AWS LambdaのOS情報を色々見てみる 〜Lambdaのインスタンスガチャを検証する〜
この記事は、Serverless Advent Calendar 20日目の記事です。
もっと他のネタを書く予定だったのですが、年内タスクが沢山積んでてヤバいので去年わりと好評だったLambdaのリバースエンジニアリング?をまたやってみたいと思います。
OS情報の集め方
Lambdaの実体がコンテナであることは周知の事実なので、OS情報というには語弊がある部分もあるのですが、コンテナからもホストOSの情報が部分的には見られるので他に良い呼び方も思いつかなかったんで、とりあえずOS情報と呼称します。
OSの情報を集めるのは、ChefのOhaiしかりServerspec(Specinfra)のHost Inventoryしかり、古今東西泥臭くコマンドを叩いて集めると相場は決まっています。余談ですが、ホントこういうのをやってくれるライブラリは偉大ですよね・・・!
なので、こんなFunctionをServerless Frameworkでデプロイします。
import subprocess def osdata(event, context): return dict([(cmd, subprocess.getoutput(cmd).split('\n')) for cmd in event])
serverless.yml
はこんな感じ。簡単ですね!
service: lambda-osdata provider: name: aws runtime: python3.6 functions: osdata: handler: handler.osdata
これをこんな感じで思いついたコマンドを列挙するyamlを用意して
- env - uptime - uname -a - df -aTh - cat /etc/system-release - cat /proc/cpuinfo - cat /proc/meminfo - ps auxf - id - cat /etc/passwd - ulimit -a - /sbin/ip a - /sbin/ip r - netstat -av
このように叩くと結果がJSON Objectで得られます。
$ sls invoke -f osdata -p data.yml
結果①
{ "env": [ "AWS_LAMBDA_FUNCTION_VERSION=$LATEST", "AWS_SESSION_TOKEN=xxxxxxx", "AWS_LAMBDA_LOG_GROUP_NAME=/aws/lambda/lambda-metadata-dev-metadata", "LAMBDA_TASK_ROOT=/var/task", "LD_LIBRARY_PATH=/var/lang/lib:/lib64:/usr/lib64:/var/runtime:/var/runtime/lib:/var/task:/var/task/lib", "AWS_LAMBDA_LOG_STREAM_NAME=2017/12/20/[$LATEST]0a28fe46a1de4e5c8258fe00ee63cd9c", "AWS_EXECUTION_ENV=AWS_Lambda_python3.6", "AWS_XRAY_DAEMON_ADDRESS=169.254.79.2:2000", "AWS_LAMBDA_FUNCTION_NAME=lambda-metadata-dev-metadata", "PATH=/var/lang/bin:/usr/local/bin:/usr/bin/:/bin", "AWS_DEFAULT_REGION=us-east-1", "PWD=/var/task", "AWS_SECRET_ACCESS_KEY=xxxxxxxx", "LAMBDA_RUNTIME_DIR=/var/runtime", "LANG=en_US.UTF-8", "AWS_REGION=us-east-1", "TZ=:UTC", "AWS_ACCESS_KEY_ID=xxxxxxx", "SHLVL=1", "_AWS_XRAY_DAEMON_ADDRESS=169.254.79.2", "_AWS_XRAY_DAEMON_PORT=2000", "PYTHONPATH=/var/runtime", "_X_AMZN_TRACE_ID=Root=1-5a3a99f7-0b93ba80006cbb7149758be4;Parent=556e4185655d4a61;Sampled=0", "AWS_SECURITY_TOKEN=xxxxxxx", "AWS_XRAY_CONTEXT_MISSING=LOG_ERROR", "_HANDLER=handler.metadata", "AWS_LAMBDA_FUNCTION_MEMORY_SIZE=1024", "_=/usr/bin/env" ], "uptime": [ " 17:12:23 up 2:04, 0 users, load average: 0.00, 0.00, 0.00" ], "uname -a": [ "Linux ip-10-39-53-71 4.9.62-21.56.amzn1.x86_64 #1 SMP Thu Nov 16 05:37:08 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux" ], "df -aTh": [ "Filesystem Type Size Used Avail Use% Mounted on", "/dev/xvda1 ext4 30G 3.1G 27G 11% /", "/dev/xvda1 ext4 30G 3.1G 27G 11% /var/task", "/dev/xvda1 ext4 30G 3.1G 27G 11% /dev", "/dev/loop2 ext4 526M 440K 514M 1% /tmp", "none proc 0 0 0 - /proc", "/dev/xvda1 ext4 30G 3.1G 27G 11% /proc/sys/kernel/random/boot_id", "/dev/xvda1 ext4 30G 3.1G 27G 11% /var/runtime", "/dev/xvda1 ext4 30G 3.1G 27G 11% /var/lang" ], "cat /etc/system-release": [ "Amazon Linux AMI release 2017.03" ], "cat /proc/cpuinfo": [ "processor\t: 0", "vendor_id\t: GenuineIntel", "cpu family\t: 6", "model\t\t: 63", "model name\t: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz", "stepping\t: 2", "microcode\t: 