gpt4 book ai didi

amazon-web-services - 执行任意二进制文件时不允许操作

转载 作者:行者123 更新时间:2023-12-03 18:48:01 25 4
gpt4 key购买 nike

Running arbitrary binary ,AWS 解释说:

Including your own executables is easy; just package them in the ZIP file you upload, and then reference them (including the relative path within the ZIP file you created) when you call them from Node.js or from other processes that you’ve previously started. Ensure that you include the following at the start of your function code:process.env[‘PATH’] = process.env[‘PATH’] + ‘:’ + process.env[‘LAMBDA_TASK_ROOT’]You can use all the usual forms of interprocess communication as well as files in /tmp to communicate with any of the processes you create.


我想使用 Go Terraform 库 tfexec在我的代码中,但我始终得到权限被拒绝。
代码在 main/tf :
package main

import (
"context"
"fmt"
"os"
"path/filepath"
"runtime"
"strings"

"github.com/aws/aws-lambda-go/lambda"
"github.com/hashicorp/terraform-exec/tfexec"
)

func Start() error {
fmt.Printf("Go version: %s\n", runtime.Version())
fmt.Println()

// set environment variable, cf https://aws.amazon.com/blogs/compute/running-executables-in-aws-lambda/
newPath := []string{
os.Getenv("PATH"),
":",
os.Getenv("LAMBDA_TASK_ROOT"),
}
os.Setenv("PATH", strings.Join(newPath, ""))

// Get path to binary
fmt.Println("Start terraform")
currDir, err := os.Getwd()
if err != nil {
return err
}
tfBinary := filepath.Join(currDir, "terraform")

stat, err := os.Stat(tfBinary)
if err != nil {
return err
}
fmt.Printf("Stat %s: ", tfBinary)
fmt.Println(stat.Mode())

// Start new instance of terraform
tf, err := tfexec.NewTerraform(currDir, tfBinary)
if err != nil {
return err
}

tf.SetStdout(os.Stdout)
tf.SetStderr(os.Stderr)

// run terraform init
fmt.Println("Tf init")
if err = tf.Init(context.Background()); err != nil {
return err
}

return nil
}

func main() {
// Start()
lambda.Start(Start)
}
设置:
curl -X GET -o terraform https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip
chmod 755 terraform
GOOS=linux GOARCH=amd64 go build create-vpc-tf.go
zip zip.zip terraform main
# Create Lambda running on go1.x with `main` as handler
结果:
START RequestId: f23e4122-3595-48ef-808f-ef7951531f59 Version: $LATEST
Go version: go1.16

Start terraform
Stat /var/task/terraform: -rwxr-xr-x
Tf init
fork/exec /var/task/terraform: operation not permitted
fork/exec /var/task/terraform: operation not permitted: PathError
null
END RequestId: f23e4122-3595-48ef-808f-ef7951531f59
REPORT RequestId: f23e4122-3595-48ef-808f-ef7951531f59 Duration: 2.26 ms Billed Duration: 3 ms Memory Size: 512 MB Max Memory Used: 32 MB Init Duration: 83.85 ms

这在本地按预期工作(我没有提供 *.tf 文件,因此 terraform 正确报告 Terraform initialized in an empty directory!

最佳答案

此问题与 tfexec 有关库及其在 AWS lambda/Firecracker 环境中的可操作性。不允许在 Firecracker 环境中 fork 进程。Pdeathsig强制 fork ,因此它不能在 AWS lambda 中使用。
Terraform 本身不使用它,但 tfexec确实,here .
一个快速的谷歌显示其他项目遇到了同样的问题,例如 here .
我们打包了显示的修复 here为了防止Pdeathsig从被设置。这是对 tfexec 的更改直接图书馆,希望他们能吸收上游。同时,我们打包了tfexec在我们的 vendor目录直接用 go mod我们直接在那里进行了更改。很好用。

go mod init [repo]
go mod download
go mod vendor
更新 vendor/github.com/hashicorp/terraform-exec/tfexec/cmd_linux.go如下:

if _, ok := os.LookupEnv("LAMBDA_TASK_ROOT"); !ok {
cmd.SysProcAttr = &syscall.SysProcAttr{
// kill children if parent is dead
Pdeathsig: syscall.SIGKILL,
// set process group ID
Setpgid: true,
}
}
重建您的项目: go1.16 build main.go .
重新打包并上传到您的 lambda。

关于amazon-web-services - 执行任意二进制文件时不允许操作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67419576/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com