/init.d/httpd restart”,“chown -R apache:apache /var/www”]
host "ALL"
nopasswd true
end

[…LOGS…]
[2013-11-12T15:45:34-06:00] DEBUG: package[sudo] is already installed

  • nothing to do
    [2013-11-12T15:45:34-06:00] INFO: Processing directory[/etc/sudoers.d]
    action create (sudo::default line 25)
    [2013-11-12T15:45:34-06:00] INFO: Processing
    cookbook_file[/etc/sudoers.d/README] action create (sudo::default line

[2013-11-12T15:45:34-06:00] INFO: Processing template[/etc/sudoers]
action create (sudo::default line 39)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoers.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
6f178ce07803096acacaca23d243f2c2; manifest checksum:
6f178ce07803096acacaca23d243f2c2)
[2013-11-12T15:45:34-06:00] DEBUG: Current content’s checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: Rendered content’s checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: template[/etc/sudoers] content has
not changed.
[2013-11-12T15:45:34-06:00] INFO: Processing sudo[jenkins] action
install (base::default line 135)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoer.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
f1a732fa44ee8eacc9ada77f75d580d3; manifest checksum:
f1a732fa44ee8eacc9ada77f75d580d3)
[2013-11-12T15:45:34-06:00] ERROR: Fragment validation failed:

[2013-11-12T15:45:34-06:00] ERROR: # This file is managed by Chef.

Do NOT modify this file directly.

%jenkins ALL=(app_user) NOPASSWD:/etc/init.d/httpd restart
%jenkins ALL=(app_user) NOPASSWD:chown -R apache:apache /var/www

[2013-11-12T15:45:34-06:00] FATAL: Template
/tmp/sudoer20131112-12809-j5303y failed fragment validation!

================================================================================
Error executing action install on resource ‘sudo[jenkins]’

SystemExit

exit

Cookbook Trace:

/var/chef/cache/cookbooks/sudo/providers/default.rb:51:in validate_fragment!' /var/chef/cache/cookbooks/sudo/providers/default.rb:96:inrender_sudoer’
/var/chef/cache/cookbooks/sudo/providers/default.rb:104:in `block in
class_from_file’

Resource Declaration:

In /var/chef/cache/cookbooks/base/recipes/default.rb

135: sudo “jenkins” do
136: user “%jenkins"
137: runas “app_user"
138: commands [”/etc/init.d/httpd restart”,“chown -R apache:apache /opt/iaas”]
139: host "ALL"
140: nopasswd true
141: end

Compiled Resource:

Declared in /var/chef/cache/cookbooks/base/recipes/default.rb:135:in

`from_file’

sudo(“jenkins”) do
action :install
supports {:report=>true, :exception=>true}
retries 0
retry_delay 2
cookbook_name "base"
recipe_name "default"
user “%jenkins"
runas “app_user"
commands [”/etc/init.d/httpd restart”, “chown -R apache:apache /opt/iaas”]
host "ALL"
nopasswd true
end

[2013-11-12T15:45:34-06:00] DEBUG: Re-raising exception: SystemExit -
sudo[jenkins] (base::default line 135) had an error: SystemExit: exit

It's simple, you can't name a system user "%jenkins".

2013/11/12 Phil Cryer phil@philcryer.com:

I'm using the Opscode sudo cookbook, and I've walked through the sudo
example on their site (http://docs.opscode.com/lwrp_sudo.html) but I
get an error 'validate_fragment' I've tried a few different things,
but can't find much else online on the topic; most refer to using sudo
to install chef, run chef-client, etc. Thanks

via a GIST here: [CHEF] error creating jenkins user with the sudo cookbook · GitHub

text:

[...CONFIG...]
user "jenkins" do
supports :manage_home => true
comment "The Jenkins user that handles all deploys"
home "/home/jenkins"
shell "/bin/bash"
password "12341234"
end
node['authorization']['sudo']['include_sudoers_d'] = true
include_recipe "sudo"
sudo "jenkins" do
user "%jenkins"
runas "app_user"
commands ["/etc/init.d/httpd restart","chown -R apache:apache /var/www"]
host "ALL"
nopasswd true
end