0x3b", "cpu MHz\t\t: 2899.875", "cache size\t: 25600 KB", "physical id\t: 0", "siblings\t: 2", "core id\t\t: 0", "cpu cores\t: 1", "apicid\t\t: 0", "initial apicid\t: 0", "fpu\t\t: yes", "fpu_exception\t: yes", "cpuid level\t: 13", "wp\t\t: yes", "flags\t\t: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt", "bugs\t\t:", "bogomips\t: 5800.07", "clflush size\t: 64", "cache_alignment\t: 64", "address sizes\t: 46 bits physical, 48 bits virtual", "power management:", "", "processor\t: 1", "vendor_id\t: GenuineIntel", "cpu family\t: 6", "model\t\t: 63", "model name\t: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz", "stepping\t: 2", "microcode\t: 0x3b", "cpu MHz\t\t: 2899.875", "cache size\t: 25600 KB", "physical id\t: 0", "siblings\t: 2", "core id\t\t: 0", "cpu cores\t: 1", "apicid\t\t: 1", "initial apicid\t: 1", "fpu\t\t: yes", "fpu_exception\t: yes", "cpuid level\t: 13", "wp\t\t: yes", "flags\t\t: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt", "bugs\t\t:", "bogomips\t: 5800.07", "clflush size\t: 64", "cache_alignment\t: 64", "address sizes\t: 46 bits physical, 48 bits virtual", "power management:", "" ], "cat /proc/meminfo": [ "MemTotal: 3855844 kB", "MemFree: 3328804 kB", "MemAvailable: 3558848 kB", "Buffers: 27780 kB", "Cached: 322744 kB", "SwapCached: 0 kB", "Active: 238224 kB", "Inactive: 188640 kB", "Active(anon): 76260 kB", "Inactive(anon): 128 kB", "Active(file): 161964 kB", "Inactive(file): 188512 kB", "Unevictable: 0 kB", "Mlocked: 0 kB", "SwapTotal: 0 kB", "SwapFree: 0 kB", "Dirty: 0 kB", "Writeback: 0 kB", "AnonPages: 76180 kB", "Mapped: 30912 kB", "Shmem: 140 kB", "Slab: 72332 kB", "SReclaimable: 36756 kB", "SUnreclaim: 35576 kB", "KernelStack: 2284 kB", "PageTables: 2904 kB", "NFS_Unstable: 0 kB", "Bounce: 0 kB", "WritebackTmp: 0 kB", "CommitLimit: 1927920 kB", "Committed_AS: 413576 kB", "VmallocTotal: 34359738367 kB", "VmallocUsed: 0 kB", "VmallocChunk: 0 kB", "AnonHugePages: 0 kB", "ShmemHugePages: 0 kB", "ShmemPmdMapped: 0 kB", "HugePages_Total: 0", "HugePages_Free: 0", "HugePages_Rsvd: 0", "HugePages_Surp: 0", "Hugepagesize: 2048 kB", "DirectMap4k: 47104 kB", "DirectMap2M: 1787904 kB", "DirectMap1G: 2097152 kB" ], "ps auxf": [ "USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND", "475 1 0.0 0.4 170508 18996 ? Ss 16:02 0:00 /var/lang/bin/python3.6 /var/runtime/awslambda/bootstrap.py", "475 597 0.0 0.0 117184 2352 ? R 17:12 0:00 ps auxf" ], "id": [ "uid=475(sbx_user1072) gid=474 groups=474" ], "cat /etc/passwd": [ "root:x:0:0:root:/root:/bin/bash", "bin:x:1:1:bin:/bin:/sbin/nologin", "daemon:x:2:2:daemon:/sbin:/sbin/nologin", "adm:x:3:4:adm:/var/adm:/sbin/nologin", "lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin", "sync:x:5:0:sync:/sbin:/bin/sync", "shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown", "halt:x:7:0:halt:/sbin:/sbin/halt", "mail:x:8:12:mail:/var/spool/mail:/sbin/nologin", "uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin", "operator:x:11:0:operator:/root:/sbin/nologin", "games:x:12:100:games:/usr/games:/sbin/nologin", "gopher:x:13:30:gopher:/var/gopher:/sbin/nologin", "ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin", "nobody:x:99:99:Nobody:/:/sbin/nologin", "rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin", "ntp:x:38:38::/etc/ntp:/sbin/nologin", "saslauth:x:499:76:\"Saslauthd