Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

knife bootstrap with --use-sudo-password doesn't prompt for a password and doesn't take one from the CLI #9404

Open
mattray opened this issue Feb 27, 2020 · 9 comments

Comments

@mattray
Copy link
Member

@mattray mattray commented Feb 27, 2020

Possibly a duplicate of #2887, but that appears to be for pre-Train versions of knife. The following is with Chef Infra Client: 16.0.89.

No --sudo

$ knife bootstrap ndnd -U mattray -N endend -y
Connecting to ndnd
Creating new node for endend
Bootstrapping ndnd
 [ndnd] -----> Existing Chef Infra Client installation detected
 [ndnd] /tmp/chef_dRgYPF/bootstrap.sh: 181: /tmp/chef_dRgYPF/bootstrap.sh: cannot create /etc/chef/client.pem: Permission denied
ERROR: The following error occurred on ndnd:
ERROR: /tmp/chef_dRgYPF/bootstrap.sh: 181: /tmp/chef_dRgYPF/bootstrap.sh: cannot create /etc/chef/client.pem: Permission denied

With --sudo

$ knife bootstrap ndnd -U mattray -N endend -y --sudo
Connecting to ndnd
ERROR: Train::UserError: Sudo failed: Sudo requires a password, please configure it.

With --sudo and --use-sudo-password

$ knife bootstrap ndnd -U mattray -N endend --sudo --use-sudo-password -y
Connecting to ndnd
ERROR: Train::UserError: Sudo failed: Sudo requires a password, please configure it.

Adding --connection-password or --ssh-password PASSWORD doesn't work either

$ knife bootstrap ndnd -U mattray -N endend --sudo --use-sudo-password -y --connection-password PASSWORD
Connecting to ndnd
ERROR: Train::UserError: Sudo failed: Sudo requires a password, please configure it.

Running with -VVV shows

DEBUG: [SSH] Using Agent keys as no password or key file have been specified
DEBUG: [SSH] opening connection to mattray@ndnd
DEBUG: [SSH] using options {:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>60, :auth_methods=>["none", "publickey"], :keys_only=>nil, :keys=>[], :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:accept_new}
DEBUG: [SSH] mattray@ndnd cmd = cmd.exe /c ver
DEBUG: [SSH] mattray@ndnd cmd = Get-WmiObject Win32_OperatingSystem | Select Caption,Version | ConvertTo-Json
DEBUG: [SSH] mattray@ndnd cmd = uname -s
DEBUG: [SSH] mattray@ndnd cmd = uname -m
DEBUG: [SSH] mattray@ndnd cmd = test -f /etc/debian_version
DEBUG: [SSH] mattray@ndnd cmd = test -f /etc/lsb-release && cat /etc/lsb-release
DEBUG: [SSH] mattray@ndnd cmd = test -f /usr/bin/lsb-release && cat /usr/bin/lsb-release
DEBUG: [SSH] mattray@ndnd cmd = test -f /etc/os-release && cat /etc/os-release
DEBUG: [SSH] mattray@ndnd cmd = test -f /usr/bin/raspi-config
DEBUG: [SSH] mattray@ndnd cmd = test -f /etc/debian_version && cat /etc/debian_version
DEBUG: [SSH] mattray@ndnd cmd = sh -c '(sudo -v) < /dev/null'
Traceback (most recent call last):
	18: from /Users/mattray/.gem/ruby/2.6.5/bin/knife:23:in `<main>'
	17: from /Users/mattray/.gem/ruby/2.6.5/bin/knife:23:in `load'
	16: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/bin/knife:24:in `<top (required)>'
	15: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/application/knife.rb:163:in `run'
	14: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife.rb:229:in `run'
	13: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife.rb:483:in `run_with_pretty_exceptions'
	12: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/local_mode.rb:42:in `with_server_connectivity'
	11: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife.rb:484:in `block in run_with_pretty_exceptions'
	10: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife/bootstrap.rb:574:in `run'
	 9: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife/bootstrap.rb:625:in `connect!'
	 8: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife/bootstrap.rb:697:in `do_connect'
	 7: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife/bootstrap/train_connector.rb:70:in `connect!'
	 6: from /Users/mattray/.gem/ruby/2.6.5/gems/chef-16.0.89/lib/chef/knife/bootstrap/train_connector.rb:57:in `connection'
	 5: from /Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/transports/ssh.rb:82:in `connection'
	 4: from /Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/transports/ssh.rb:240:in `create_new_connection'
	 3: from /Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/transports/ssh.rb:240:in `new'
	 2: from /Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/transports/ssh_connection.rb:57:in `initialize'
	 1: from /Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/extras/command_wrapper.rb:193:in `load'
/Users/mattray/.gem/ruby/2.6.5/gems/train-core-3.2.22/lib/train/extras/command_wrapper.rb:95:in `verify!': Sudo failed: Sudo requires a password, please configure it. (Train::UserError)
@mattray

