0

I am trying to edit the existing user_management cookbook on the supermarket to include sudoers. I seem to be having problems properly defining the sudoers_groups variable within the template.

Link to default cookbook https://github.com/FFIN/user_management/blob/master/recipes/default.rb

Here is what my vault looks like.

knife vault show testusers john

action:       create
comment:      John Smith
dbpass:       secret
gid:          john
id:           john
password:     $1$d$xKNtrFrifo6f7tLFW1xh750
shell:        /bin/bash
sudo_pwdless: true
sudoer:       false
sudoer_group:
  command:      ALL
  name:         admin
  sudo_pwdless: false
  command:      ALL
  name:         wheel
  sudo_pwdless: false
  command:      ALL
  name:         sysadmin
  sudo_pwdless: true
uid:          1002
username:     john`

Here is the template section of my recipe

sudoer_users = Array.new()
if user['sudoer']
               command = user['command'] ? user['command'] : 'ALL'
               hash = { :uname => user['username'], :command => command, :sudo_pwdless => user['sudo_pwdless'] }
               sudoer_users.push(hash)
        end

template "/etc/sudoers" do
     source 'sudoers.erb'
     mode   '0440'
     owner  'root'
     group  node['root_group']
     variables(
              :sudoers_users     => sudoer_users,
              :sudoers_groups     =>  node[:testcookbook][:testusers][:sudoer_group]
     )
     only_if { sudoer_users }
end

When i run the recipe, i get the following error

Recipe Compile Error in /var/chef/cache/cookbooks/newuser/recipes/default.rb   ============================================.    ====================================    NoMethodError
  -------------`

undefined method [] for nil:NilClass

template "/etc/sudoers" do 61: source 'sudoers.erb' 62: mode '0440' 63: owner 'root' 64: group node['root_group'] 65: variables( 66: :sudoers_users => sudoer_users, 67>> :sudoers_groups => node[ :testcookbook][ :testusers][ :sudoer_group] 68: ) 69: only_if { sudoer_users } 70: end

My question is how do i go about defining the sudoers_group variable so that it only iterates the sudoer_group section within the vault?

jedifans
  • 2,287
  • 1
  • 13
  • 9
jebjeb
  • 115
  • 1
  • 4
  • 12
  • Why not use the sudo cookbook from supermarket to do this too? – jedifans Aug 27 '16 at 21:12
  • Your issue in the output is due to the line indicated in the output with the >>, `node[ :testcookbook][ :testusers][ :sudoer_group]` - is that defined in your cookbook's attributes as an empty array by default? – jedifans Aug 27 '16 at 21:15
  • i have this defined in my attributes `default['testcookbook']['testusers']['sudoer_group'] = [ 'sysadmin', 'wheel', 'admin' ]`. Still getting the same error. – jebjeb Aug 28 '16 at 05:14

2 Answers2

0

Unfortunately Ruby doesn't give us enough info to check which is undefined, but either node[:testcookbook] or node[:testcookbook][:testusers] is unset/undefined. Double check where you are setting the sudoer_group value because it is likely either misformatted or not uploaded to the Chef Server.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Any idea how to properly define this in attribute? I currently have it like so `default['testcookbookr']['testusers']['sudoer_group'] = [ 'sysadmin', 'wheel', 'admin' ]` – jebjeb Aug 28 '16 at 05:17
  • `testcookbookr` is typo'd, that's probably it :) – coderanger Aug 28 '16 at 05:36
0

Here is what i did to finally resolve the issue.

I added the following as part of my variables in attributes/default.rb.

default['testcookbook']['testusers']['sudoer_group'] = [ {"name" => "admin", "sudo_pwdless" => false, "command" => "ALL"}, {"name" => "wheel", "sudo_pwdless" => false, "command" => "ALL"}, {"name" => "sysadmin", "sudo_pwdless" => true, "command" => "ALL"} ]`

jebjeb
  • 115
  • 1
  • 4
  • 12