[...LOGS...]
[2013-11-12T15:45:34-06:00] DEBUG: package[sudo] is already installed

  • nothing to do
    [2013-11-12T15:45:34-06:00] INFO: Processing directory[/etc/sudoers.d]
    action create (sudo::default line 25)
    [2013-11-12T15:45:34-06:00] INFO: Processing
    cookbook_file[/etc/sudoers.d/README] action create (sudo::default line

[2013-11-12T15:45:34-06:00] INFO: Processing template[/etc/sudoers]
action create (sudo::default line 39)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoers.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
6f178ce07803096acacaca23d243f2c2; manifest checksum:
6f178ce07803096acacaca23d243f2c2)
[2013-11-12T15:45:34-06:00] DEBUG: Current content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: Rendered content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: template[/etc/sudoers] content has
not changed.
[2013-11-12T15:45:34-06:00] INFO: Processing sudo[jenkins] action
install (base::default line 135)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoer.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
f1a732fa44ee8eacc9ada77f75d580d3; manifest checksum:
f1a732fa44ee8eacc9ada77f75d580d3)
[2013-11-12T15:45:34-06:00] ERROR: Fragment validation failed:

[2013-11-12T15:45:34-06:00] ERROR: # This file is managed by Chef.

Do NOT modify this file directly.

%jenkins ALL=(app_user) NOPASSWD:/etc/init.d/httpd restart
%jenkins ALL=(app_user) NOPASSWD:chown -R apache:apache /var/www

[2013-11-12T15:45:34-06:00] FATAL: Template
/tmp/sudoer20131112-12809-j5303y failed fragment validation!

================================================================================
Error executing action install on resource 'sudo[jenkins]'

SystemExit

exit

Cookbook Trace:

/var/chef/cache/cookbooks/sudo/providers/default.rb:51:in validate_fragment!' /var/chef/cache/cookbooks/sudo/providers/default.rb:96:in render_sudoer'
/var/chef/cache/cookbooks/sudo/providers/default.rb:104:in `block in
class_from_file'

Resource Declaration:

In /var/chef/cache/cookbooks/base/recipes/default.rb

135: sudo "jenkins" do
136: user "%jenkins"
137: runas "app_user"
138: commands ["/etc/init.d/httpd restart","chown -R apache:apache /opt/iaas"]
139: host "ALL"
140: nopasswd true
141: end

Compiled Resource:

Declared in /var/chef/cache/cookbooks/base/recipes/default.rb:135:in

`from_file'

sudo("jenkins") do
action :install
supports {:report=>true, :exception=>true}
retries 0
retry_delay 2
cookbook_name "base"
recipe_name "default"
user "%jenkins"
runas "app_user"
commands ["/etc/init.d/httpd restart", "chown -R apache:apache /opt/iaas"]
host "ALL"
nopasswd true
end

[2013-11-12T15:45:34-06:00] DEBUG: Re-raising exception: SystemExit -
sudo[jenkins] (base::default line 135) had an error: SystemExit: exit

Thanks!

On Fri, Nov 15, 2013 at 3:25 AM, Jorge Bianquetti jbianquetti@gmail.comwrote:

It's simple, you can't name a system user "%jenkins".