This comment has been minimized.

Copy link
Member Author

@mattray mattray commented Feb 27, 2020

The CLI indicates that this doesn't take a value (which wouldn't be desired really), but it also doesn't prompt so it doesn't work.

        --use-sudo-password          Execute the bootstrap via sudo with password.
@mattray mattray changed the title knife bootstrap with --use-sudo-password doesn't prompt for a password knife bootstrap with --use-sudo-password doesn't prompt for a password and doesn't take one from the CLI Feb 27, 2020
@clintoncwolfe

This comment has been minimized.

Copy link

@clintoncwolfe clintoncwolfe commented Mar 2, 2020

This is apparently undocumented, but the current behavior is to re-use the value passed for -P as the sudo password id --use-sudo-password is provided.

@clintoncwolfe

This comment has been minimized.

Copy link

@clintoncwolfe clintoncwolfe commented Mar 2, 2020

The bug (not being able to get sudo to work at all) is believed to be fixed with train 3.2.23 on inspec/train#576

@johngun3

This comment has been minimized.

Copy link

@johngun3 johngun3 commented Mar 6, 2020

I'm running into this problem as well. When will that train fix show up in a new version if chef infra client? I read you do releases in the second week of each month so sometime next week?

@dheerajd-msys dheerajd-msys self-assigned this Mar 9, 2020
@mattray

This comment has been minimized.

Copy link
Member Author

@mattray mattray commented Mar 11, 2020

Testing with the pre-release Chef Infra Client: 16.0.128 finds that the behavior of

knife bootstrap ndnd -U mattray -N endend --sudo --use-sudo-password -y --connection-password PASSWORD

now works. Leaving off the --connection-password still doesn't prompt for a password though.

@dheerajd-msys

This comment has been minimized.

Copy link
Contributor

@dheerajd-msys dheerajd-msys commented Mar 16, 2020

@mattray Thanks for confirmation, So now that it is working we can close this issue.

@mattray

This comment has been minimized.

Copy link
Member Author

@mattray mattray commented Mar 16, 2020

@dheerajd-msys this issue is still a problem. There's still no prompt for a password, you have to add it on the CLI and that's a regression from Chef 13.

@mikedehaan

This comment has been minimized.

Copy link

@mikedehaan mikedehaan commented Mar 17, 2020

Is there a workaround for this? I can't bootstrap a standard Amazon Linux 2 instance.

@dheerajd-msys dheerajd-msys reopened this Mar 17, 2020
@mikedehaan

This comment has been minimized.

Copy link

@mikedehaan mikedehaan commented Mar 21, 2020

Is there a workaround for this? I can't bootstrap a standard Amazon Linux 2 instance.

My temp workaround was to write a script to:

  1. SSH into the target box and enable PasswordAuthentication in sshd_config and restart sshd
  2. Assign a password to root
  3. Run the bootstrap as root using the assigned password
  4. Remove the root password
  5. Disable PasswordAuthentication and restart sshd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.