关于Packer，可以将/tmp目录更改为shell本地后处理程序吗？

Question

尝试使用shell本地后处理程序在构建完成后运行一些命令。但是，由于安全性原因，/tmp是用noexec挂载的。这并不是真正的问题，但在使用exec权限重新安装/tmp时，生成失败，权限被拒绝：

==> qemu.image_build: Running post-processor:  (type shell-local)
==> qemu.image_build (shell-local): Running local shell script: /tmp/packer-shell903509056
==> qemu.image_build (shell-local): /bin/sh: /tmp/packer-shell903509056: Permission denied

SELinux处于强制模式，但是当设置为允许模式时，它仍然会在权限被拒绝的情况下失败。下面是所讨论的后处理器块：

post-processor "shell-local" {
      inline = [
        "echo 'Copying ${local.image_family}-${var.build_number}.tar.gz to the ${var.gcs_bucket} bucket'",
        "gsutil cp output/${local.os}/${local.os}_disk.raw.tar.gz gs://${var.gcs_bucket}/${local.os}/${local.image_family}-${var.build_number}.tar.gz",
        "echo 'Creating ${local.image_family}-${var.build_number} image'",
        "gcloud compute images create ${local.image_family}-${var.build_number} \\",
        "--source-uri=gs://${var.gcs_bucket}/${local.os}/${local.image_family}-${var.build_number}.tar.gz \\",
        "--family=${local.image_family}",
        "rm -rf output"
      ]
}

有没有一种方法可以重定向packer为shell本地后处理器编写这些临时脚本的位置？

Answer 1

修复方法是为TMPDIR设置一个值，因为如果没有设置另一个TMPDIR，则packer只接受tmp的默认位置。

这使我可以为tmp设置另一个位置，并成功地执行进程。

...
==> qemu.image_build: Running post-processor:  (type shell-local)
2022/09/26 19:53:03 packer-post-processor-shell-local plugin: [INFO] (shell-local): Prepending inline script with #!/bin/sh -e
==> qemu.image_build (shell-local): Running local shell script: /app/packer-tmp/packer-shell1371465973
2022/09/26 19:53:03 packer-post-processor-shell-local plugin: [INFO] (shell-local): starting local command: bash -c PACKER_BUILDER_TYPE='qemu' PACKER_BUILD_NAME='image_build'  /app/packer-tmp/packer-shell1371465973
2022/09/26 19:53:03 packer-post-processor-shell-local plugin: [INFO] (shell-local communicator): Executing local shell command [bash -c PACKER_BUILDER_TYPE='qemu' PACKER_BUILD_NAME='image_build'  /app/packer-tmp/packer-shell1371465973]
...
2022/09/26 19:57:39 [INFO] (telemetry) ending shell-local
2022/09/26 19:57:39 Deleting original artifact for build 'qemu.image_build'
==> Wait completed after 26 minutes 43 seconds
Build 'qemu.image_build' finished after 26 minutes 43 seconds.
...