user\":/var/empty/saslauth:/sbin/nologin", "mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin", "smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin", "rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin", "nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin", "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin", "dbus:x:81:81:System message bus:/:/sbin/nologin", "ec2-user:x:500:500:EC2 Default User:/home/ec2-user:/bin/bash", "slicer:x:498:497::/tmp:/sbin/nologin", "sb_logger:x:497:496::/tmp:/sbin/nologin", "sbx_user1051:x:496:495::/home/sbx_user1051:/sbin/nologin", "sbx_user1052:x:495:494::/home/sbx_user1052:/sbin/nologin", "sbx_user1053:x:494:493::/home/sbx_user1053:/sbin/nologin", "sbx_user1054:x:493:492::/home/sbx_user1054:/sbin/nologin", "sbx_user1055:x:492:491::/home/sbx_user1055:/sbin/nologin", "sbx_user1056:x:491:490::/home/sbx_user1056:/sbin/nologin", "sbx_user1057:x:490:489::/home/sbx_user1057:/sbin/nologin", "sbx_user1058:x:489:488::/home/sbx_user1058:/sbin/nologin", "sbx_user1059:x:488:487::/home/sbx_user1059:/sbin/nologin", "sbx_user1060:x:487:486::/home/sbx_user1060:/sbin/nologin", "sbx_user1061:x:486:485::/home/sbx_user1061:/sbin/nologin", "sbx_user1062:x:485:484::/home/sbx_user1062:/sbin/nologin", "sbx_user1063:x:484:483::/home/sbx_user1063:/sbin/nologin", "sbx_user1064:x:483:482::/home/sbx_user1064:/sbin/nologin", "sbx_user1065:x:482:481::/home/sbx_user1065:/sbin/nologin", "sbx_user1066:x:481:480::/home/sbx_user1066:/sbin/nologin", "sbx_user1067:x:480:479::/home/sbx_user1067:/sbin/nologin", "sbx_user1068:x:479:478::/home/sbx_user1068:/sbin/nologin", "sbx_user1069:x:478:477::/home/sbx_user1069:/sbin/nologin", "sbx_user1070:x:477:476::/home/sbx_user1070:/sbin/nologin", "sbx_user1071:x:476:475::/home/sbx_user1071:/sbin/nologin", "sbx_user1072:x:475:474::/home/sbx_user1072:/sbin/nologin", "sbx_user1073:x:474:473::/home/sbx_user1073:/sbin/nologin", "sbx_user1074:x:473:472::/home/sbx_user1074:/sbin/nologin", "sbx_user1075:x:472:471::/home/sbx_user1075:/sbin/nologin", "sbx_user1076:x:471:470::/home/sbx_user1076:/sbin/nologin", "sbx_user1077:x:470:469::/home/sbx_user1077:/sbin/nologin", "sbx_user1078:x:469:468::/home/sbx_user1078:/sbin/nologin", "sbx_user1079:x:468:467::/home/sbx_user1079:/sbin/nologin", "sbx_user1080:x:467:466::/home/sbx_user1080:/sbin/nologin", "sbx_user1081:x:466:465::/home/sbx_user1081:/sbin/nologin", "sbx_user1082:x:465:464::/home/sbx_user1082:/sbin/nologin", "sbx_user1083:x:464:463::/home/sbx_user1083:/sbin/nologin", "sbx_user1084:x:463:462::/home/sbx_user1084:/sbin/nologin", "sbx_user1085:x:462:461::/home/sbx_user1085:/sbin/nologin", "sbx_user1086:x:461:460::/home/sbx_user1086:/sbin/nologin", "sbx_user1087:x:460:459::/home/sbx_user1087:/sbin/nologin", "sbx_user1088:x:459:458::/home/sbx_user