search

hashicorp / envconsul

Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
https://www.hashicorp.com/
Mozilla Public License 2.0
2.01k stars 190 forks source link

Distroless: envconsul: parsing command: executable file not found in $PATH #335

Open Sineaggi opened 1 year ago

Sineaggi commented 1 year ago

In response to https://github.com/hashicorp/envconsul/issues/297, we're seeing this issue as well, with two differences. One, the command is passed in via our config.hcl file.

exec {
  command = "java -jar app.jar"
}

Secondly (and perhaps the actual cause?) is we're shipping our applications in distroless containers (which don't contain shells by default). We can migrate to using the command array-based syntax, but we just want to make sure this isn't a known regression/breaking change.

Envconsul version

envconsul v0.13.2 (dd416ce)

Configuration

consul {
  address = "127.0.0.1:8500"
}

exec {
  command = "java -jar /data/bin/app-release-995.jar"
}

prefix {
  # This tells Envconsul to use a custom formatter when printing the key. The
  # value between `{{ key }}` will be replaced with the key.
  format = "custom_{{ key }}"

  path = "foo/bar"
}

Command

docker run -it --rm --entrypoint /usr/sbin/envconsul testing:latest -version -config /data/bin/config.hcl -consul 127.0.0.1:8500 -log-level=debug

Debug output

docker run -it --rm --entrypoint /usr/sbin/envconsul test:latest -config /data/bin/config.hcl -consul 127.0.0.1:8500 -log-level=debug
2023-06-08T21:23:38.041Z [WARN]  cli: -consul is now -consul-addr
2023-06-08T21:23:38.041Z [INFO]  envconsul.cli: envconsul v0.13.2 (dd416ce)
2023-06-08T21:23:38.041Z [INFO]  envconsul.runner: creating new runner: once:=false
2023-06-08T21:23:38.041Z [DEBUG] envconsul.runner: final config:: EXTRA_VALUE_AT_END="{\"Consul\":{\"Address\":\"127.0.0.1:8500\",\"Namespace\":\"\",\"Auth\":{\"Enabled\":false,\"Username\":\"\"},\"Retry\":{\"Attempts\":12,\"Backoff\":250000000,\"MaxBackoff\":60000000000,\"Enabled\":true},\"SSL\":{\"CaCert\":\"\",\"CaPath\":\"\",\"Cert\":\"\",\"Enabled\":false,\"Key\":\"\",\"ServerName\":\"\",\"Verify\":true},\"Token\":\"\",\"TokenFile\":\"\",\"Transport\":{\"CustomDialer\":null,\"DialKeepAlive\":30000000000,\"DialTimeout\":30000000000,\"DisableKeepAlives\":false,\"IdleConnTimeout\":5000000000,\"MaxIdleConns\":0,\"MaxIdleConnsPerHost\":100,\"TLSHandshakeTimeout\":10000000000}},\"Exec\":{\"Command\":[\"java -jar /data/bin/app-release-995.jar\"],\"Enabled\":true,\"Env\":{\"Denylist\":[],\"Custom\":[],\"Pristine\":false,\"Allowlist\":[]},\"KillSignal\":2,\"KillTimeout\":30000000000,\"ReloadSignal\":null,\"Splay\":0,\"Timeout\":0},\"KillSignal\":2,\"LogLevel\":\"debug\",\"MaxStale\":2000000000,\"PidFile\":\"\",\"Prefixes\":[{\"Format\":\"custom_{{ key }}\",\"NoPrefix\":null,\"Path\":\"foo/bar\",\"Keys\":null}],\"Pristine\":false,\"ReloadSignal\":1,\"Sanitize\":false,\"Secrets\":[],\"Services\":[],\"Syslog\":{\"Enabled\":false,\"Facility\":\"LOCAL0\",\"Name\":\"consul-template\"},\"Upcase\":false,\"Vault\":{\"Address\":\"\",\"Enabled\":false,\"Namespace\":\"\",\"RenewToken\":false,\"Retry\":{\"Attempts\":12,\"Backoff\":250000000,\"MaxBackoff\":60000000000,\"Enabled\":true},\"SSL\":{\"CaCert\":\"\",\"CaPath\":\"\",\"Cert\":\"\",\"Enabled\":true,\"Key\":\"\",\"ServerName\":\"\",\"Verify\":true},\"Transport\":{\"CustomDialer\":null,\"DialKeepAlive\":30000000000,\"DialTimeout\":30000000000,\"DisableKeepAlives\":false,\"IdleConnTimeout\":5000000000,\"MaxIdleConns\":0,\"MaxIdleConnsPerHost\":100,\"TLSHandshakeTimeout\":10000000000},\"UnwrapToken\":false,\"ClientUserAgent\":null,\"DefaultLeaseDuration\":300000000000,\"LeaseRenewalThreshold\":0.9,\"K8SAuthRoleName\":\"\",\"K8SServiceAccountTokenPath\":\"/run/secrets/kubernetes.io/serviceaccount/token\",\"K8SServiceAccountToken\":\"\",\"K8SServiceMountPath\":\"kubernetes\"},\"Wait\":{\"Enabled\":false,\"Min\":0,\"Max\":0}}"
2023-06-08T21:23:38.042Z [INFO]  envconsul.runner: creating watcher
2023-06-08T21:23:38.042Z [INFO]  envconsul.runner: starting
2023-06-08T21:23:38.042Z [DEBUG] envconsul: (watcher) adding kv.list(foo/bar)
2023-06-08T21:23:38.045Z [DEBUG] envconsul.runner: receiving dependency: EXTRA_VALUE_AT_END="kv.list(foo/bar)"
2023-06-08T21:23:38.045Z [INFO]  envconsul.runner: running
2023-06-08T21:23:38.045Z [ERROR] envconsul: parsing command: executable file not found in $PATH

Expected behavior

envconsul should run with existing behavior.

Actual behavior

Error with 2023-06-08T21:23:38.045Z [ERROR] envconsul: parsing command: executable file not found in $PATH

Steps to reproduce

  1. Create config.hcl with command in string
  2. Run envconsul 0.13.x on a distroless base image
  3. Observe 2023-06-08T21:23:38.045Z [ERROR] envconsul: parsing command: executable file not found in $PATH

References

Similar issue

chen1620 commented 10 months ago

@eikenb Could you check this issue?