Kitchen verify fails with the kitchen-docker plugin

[brentm5]

Not sure if this is an issue with kitchen-docker or kitchen-inspec. The issue returned comes with the following:

       Search `/Users/user/code/cookbook/test/integration/default` for tests
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: Failed to complete #verify action: [Sudo failed: Sudo requires a TTY. Please see the README on how to configure sudo to allow for non-interactive usage.]
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

The kitchen file looks a such and the converge works easily. I am also using docker-beta which I am not sure if that plays into this at all.

---
driver:
  name: docker
  use_sudo: false

provisioner:
  name: chef_zero

verifier:
  name: inspec

platforms:
  - name: centos-6.7
  - name: centos-7.1

suites:
  - name: default
    run_list:
      - recipe[cookbook]

[chris-rock]

@bigbam505 CentOS requests a PTY session. This may be related to inspec/train#60

Could you try to set

cat /etc/sudoers.d/chef
chef ALL=(root) NOPASSWD: ALL
Defaults!ALL !requiretty

[brentm5]

I will look at this tomorrow. Sorry about the late response just trying to get around to it.

[brentm5]

Was able to fix this with a small hack not sure if there was a more elegant solution for this.

execute 'Set !require tty for kitchen user' do
   action :run
   command 'echo "Defaults!ALL !requiretty" >> /etc/sudoers.d/kitchen'
   not_if 'grep "Defaults!ALL !requiretty" /etc/sudoers.d/kitchen'
 end

[chris-rock]

Thanks for sharing the solution @bigbam505

[brentm5]

Not really sure this is a solution but rather a way around the issue 😄 . Is there a way to change this at a higher level? Maybe or a way for the verifier to hook in and configure itself and perform this itself?

[chris-rock]

@bigbam505 Good question. Let me think about it...

[chris-rock]

InSpec 0.26.0 includes a fix inspec/train#112 that improves ssh access to CentOS/RHEL and OSX. Please retry with the latest InSpec.

[brentm5]

This did not work right out of the box. Are there any settings I need to set as well? I still got the same ttl issue without the hack that I included above.

[chris-rock]

I just tried your kitchen.yml with the latest inspec and it worked well without changing anything.

[rndmh3ro]

Works for me, too!

[amcappelli]

I'm having the same issue with centos-7.1 using inspec 0.26.0. I can set Defaults !requiretty to get around it, but this isn't required with centos-6.7. I assume this is because Defaults requiretty isn't set by default for that image.

[qubitrenegade]

We're experiencing the same issue with kitchen-openstack.

What I'm not sure I understand is the difference in how kitchen-openstack and kitchen-inspec connect to the VM. Just like in kitchen-docker, kitchen connects to the VM (in our case we ssh) as a non-root user, then sudos to perform the client install and client run.

Why does my test kitchen run not have the PTY error but inspec does? Is kitchen-openstack/kitchen-docker somehow requesting a PTY?

This is using current ChefDK/Inspec/train (well, chefdk seemed to come with train 0.23.0, I manually installed 0.25.0)

$ chef -v
Chef Development Kit Version: 1.5.0
chef-client version: 12.21.2
delivery version: master (17c1b0fed9be4c70f69091a6d21a4cbf0df60a23)
berks version: 5.6.4
kitchen version: 1.16.0
inspec version: 1.25.1
$ gem list | grep inspec
debug_inspector (0.0.2)
inspec (1.25.1)
kitchen-inspec (0.17.0)
$ gem list | grep train
train (0.25.0, 0.23.0)

[adamleff]

InSpec/Train does not request a PTY as it hampers our ability to differentiate between STDOUT and STDIN, and many core resources need that separation in order to function properly. Any sudo configurations will need to be modified to not require a TTY accordingly.

I will be closing this issue now but please feel free to let us know if you feel it should be reopened. Thank you!