1088:/sbin/nologin", "sbx_user1089:x:458:457::/home/sbx_user1089:/sbin/nologin", "sbx_user1090:x:457:456::/home/sbx_user1090:/sbin/nologin", "sbx_user1091:x:456:455::/home/sbx_user1091:/sbin/nologin", "sbx_user1092:x:455:454::/home/sbx_user1092:/sbin/nologin", "sbx_user1093:x:454:453::/home/sbx_user1093:/sbin/nologin", "sbx_user1094:x:453:452::/home/sbx_user1094:/sbin/nologin", "sbx_user1095:x:452:451::/home/sbx_user1095:/sbin/nologin", "sbx_user1096:x:451:450::/home/sbx_user1096:/sbin/nologin", "sbx_user1097:x:450:449::/home/sbx_user1097:/sbin/nologin", "sbx_user1098:x:449:448::/home/sbx_user1098:/sbin/nologin", "sbx_user1099:x:448:447::/home/sbx_user1099:/sbin/nologin", "sbx_user1100:x:447:446::/home/sbx_user1100:/sbin/nologin", "sbx_user1101:x:446:445::/home/sbx_user1101:/sbin/nologin", "sbx_user1102:x:445:444::/home/sbx_user1102:/sbin/nologin", "sbx_user1103:x:444:443::/home/sbx_user1103:/sbin/nologin", "sbx_user1104:x:443:442::/home/sbx_user1104:/sbin/nologin", "sbx_user1105:x:442:441::/home/sbx_user1105:/sbin/nologin", "sbx_user1106:x:441:440::/home/sbx_user1106:/sbin/nologin", "sbx_user1107:x:440:439::/home/sbx_user1107:/sbin/nologin", "sbx_user1108:x:439:438::/home/sbx_user1108:/sbin/nologin", "sbx_user1109:x:438:437::/home/sbx_user1109:/sbin/nologin", "sbx_user1110:x:437:436::/home/sbx_user1110:/sbin/nologin", "sbx_user1111:x:436:435::/home/sbx_user1111:/sbin/nologin", "sbx_user1112:x:435:434::/home/sbx_user1112:/sbin/nologin", "sbx_user1113:x:434:433::/home/sbx_user1113:/sbin/nologin", "sbx_user1114:x:433:432::/home/sbx_user1114:/sbin/nologin", "sbx_user1115:x:432:431::/home/sbx_user1115:/sbin/nologin", "sbx_user1116:x:431:430::/home/sbx_user1116:/sbin/nologin", "sbx_user1117:x:430:429::/home/sbx_user1117:/sbin/nologin", "sbx_user1118:x:429:428::/home/sbx_user1118:/sbin/nologin", "sbx_user1119:x:428:427::/home/sbx_user1119:/sbin/nologin", "sbx_user1120:x:427:426::/home/sbx_user1120:/sbin/nologin", "sbx_user1121:x:426:425::/home/sbx_user1121:/sbin/nologin", "sbx_user1122:x:425:424::/home/sbx_user1122:/sbin/nologin", "sbx_user1123:x:424:423::/home/sbx_user1123:/sbin/nologin", "sbx_user1124:x:423:422::/home/sbx_user1124:/sbin/nologin", "sbx_user1125:x:422:421::/home/sbx_user1125:/sbin/nologin", "sbx_user1126:x:421:420::/home/sbx_user1126:/sbin/nologin", "sbx_user1127:x:420:419::/home/sbx_user1127:/sbin/nologin", "sbx_user1128:x:419:418::/home/sbx_user1128:/sbin/nologin", "sbx_user1129:x:418:417::/home/sbx_user1129:/sbin/nologin", "sbx_user1130:x:417:416::/home/sbx_user1130:/sbin/nologin", "sbx_user1131:x:416:415::/home/sbx_user1131:/sbin/nologin", "sbx_user1132:x:415:414::/home/sbx_user1132:/sbin/nologin", "sbx_user1133:x:414:413::/home/sbx_user1133:/sbin/nologin", "sbx_user1134:x:413:412::/home/sbx_user1134:/sbin/nologin", "sbx_user1135:x:412:411::/home/sbx_user1135:/sbin/nologin", "sbx_user1136:x:411:410::/home/sbx_user1136:/sbin/nologin", "sbx_user1137:x:410:409::/home/sbx_user1137:/sbin/nologin", "sbx_user1138:x:409:408::/home/sbx_user1138:/sbin/nologin", "sbx_user1139:x:408:407::/home/sbx_user1139:/