search

phinze / puppet-sudoers

puppet module for managing sudoers
MIT License
8 stars 9 forks source link

Could not validate content with visudo -cq -f #11

Open ajlanghorn opened 8 years ago

ajlanghorn commented 8 years ago

I have phinze/sudoers in my Puppetfile, and I'm instantiating it as follows:

  sudoers::allowed_command { 'foo':
    command => 'bar',
    user => 'baz',
    require_password => false
  }

where, of course, each of these has a valid value for each key.

Running inside Vagrant (Hashicorp :heart:), when the Puppet provisioner runs, I get:

Error: could not validate content with command /usr/sbin/visudo -cq -f at /var/lib/puppet/vendor/modules/sudoers/manifests/allowed_command.pp:73 on node node0.dev

Any ideas?

ajlanghorn commented 8 years ago

Okay, it seems related to this function - https://github.com/phinze/puppet-sudoers/blob/master/lib/puppet/parser/functions/validate.rb - which copies the existing sudoers file to make changes to that. I think.

Digging.

oc243 commented 8 years ago

I found the same issue and it was caused by the sudo package not being installed. It seems that even if you use puppet to ensure that sudo is present (even setting an appropriate dependency on the package), the validate function is called before the puppet begins to apply the manifests. As such, the validation fails. My HACK to get around this is to apt-get install sudo before running puppet in my Vagrantfile.

BrianSipos commented 4 years ago

I'm seeing this same issue on CentOS 7 and CentOS 8 now. It's not related to a missing package install but something causing the ruby system() call to exit with code 32512.

jorp commented 3 years ago

has anyone found a workaround or fix for this?