Puppet 4 - Ubuntu 16.04 - /etc/sudoers does not get overwritten.

[craigmonson]

Ubuntu - 16.04 Puppet - 4.5.3 Running via test kitchen - 1.9.1 box: "ubuntu/xenial64" box_version: "20160606.1.0"

doing: include ::sudo or class { 'sudo': } or class { 'sudo': config_file_replace => true } does not purge /etc/sudoers as noted in the documentation.

There's also no mention (obvious maybe) in the puppet run output for /etc/sudoers

[borian]

I am having the same issue

the variables to replace the file are set correctly:

• $file_ensure: present
• $config_file_group: root
• $config_file_replace: true
• $source: puppet:///modules/sudo/filessudoers.ubuntu

[jg-development]

Hi, the problem ist in the config.pp

$configs = hiera_hash('sudo::configs', $configs_hash)

Hiera with puppet 4 now uses lookup new example with deep merge:

$configs = lookup('sudo::configs', Hash, {"strategy" => "deep", "merge_hash_arrays" => true}, $configs_hash)

Greetings Jan

[law]

I am also having this same issue

[saz]

Can you try it with the newest release, if this is still happening for you?

[saz]

Any news on this?

[jg-development]

I think I can try it today and give u some feedback

[jg-development]

Hi, I tried with the following: Vagrant Box with Ubuntu 16.04 Puppet 4.8.1 sudo version 4.1.0

sudo.yaml

---
classes:
    - sudo
sudo:
  ensure: present
sudo::configs:
  'ubuntu_admin':
    content: "ubuntu ALL=(ALL) NOPASSWD: ALL"
    priority: 10

default.pp

include ::sudo
include ::sudo::configs

Result: The sudoers file does not get overwritten and the configs are not included. With the modification from above it does work:

$configs = lookup('sudo::configs', Hash, {"strategy" => "deep", "merge_hash_arrays" => true}, $configs_hash)

Greetings Jan

[template-provider]

hi ... which version do you mean? works for me:

root@tp64:/home/ubuntu# cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"

ubuntu@tp64:~$ puppet agent --version
4.10.0

root@tp64:/home/ubuntu# cat /etc/sudoers.d/10_ubuntu_admin 
ubuntu ALL=(ALL) NOPASSWD: ALL

[template-provider]

Tested with module version 4.10

[jg-development]

Hi @hboetes , /etc/sudoers is replaced for me too.

root@tp64:/home/ubuntu# cat /etc/sudoers
# file managed by puppet (unless config_file_replace=false)
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

==> default: Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}e8e73f16ed73309df7574c12fbcc0af7' to '{md5}96d9cd290b72e37c1079aa2b4469491a'

Greetings Jan

[jg-development]

Hi, I only use the hiera lookup as seen above with:

  include ::sudo
  include ::sudo::configs

Every change in the template file results in a new sudoers files. From my side with the pull request everything ist ok. Could you test it with a hiera lookup? Greeting Jan

[saz]

Please give the current master a try