3

I'm developing an automatic bootstrapper for some servers as we are using Amazon EC2 for our infrastructure.

What I do is: run a Fabric script which connects to EC2 and initializes a new instance, putting in user-data a cloud-init script. This script checks out a Mercurial project which contains Fabric tasks, then, after the checkout, the script will find out which type of server it's running in and execute a specific local Fabric task.

My problem is that some tasks needs to run sudo commands, as the script was initialized from cloud-init it happens that sudo warns about needing to run over a tty, I tried to modify that to run su --session-command="my commands to restart services" root and it doesn't (and seems like that shouldn't) work at all.

So, how can I run sudo commands in this boot script?

Some code:

cloud_init_script:

#!/bin/sh
su --session-command="\
source /etc/profile; \
cd /home/my_user; \
hg clone ssh://fabric_tasks_repo fabric; \
/usr/local/bin/fab -f /home/my_user/fabric/fabfile.py \`ec2-describe-tags   --filter \"resource-type=instance\"   --filter \"resource-id=$(ec2-metadata -i | cut -d ' ' -f2)\"   --filter \"key=type\" | cut -f5\` > /home/my_user/fabric.log 2>&1" my_user &

The trick in the /usr/local/bin/fab line is that it'll run some ec2 scripts to check which tag-key "type" the server is in.

victorcampos
  • 185
  • 1
  • 6
  • I am also running into the same issue while calling sudo from my yaml file on Cent OS 7.1 under template section. cloud-init[2046]: + sudo rpm -Uvh http://repos.mesosphere.com/el/7/noarch/RPMS/mesosphere-el-repo-7-1.noarch.rpm cloud-init[2046]: sudo: sorry, you must have a tty to run sudo Is there any work around? Please suggest. Thanks. Thanks, Govind – Govindaraj Venkatesan Oct 31 '15 at 00:45

2 Answers2

4
sudo: Sorry, you must have a tty to run sudo

Run visudo and add the following line to disable requiretty for your user:

Defaults:username !requiretty
quanta
  • 51,413
  • 19
  • 159
  • 217
1

your best bet (and probably most reliable) is to give the user correct sudo access to the commands needed and with the NOPASSWD flag

eg if your user running the script is bob, to reload nginx via sudo without a password the syntax of /etc/sudoers would be:

bob ALL= NOPASSWD: /etc/init.d/nginx reload

your script above would effectively be changed to:

sudo -u my_user hg clone ssh://fabric_tasks_repo /home/my_user/fabric
sudo -u my_user /usr/local/bin/fab -f /home/my_user/fabric/fabfile.py `ec2-describe-tags   --filter "resource-type=instance"   --filter "resource-id=$(ec2-metadata -i | cut -d ' ' -f2)"   --filter "key=type" | cut -f5` > /home/my_user/fabric.log 2>&1 &

you may or may not need to escape your quotes but i removed them for clarity

so your sudoers file has the user you run the script as, but it can run those commands as the user my_user

anthonysomerset
  • 4,233
  • 2
  • 21
  • 24
  • I already have my user in a group which sudoers allow NOPASSWD. I don't know if I made it clear in my question, the problem is that this script runs in cloud-init (rc.level-like) and when it tries to run any sudo commands it'll get this message: `sudo: Sorry, you must have a tty to run sudo` so, there's no tty and my fabric tasks need to run some sudo commands. – victorcampos Oct 24 '11 at 21:23