2013/11/12 Phil Cryer phil@philcryer.com:

I'm using the Opscode sudo cookbook, and I've walked through the sudo
example on their site (http://docs.opscode.com/lwrp_sudo.html) but I
get an error 'validate_fragment' I've tried a few different things,
but can't find much else online on the topic; most refer to using sudo
to install chef, run chef-client, etc. Thanks

via a GIST here: [CHEF] error creating jenkins user with the sudo cookbook · GitHub

text:

[...CONFIG...]
user "jenkins" do
supports :manage_home => true
comment "The Jenkins user that handles all deploys"
home "/home/jenkins"
shell "/bin/bash"
password "12341234"
end
node['authorization']['sudo']['include_sudoers_d'] = true
include_recipe "sudo"
sudo "jenkins" do
user "%jenkins"
runas "app_user"
commands ["/etc/init.d/httpd restart","chown -R apache:apache
/var/www"]
host "ALL"
nopasswd true
end

[...LOGS...]
[2013-11-12T15:45:34-06:00] DEBUG: package[sudo] is already installed

  • nothing to do
    [2013-11-12T15:45:34-06:00] INFO: Processing directory[/etc/sudoers.d]
    action create (sudo::default line 25)
    [2013-11-12T15:45:34-06:00] INFO: Processing
    cookbook_file[/etc/sudoers.d/README] action create (sudo::default line

[2013-11-12T15:45:34-06:00] INFO: Processing template[/etc/sudoers]
action create (sudo::default line 39)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoers.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
6f178ce07803096acacaca23d243f2c2; manifest checksum:
6f178ce07803096acacaca23d243f2c2)
[2013-11-12T15:45:34-06:00] DEBUG: Current content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: Rendered content's checksum:
261759ea279ca54103844c4a929fbcd3bd8b29f3e339ef334cbdea2405e7bd31
[2013-11-12T15:45:34-06:00] DEBUG: template[/etc/sudoers] content has
not changed.
[2013-11-12T15:45:34-06:00] INFO: Processing sudo[jenkins] action
install (base::default line 135)
[2013-11-12T15:45:34-06:00] DEBUG: Not fetching
cookbooks/sudo/templates/default/sudoer.erb, as the cache is up to
date.
[2013-11-12T15:45:34-06:00] DEBUG: current checksum:
f1a732fa44ee8eacc9ada77f75d580d3; manifest checksum:
f1a732fa44ee8eacc9ada77f75d580d3)
[2013-11-12T15:45:34-06:00] ERROR: Fragment validation failed:

[2013-11-12T15:45:34-06:00] ERROR: # This file is managed by Chef.

Do NOT modify this file directly.

%jenkins ALL=(app_user) NOPASSWD:/etc/init.d/httpd restart
%jenkins ALL=(app_user) NOPASSWD:chown -R apache:apache /var/www

[2013-11-12T15:45:34-06:00] FATAL: Template
/tmp/sudoer20131112-12809-j5303y failed fragment validation!

================================================================================

Error executing action install on resource 'sudo[jenkins]'

================================================================================

SystemExit

exit

Cookbook Trace:

/var/chef/cache/cookbooks/sudo/providers/default.rb:51:in
validate_fragment!' /var/chef/cache/cookbooks/sudo/providers/default.rb:96:in render_sudoer'
/var/chef/cache/cookbooks/sudo/providers/default.rb:104:in `block in
class_from_file'

Resource Declaration:

In /var/chef/cache/cookbooks/base/recipes/default.rb

135: sudo "jenkins" do
136: user "%jenkins"
137: runas "app_user"
138: commands ["/etc/init.d/httpd restart","chown -R apache:apache
/opt/iaas"]
139: host "ALL"
140: nopasswd true
141: end

Compiled Resource:

Declared in /var/chef/cache/cookbooks/base/recipes/default.rb:135:in

`from_file'

sudo("jenkins") do
action :install
supports {:report=>true, :exception=>true}
retries 0
retry_delay 2
cookbook_name "base"
recipe_name "default"
user "%jenkins"
runas "app_user"
commands ["/etc/init.d/httpd restart", "chown -R apache:apache
/opt/iaas"]
host "ALL"
nopasswd true
end

[2013-11-12T15:45:34-06:00] DEBUG: Re-raising exception: SystemExit -
sudo[jenkins] (base::default line 135) had an error: SystemExit: exit

--
http://philcryer.com/