我正在努力AWS SAM 本地使用 Python 时我遇到了一些我怀疑是与 Docker 相关的问题。
我在 Fish shell 中运行的命令(完整记录在此) 是:
$ mkdir sam-helloworld
$ cd sam-helloworld/
$ virtualenv venv
$ source venv/bin/activate.fish
$ pip install aws-sam-cli
$ sam init --runtime python3.7
$ cd sam-app
$ sam build
$ sam local invoke HelloWorldFunction --event events/event.json
最后一个命令失败并显示以下消息:
Invoking app.lambda_handler (python3.7)
2019-09-15 12:11:16 Found credentials in AWS_CREDENTIAL_FILE.
Fetching lambci/lambda:python3.7 Docker container image......
Mounting /home/evan/Downloads/sam-helloworld/sam-app/.aws-sam/build/HelloWorldFunction as /var/task:ro,delegated inside runtime container
Traceback (most recent call last):
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/api/client.py", line 261, in _raise_for_status
response.raise_for_status()
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http+docker://localhost/v1.35/containers/51af2a1c32718a46e283c28e18445706d22be43989a7da476a2798e2b168f191/start
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/evan/Downloads/sam-helloworld/venv/bin/sam", line 10, in <module>
sys.exit(cli())
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/decorators.py", line 64, in new_func
return ctx.invoke(f, obj, *args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/lib/telemetry/metrics.py", line 94, in wrapped
raise exception # pylint: disable=raising-bad-type
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/lib/telemetry/metrics.py", line 65, in wrapped
return_value = func(*args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/commands/local/invoke/cli.py", line 58, in cli
parameter_overrides) # pragma: no cover
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/commands/local/invoke/cli.py", line 102, in do_cli
stderr=context.stderr)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/commands/local/lib/local_lambda.py", line 93, in invoke
self.local_runtime.invoke(config, event, debug_context=self.debug_context, stdout=stdout, stderr=stderr)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/local/lambdafn/runtime.py", line 86, in invoke
self._container_manager.run(container)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/local/docker/manager.py", line 98, in run
container.start(input_data=input_data)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/samcli/local/docker/container.py", line 189, in start
real_container.start()
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/models/containers.py", line 400, in start
return self.client.api.start(self.id, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/utils/decorators.py", line 19, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/api/container.py", line 1093, in start
self._raise_for_status(res)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/api/client.py", line 263, in _raise_for_status
raise create_api_error_from_http_exception(e)
File "/home/evan/Downloads/sam-helloworld/venv/lib/python3.7/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 400 Client Error: Bad Request ("OCI runtime create failed: container_linux.go:345: starting container process caused "chdir to cwd (\"/var/task\") set in config.json failed: permission denied": unknown")
我正在运行 Arch Linux。我已通过命令确认groups我已加入该docker组(并且已重新启动)。特别是,命令docker run hello-world和docker run -it ubuntu /bin/bash工作均按预期进行,因此我认为该问题与 SAM 有关。
运行docker info结果如下:
Client:
Debug Mode: false
Server:
Containers: 15
Running: 1
Paused: 0
Stopped: 14
Images: 26
Server Version: 19.03.2-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d50db0a42053864a270f648048f9a8b4f24eced3.m
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.2.14-arch2-1-ARCH
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.651GiB
Name: ArchScythe
ID: 7SPH:CCQO:G626:GSME:AKSJ:3PCN:RXNG:K3DE:5PXO:CDYU:CQFD:4KBA
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
我尝试过的方法包括更改权限/var/run/docker.sock、以 root 身份运行所有程序(抱歉)、-v向 SAM 添加标志、通过 LinuxBrew 而不是 pip 安装 SAM 等等。仍然没有成功。知道我做错了什么吗?
(我不确定是否应该在这里或 Stack Overflow 上发布此内容;如果这样更合适,版主可以随意迁移。)
答案1
几个小时后 --- 原来是权限问题。AWS SAM 正在尝试将目录挂载.aws-sam/build到/var/task容器内的目录中,但 docker 用户没有读取挂载目录的权限,因为在我的主目录中,文件默认对其他文件没有权限。
为了解决这个问题,我执行了
find .aws-sam/build/ -type d -print0 | xargs -0 chmod o+rx
find .aws-sam/build/ -type f -print0 | xargs -0 chmod o+r
运行后sam build。这将公开构建工件,之后命令sam local invoke HelloWorldFunction --event events/event.json将按预期工作。
虽然至少我现在可以重新开始工作了,但这有点不妥,所以我并不完全满意。如果其他人能找到更好的方法来解决这个问题,我会接受那个答案。