Open cdenneen opened 2 years ago
Module Version 7.0.2 Puppet Version 6.25.1 CentOS 7
Hello,
This is important, it's broken on all RedHat family at least, since puppet 4 versioncmp function only accepts strings.
Centos: 7.9 Puppet Agent: 7.x
Change line 87 on puppet master from: if (versioncmp($::sudoversion, '1.7.2p1') < 0)
To: if (versioncmp("$::sudoversion", '1.7.2p1') < 0)
I just ran into this issue this past week and found a fix/workaround that might help others before it gets fixed in the sudo module. This was all done with CentOS7, so I am not sure if it would be prevalent in other versions. In the following rb file, it looks like the sudoversion
fact is created by running sudo -V 2>&1
https://github.com/saz/puppet-sudo/blob/master/lib/facter/sudoversion.rb
Whenever I tried to run that command manually, I got the following:
# sudo --version /var/tmp/scl7Hipfg: line 8: --version: command not found
So the module is not getting a valid string when looking up the sudo version. In this instance, the issue is instigated by the version of sudo I have installed. Well, more specifically, a wrapper script that came with devtoolset-7
and was first in my PATH:
/opt/rh/devtoolset-7/root/usr/bin/sudo
This is known to cause issues with parsing sudo options and has been documented in a few different bug reports, such as:
https://bugzilla.redhat.com/show_bug.cgi?id=1319936
So if you run into errors with the sudo module, check the PATH for sudo
to see which one it is using. The fix for this is to either remove /opt/rh/devtoolset-7/root/usr/bin
from your PATH or at least prepend /usr/bin/sudo
to it. This only needs to happen for the root user since Puppet needs to run as root
.
I hope this helps others save some time.
@kilianw can you check, if you're seeing the same as reported by @dwest-galois ? Tests are working fine on CentOS 7 and I'm confused, how's that possible.
@saz - My testing has been successful on CentOS 7, Alma 8 and Ubuntu 20.
The redhat devtoolset isn't installed.
As this issue is related to some additional package on RedHat, it's not helping to fix the issue by just converting the fact to a string.
Instead, I'd rather change the fact:
sudo
as command, check if the full path contains /devtoolset-
/usr/bin/sudo
, instead of just using sudo
This should keep the fact compatible on all systems and fix it, if the devtools-7
package is installed.
Is this change still needed? :thinking:
Looks like these are still valid issues:
https://github.com/saz/puppet-sudo/issues/264 https://github.com/saz/puppet-sudo/issues/260