CLI exiting with error code 133 on AWS Lambda

Dear One password

I'm currently trying to get the CLI up and running on in a AWS Lambda function running docker.

I'm running Alpine Linux v3.14 in a docker container. And locally everything seems to be working fine. However when pushed to AWS Lambda which is running in a read only mode, then the CLI is exiting with Error code 133 (Trace/breakpoint trap).

I've tried moving the CLI executable to the /tmp directory which is not readonly, and also providing a --config param pointing to /tmp, but that doesn't seems to change anything.

Is this something you've experienced before?


1Password Version: 1.11.3 (386)
Extension Version: Not Provided
OS Version: Alpine Linux v3.14

Comments

  • I'm just now seeing that a deamon is used in the CLI, could this have something to do with it?

  • Ben_1PBen_1P

    Team Member

    Hi @magnusboye

    Thanks for writing in! My name is Ben, and I'm one of the developers on the team responsible for the command-line tool.

    Would you be willing to share a little more about how you have op set up in your lambda environment? Such as what version of op you're using what is your base docker image, and any additional details that may be relevant.

    Also we have a docker image for op https://hub.docker.com/r/1password/op that may help you in getting your script running.

  • Yes ofc.

    I'm running Alpine Linux v3.14
    With OP 1.11.3 (386) - Tried multiple versions, and none of them seems to be working.

    I've created a repo with a docker container that is pretty easy to deploy to lamda and test out :)
    1) git clone https://github.com/whistleblowersoftware/op-test
    2) Create Amazon ECR repo
    3) Push the docker build up Amazon ECR
    4) Create Lambda function from Amazon ECR repo
    5) Run test on function and see it fail

    Locally it can be testes and works:
    1) Git clone
    2) "docker build -t test-one-password . --file=.Dockerfile && docker create -i test-one-password"
    3) Run the docker command

    Docker local response:

    Lambda response:

    Locally it works just fine ("op --version" returns the version number), but when deployed on Lambda none of them work - maybe because Lambda is running in a read only environment (except for /tmp).

  • Ben_1PBen_1P

    Team Member

    Hi @magnusboye,

    We are looking into this and going to do some testing in AWS Lambda. But in the mean time can you validate you have everything set up according to the aws docs for custom container images. https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-create-from-alt

  • Hi @Ben_1P

    Thanks for the response.
    I've went ahead and created a backup of the main branch (alpine linux)

    The new updates to the master branch makes use of one of AWS's base container images and follows the "normal" lambda Dockerfile structure.

    On aws Lambda where it fails
    1) git clone https://github.com/whistleblowersoftware/op-test
    2) Create Amazon ECR repo
    3) Push the docker build up Amazon ECR
    4) Create Lambda function from Amazon ECR repo
    5) Run test on function and see it fail

    Locally it can be testes and works:
    1) git clone https://github.com/whistleblowersoftware/op-test && cd op-test
    2) docker build -t test-one-password . --file=.Dockerfile && docker create -i test-one-password
    3) docker run -p 9001:8080 test-one-password
    4) curl -XPOST "http://localhost:9001/2015-03-31/functions/function/invocations" -d '{}'

  • Ben_1PBen_1P

    Team Member

    Hi @magnusboye,

    Thanks for the extra information we are still looking into running op in a lambda environment. Thanks for your patience!

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file