sbin/nologin", "sbx_user1140:x:407:406::/home/sbx_user1140:/sbin/nologin", "sbx_user1141:x:406:405::/home/sbx_user1141:/sbin/nologin", "sbx_user1142:x:405:404::/home/sbx_user1142:/sbin/nologin", "sbx_user1143:x:404:403::/home/sbx_user1143:/sbin/nologin", "sbx_user1144:x:403:402::/home/sbx_user1144:/sbin/nologin", "sbx_user1145:x:402:401::/home/sbx_user1145:/sbin/nologin", "sbx_user1146:x:401:400::/home/sbx_user1146:/sbin/nologin", "sbx_user1147:x:400:399::/home/sbx_user1147:/sbin/nologin", "sbx_user1148:x:399:398::/home/sbx_user1148:/sbin/nologin", "sbx_user1149:x:398:397::/home/sbx_user1149:/sbin/nologin", "sbx_user1150:x:397:396::/home/sbx_user1150:/sbin/nologin", "sbx_user1151:x:396:395::/home/sbx_user1151:/sbin/nologin", "sbx_user1152:x:395:394::/home/sbx_user1152:/sbin/nologin", "sbx_user1153:x:394:393::/home/sbx_user1153:/sbin/nologin", "sbx_user1154:x:393:392::/home/sbx_user1154:/sbin/nologin", "sbx_user1155:x:392:391::/home/sbx_user1155:/sbin/nologin", "sbx_user1156:x:391:390::/home/sbx_user1156:/sbin/nologin", "sbx_user1157:x:390:389::/home/sbx_user1157:/sbin/nologin", "sbx_user1158:x:389:388::/home/sbx_user1158:/sbin/nologin", "sbx_user1159:x:388:387::/home/sbx_user1159:/sbin/nologin", "sbx_user1160:x:387:386::/home/sbx_user1160:/sbin/nologin", "sbx_user1161:x:386:385::/home/sbx_user1161:/sbin/nologin", "sbx_user1162:x:385:384::/home/sbx_user1162:/sbin/nologin", "sbx_user1163:x:384:383::/home/sbx_user1163:/sbin/nologin", "sbx_user1164:x:383:382::/home/sbx_user1164:/sbin/nologin", "sbx_user1165:x:382:381::/home/sbx_user1165:/sbin/nologin", "sbx_user1166:x:381:380::/home/sbx_user1166:/sbin/nologin", "sbx_user1167:x:380:379::/home/sbx_user1167:/sbin/nologin", "sbx_user1168:x:379:378::/home/sbx_user1168:/sbin/nologin", "sbx_user1169:x:378:377::/home/sbx_user1169:/sbin/nologin", "sbx_user1170:x:377:376::/home/sbx_user1170:/sbin/nologin", "sbx_user1171:x:376:375::/home/sbx_user1171:/sbin/nologin", "sbx_user1172:x:375:374::/home/sbx_user1172:/sbin/nologin", "sbx_user1173:x:374:373::/home/sbx_user1173:/sbin/nologin", "sbx_user1174:x:373:372::/home/sbx_user1174:/sbin/nologin", "sbx_user1175:x:372:371::/home/sbx_user1175:/sbin/nologin", "sbx_user1176:x:371:370::/home/sbx_user1176:/sbin/nologin" ], "ulimit -a": [ "core file size (blocks, -c) unlimited", "data seg size (kbytes, -d) unlimited", "scheduling priority (-e) 0", "file size (blocks, -f) unlimited", "pending signals (-i) 14992", "max locked memory (kbytes, -l) 64", "max memory size (kbytes, -m) unlimited", "open files (-n) 1024", "pipe size (512 bytes, -p) 8", "POSIX message queues (bytes, -q) 819200", "real-time priority (-r) 0", "stack size (kbytes, -s) 8192", "cpu time (seconds, -t) unlimited", "max user processes (-u) 1024", "virtual memory (kbytes, -v) unlimited", "file locks (-x) unlimited" ], "/sbin/ip a": [ "1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1", " link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00", " inet 127.0.0.1/8 scope host lo", " valid_lft forever preferred_lft forever", "33: vinternal_11@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000", " link/ether ca:6e:10:ca:95:3c brd ff:ff:ff:ff:ff:ff link-netnsid 0", " inet 169.254.76.21/23 scope global vinternal_11", " valid_lft forever preferred_lft forever", "36: vtarget_6@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000", " link/ether 0e:97:c0:54:7b:9d brd ff:ff:ff:ff:ff:ff link-netnsid 1", " inet 169.254.79.1/32 scope global vtarget_6", " valid_lft forever preferred_lft forever" ], "/sbin/ip r": [ "default via 169.254.76.22 dev vinternal_11 ", "169.254.76.0/23 dev vinternal_11 proto kernel scope link src 169.254.76.21 ", "169.254.76.22 dev vinternal_11 scope link ", "169.254.79.2 dev vtarget_6 scope link " ], "netstat -av": [ "netstat: no support for `AF INET (sctp)' on this system.", "netstat: no support for `AF INET (sctp)' on this system.", "netstat: no support for `AF IPX' on this system.", "netstat: no support for `AF AX25' on this system.", "netstat: no support for `AF X25' on this system.", "netstat: no support for `AF NETROM' on this system.", "Active Internet connections (servers and established)", "Proto Recv-Q Send-Q Local Address Foreign Address State ", "udp 0 0 169.254.79.1:58860 169.254.79.2:sieve-filter ESTABLISHED ", "Active UNIX domain sockets (servers and established)", "Proto RefCnt Flags Type State I-Node Path" ] }
雑感
NW周りが興味深いですね!
env
の結果で以下のようなものがあるんですが、そこだけルーティングが別になっていたり。ちなみに同じ 169.254
から始まるEC2のmetadataを取る 169.254.169.254
のIPアドレスへの接続は通らないようになってるんですよね。
"_AWS_XRAY_DAEMON_ADDRESS=169.254.79.2", "_AWS_XRAY_DAEMON_PORT=2000",
"/sbin/ip r": [ "default via 169.254.76.22 dev vinternal_11 ", "169.254.76.0/23 dev vinternal_11 proto kernel scope link src 169.254.76.21 ", "169.254.76.22 dev vinternal_11 scope link ", "169.254.79.2 dev vtarget_6 scope link " ],
netstat -a
で得られる接続先がこれしかなかったり、 sieve-filter
はググったら Dovecot
と組み合わせて使うメールフィルタのようです。
udp 0 0 169.254.79.1:58860 169.254.79.2:sieve-filter ESTABLISHED
あとは、 df -a
で見られるファイルシステムがDockerコンテナより圧倒的に少ないなーとか(Dockerも起動方法次第なのかもですが)、Lambdaの最大メモリが3GBになって、2vCPUあたるようになったからかそれに合わせたVMに載ってるなーとか、プロセスの起動ユーザが sbx_userXXXX
なのは知っていたのですが、なんか一杯作ってあるなーとか、仕事に役立つかは不明ですが色々興味深くはあります。
追試:Lambdaのインスタンスガチャを検証する
さて、ではみんな気になる?Lambdaのインスタンスガチャを検証してみます。
serverless.yml
でLambdaのメモリ割り当てを増やしてインスタンスが別れるように仕向けます。
provider: name: aws runtime: python3.6 memorySize: 3008
そして、こんなコードをデプロイ。
import subprocess import time def osdata(event, context): time.sleep(1) return subprocess.getoutput('cat /proc/cpuinfo | grep "model name" | uniq')
こんな感じの手抜きワンライナーで実行します。
for i in $(seq 1 10); do sls invoke -f osdata >> result.txt & done; wait; cat result.txt | sort | uniq -c
結果②
8 "model name\t: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz" 2 "model name\t: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz"
ガチャだ・・・!(とはいえ、どちらも良いCPUですが)
Lambdaの場合はコンテナなので cgroups
あたりで調整してたり・・・はしないかなw
世代的にはC系の最新から1〜2世代前って感じですかね。極端に古くはなくて安心しましたw
ちなみに本検証はServerless Frameworkがデフォルトで利用する us-east-1
で検証してます。
パリみたいに最初からC5系しか居ないリージョンなら、割り当てリソースが同じでもファンクションの単体性能は変わりそうですね
こんなコメントも貰ったので、リージョンによってまた結果は変わりそうですね。
こちらからは以上です
元々書く予定だったのは近いうちに書くはず!(と言って去年は書かなかったことがあったけど今年は絶対書くつもり)