localstack dockerがエラーを表示しますPermission denied： '/tmp/localstack/server.test.pem.key'

Question

私のubuntu 18マシンでは、localstackの最新のdockerイメージを実行できません。終了メッセージが「準備完了」と表示されても、次のコマンドではアクセスできません。

awslocal --endpoint-url=http://localhost:4575 sns list-topics Could not connect to the endpoint URL: "http://localhost:4575/"

docker run localstack/localstackもエラーを表示します：[Errno 13]権限が拒否されました： '/tmp/localstack/server.test.pem.key'

docker run localstack/localstack Waiting for all LocalStack services to be ready 2020-04-09 04:28:19,502 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. 2020-04-09 04:28:19,504 INFO supervisord started with pid 13 2020-04-09 04:28:20,509 INFO spawned: 'dashboard' with pid 19 2020-04-09 04:28:20,511 INFO spawned: 'infra' with pid 20 (. .venv/bin/activate; bin/localstack web) 2020-04-09 04:28:20,515 INFO success: dashboard entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) (. .venv/bin/activate; exec bin/localstack start --Host) Starting local dev environment. CTRL-C to quit. 2020-04-09 04:28:21,877 INFO success: infra entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2020-04-09T04:28:25:INFO:localstack.utils.common: Unable to store key/cert files for custom SSL certificate: [Errno 13] Permission denied: '/tmp/localstack/server.test.pem.key' !WARNING! - Looks like you have configured $LAMBDA_REMOTE_DOCKER=1 - please make sure to configure $Host_TMP_FOLDER to point to your Host's $TMPDIR Starting Edge router (http port 4566)... Starting Edge router (https port 443)... Starting mock API Gateway (http port 4567)... 2020-04-09T04:28:25:INFO:localstack.multiserver: Starting multi API server process on port 51492 Waiting for all LocalStack services to be ready Starting mock CloudFormation (http port 4581)... Starting mock CloudWatch (http port 4582)... Starting mock DynamoDB (http port 4569)... Starting mock DynamoDB Streams service (http port 4570)... Starting mock EC2 (http port 4597)... Starting mock ES service (http port 4578)... Starting mock Firehose service (http port 4573)... Starting mock IAM (http port 4593)... Starting mock Kinesis (http port 4568)... Starting mock KMS (http port 4599)... Starting mock Lambda service (http port 4574)... Starting mock CloudWatch Logs (http port 4586)... Starting mock Redshift (http port 4577)... Starting mock Route53 (http port 4580)... Starting mock S3 (http port 4572)... Starting mock Secrets Manager (http port 4584)... Starting mock SES (http port 4579)... Starting mock SNS (http port 4575)... Starting mock SQS (http port 4576)... Starting mock SSM (http port 4583)... Starting mock STS (http port 4592)... Starting mock Cloudwatch Events (http port 4587)... Starting mock StepFunctions (http port 4585)... Ready.

Arcones · Answer

tmpフォルダーに書き込むための権限を持つlocalstackプロセスを付与する必要があります。

これらの行をローカルスタックのdocker-compose.ymlファイルに追加します。

 tmpfs: - /tmp/localstack:exec,mode=600

この例のように：

version: '3.7' services: localstack: image: localstack/localstack container_name: localstack ports: - "4574:4574" environment: - SERVICES=lambda - LAMBDA_EXECUTOR=docker - DOCKER_Host=unix:///var/run/docker.sock volumes: - "/var/run/docker.sock:/var/run/docker.sock" tmpfs: - /tmp/localstack:exec,mode=600

ここで、mode=600は、読み取りと書き込みを許可する chmod の8進数モードです。