vagrant-aws icon indicating copy to clipboard operation
vagrant-aws copied to clipboard

Published 20 hours ago verified publisher icon mitchellh

rsync__args ADDED instead of REPLACED

Open frumpel opened this issue 10 years ago • 5 comments

With the following definition in Vagrantfile (Vagrant 1.7.1, OSX Yosemite)

boxdef.vm.synced_folder "./configs", "/root/configs", type: "rsync", rsync_exclude: [ ".git", ".svn" ], rsync__args: [ "--verbose", "--rsync-path='/usr/bin/rsync'", "--archive" ]

I get the following error - triggered by the recurring sudo / tty issue but fundamentally because the rsync__args are ADDED instead of REPLACED:

There was an error when attempting to rsync a synced folder.
Please inspect the error message below for more info.

Host path: /Users/rpotucek/smart/swops/saltstack/SmartAmp/structured-configs/vagrant/smex/syndic-smex/configs/
Guest path: /root/configs
Command: rsync --verbose --rsync-path='/usr/bin/rsync' --archive --no-owner --no-group --rsync-path sudo rsync -e ssh -p 22 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i '/Users/rpotucek/smart/amazon/sl-devops/sl-devops-prod' --exclude .vagrant/ /Users/rpotucek/smart/swops/saltstack/SmartAmp/structured-configs/vagrant/smex/syndic-smex/configs/ [email protected]:/root/configs
Error: Warning: Permanently added '54.148.218.46' (RSA) to the list of known hosts.
sudo: sorry, you must have a tty to run sudo
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-45/rsync/io.c(453) [sender=2.6.9]

Basically this closes off all avenues other than changing the /etc/sudoers file in trying to start up from a pristine image:

  • config.ssh.pty = true is still not honored as best I can tell
  • rsync option overrides do not work

and I would be fine with either being fixed :)

Rudolf

frumpel avatar Dec 18 '14 21:12 frumpel

I don't like this workaround but that is what I am using right now in /etc/sudoers

Defaults    !requiretty

lvnilesh avatar Dec 31 '14 00:12 lvnilesh

Also having this one. I see that the vagrant-rackspace plugin provides an init_script parameter that can be used to comment out the line in sudoers:

config.vm.provider :rackspace do |rs|
    rs.username = "YOUR USERNAME"
    rs.api_key  = "YOUR API KEY"
    rs.flavor   = /1 GB Performance/
    rs.image    = /^CentOS/
    rs.init_script = 'sed -i\'.bk\' -e \'s/^\(Defaults\s\+requiretty\)/# \1/\' /etc/sudoers'
  end

Would this be possible to implement for the aws provider? While not the optimal solution, it allows starting up a machine in one go (instead of manually logging in and editing /etc/sudoers).

xaniasd avatar Jan 02 '15 14:01 xaniasd

There's a aws parameter that might do the trick: aws.user_data = 'sed -i\'.bk\' -e \'s/^\(Defaults\s\+requiretty\)/# \1/\' /etc/sudoers'

eresende avatar Jan 02 '15 18:01 eresende

I have experimented with pty settings and have come to realize that even if config.ssh.pty did work it would not solve the problem because rsync would still break - this time because of the login text garbling up its communication. So if you want to use sudo you pretty much have to use the ! requiretty method.

Being able to properly control rsync__args would somewhat alleviate the problem because it would be possible to suppress the sudo for instances where it's not even required because the login name is root. However, cloud images that have cloud-init installed will be default nerf root's ability to log in directly in favour of some "unprivileged user with unlimited sudo" security theater and the code that does the merging is a (stunningly insecure) string concatenation rather than some sort of dict merge. As such I don't think the small benefit outweighs the cost of fixing the code that assembles the ssh/rsync command in the first place.

I have ultimately opted for the following scripted process:

  • create a base image - do this with suppressing any copy and provisioning steps - basically vagrant gets relegated to an API wrapper for starting the VM and exporting an ssh-config
  • ssh into the box using ssh -F {ssh-config exported in previous step} -tt sudo {whatever you need for base image creation}
  • convert the resulting image to a base AMI
  • build the desired VMs with a completely separate vagrant configuration that reads the AMI id and works as expected - with sudo still in place.

If anything it would be nice if it was possible to create an ordered list of provisioning steps like this:

  config.vm.provision_steps = [
    { "provision" => true, "ssh_options" => "-tt", "cmd" => "sudo echo 'Default !requiretty' > /etc/sudoers.d/999-sudo-no-requiretty" }  
    { "synced_folder" => true , "src" => "./config/", "dst" => "/root/vagrant/", "type" => "rsync", "rsync_exclude" => ".svn" },
    { "provision" => true, "cmd" => "bash /root/vagrant/remote_bootstrap.sh" },
    ...
  ]

so that the major benefit of Vagrant - being able to provision in parallel - would be retained.

frumpel avatar Jan 03 '15 01:01 frumpel

The rsync worked for me with:

config.ssh.pty = true

You may also add this line to your Vagrantfile (as per @eresende post):

aws.user_data = 'sed -i\'.bak\' -e \'s/^\(Defaults\s\+requiretty\)/# \1/\' /etc/sudoers'

Related: mitchellh/vagrant/issues/6780

kenorb avatar Dec 02 '16 00:12 kenorb