tmatilai covered the issue very well, however I thought I'd post my solution here for future reference. I found the same workaround as he mentioned as option #3, to write a recipe adding a sudoers.d config file for the vagrant user. This forced me to modify the sudo community cookbook to support the SETENV option. Otherwise you get the error:
sudo: sorry, you are not allowed to preserve the environment
The resulting file is /etc/sudoers.d/vagrant, note that it requires both NOPASSWD and SETENV:
# This file is managed by Chef.
# Do NOT modify this file directly.
vagrant ALL=(ALL) NOPASSWD:SETENV: /bin/
Here are the changes I made:
File: sudo/recipes/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
File: sudo/resources/default.rb
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
File: sudo/providers/default.rb
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
File: sudo/templates/default/sudoer.erb
# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>