Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ADO extension fails when run in a container: handleRequestFunction failed, { message: 'read ECONNRESET' } #1575

Open
katydecorah opened this issue Mar 3, 2023 · 8 comments
Assignees
Labels
active (Dev) The assigned dev is working to perform the work. bug Something isn't working status: active This issue is currently being worked on by someone.

Comments

@katydecorah
Copy link
Contributor

katydecorah commented Mar 3, 2023

Describe the bug

When run in a container, the ADO extension fails with:

 handleRequestFunction failed, reclaiming failed request back to the list or queue

It will sometimes include additional error messages, such as:

  • ProtocolError: Protocol error (Target.setAutoAttach): Target closed.
  • caused by: Error: "{ message: 'read ECONNRESET' }"

To Reproduce

You can reproduce the error by running the extension in a container. https://learn.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops#single-job

pool:
  vmImage: 'windows-2019'

container: mcr.microsoft.com/windows/servercore:ltsc2019

steps:
- script: set

- task: NodeTool@0
  inputs:
      versionSpec: '16.x'

- script: npm install [email protected] -g
  displayName: install yarn as a global dependency
    
- task: accessibility-insights.prod.task.accessibility-insights@3
  displayName: '[should fail] staging accessibility insights task against URL with known failures'
  inputs:
    url: 'https://www.washington.edu/accesscomputing/AU/before.html'

Repro example

Expected behavior

According to Running Puppeteer in Docker, Troubleshooting there are likely extra steps we should recommend to the user.

It's not clear to me if there's anything we can do on the extension side or if this can be helped with added documentation

Screenshots

Context (please complete the following information)

  • OS Name & Version:
  • Azure DevOps Extension Version & Environment:
  • Browser Version:
  • Target Page:

Are you willing to submit a PR?

Yes

Did you search for similar existing issues?

Additional context

@katydecorah katydecorah added the bug Something isn't working label Mar 3, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the status: new This issue is new and requires triage by DRI. label Mar 3, 2023
@sfoslund sfoslund removed their assignment Mar 3, 2023
@sfoslund sfoslund added the status: ready for triage This issue is ready to be triaged by the Accessibility Insights team. label Mar 3, 2023
@sfoslund sfoslund removed the status: new This issue is new and requires triage by DRI. label Mar 3, 2023
@microsoft-github-policy-service
Copy link
Contributor

This issue has been marked as ready for team triage; we will triage it in our weekly review and update the issue. Thank you for contributing to Accessibility Insights!

@microsoft-github-policy-service microsoft-github-policy-service bot added the status: new This issue is new and requires triage by DRI. label Mar 3, 2023
@dbjorge
Copy link
Contributor

dbjorge commented Mar 3, 2023

If the issue is that the container is missing system dependencies required to successfully run Chromium, this may be yet another reason that it would be nice to switch the service from Puppeteer to Playwright. Playwright gives a much nicer error message for that case (noting before trying to start that the system is missing required dependencies, enumerating which ones, and offering an npx playwright install-deps chromium command to install them for you).

@DaveTryon DaveTryon removed the status: new This issue is new and requires triage by DRI. label Mar 8, 2023
@dbjorge dbjorge added the status: ready for work This issue is ready to be worked on. label Apr 18, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot removed the status: ready for triage This issue is ready to be triaged by the Accessibility Insights team. label Apr 18, 2023
@dbjorge
Copy link
Contributor

dbjorge commented Apr 29, 2023

Investigated this a bit further and confirmed that this does seem to be a result of trying to run in Windows Server Core without having installed the prerequisite Server-Media-Foundation Windows Feature required to run Chromium in that Windows SKU. This is true irrespective of whether you're using Server Core via a container or host VM, but in practice we usually see host VMs running full Server SKUs and containers based on something like mcr.microsoft.com/windows/servercore:ltsc2022 or mcr.microsoft.com/windows/servercore:ltsc2019, so it tends to be correlated with users trying to use containers.

On servercore:ltsc2019 it's possible to install the prerequisite windows feature with a step along the lines of Install-WindowsFeature Server-Media-Foundation, but this doesn't work on servercore:ltsc2022 without a much more involved workaround.

Other errors with similar symptoms:

  • If you try to use a linux container without the required prerequisites installed (eg, mcr.microsoft.com/devcontainers/javascript-node:16), you're likely to get an error along these lines:
ERROR PuppeteerCrawler: handleRequestFunction failed, reclaiming failed request back to the list or queue {"url":"[https://site-under-test.com","retryCount":1,"id":"mCnLT4bz8fgQgev"}](https://site-under-test.com%22%2C%22retrycount%22:1%2C%22id%22:"mCnLT4bz8fgQgev"}/)
  Error: Failed to launch the browser process!
  /home/node/.cache/puppeteer/chrome/linux-1108766/chrome-linux/chrome: error while loading shared libraries: libnss3.so: cannot open shared object file: No such file or directory
  • If you try to use a linux container that does have the required prerequisites installed (eg, mcr.microsoft.com/playwright:v1.33.0-jammy), you're likely to get an error along these lines:
ERROR PuppeteerCrawler: handleRequestFunction failed, reclaiming failed request back to the list or queue {"url":"[http://localhost:5858","retryCount":1,"id":"hgW4ugjCDUL55FU"}](http://localhost:5858%22%2C%22retrycount%22:1%2C%22id%22:"hgW4ugjCDUL55FU"}/)
  Error: Failed to launch the browser process!
  [0429/002056.263116:FATAL:zygote_host_impl_linux.cc(127)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.

The latter case (where the correct deps are installed on Linux) happens because Chromium's sandboxing only works in Docker containers if you pass a specific Docker seccomp policy while running docker commands, and Azure Pipelines does not pass this by default. There's no workaround that I'm aware of except disabling Chromium's sandboxing, which would be pretty questionable for us to do from a crawler.


In summary, I think our short-term recommendation we should document needs to be that, in order to run the task, users must run it from one of the following environments:

  • A host VM (not a docker container) which is based on a Windows Server SKU or a Linux image which is tested to work with Chromium, for example any of the standard Azure Pipelines Hosted Agent images or standard 1ES PT images.
  • A Windows (not linux) Docker container which is based on a Windows or Windows Server container base image (not servercore or nanoserver)

...noting specifically that Docker containers based on linux, servercore, or nanoserver are not supported.

Medium-term, it would be good to detect this case early and improve our error messaging. On Windows, we could do something comparable to Playwright's install_media_pack.ps1 script (but with Get-WindowsFeature instead of Install-WindowsFeature) to detect whether we're on a server SKU without the required prerequisite.

If we get substantial user requests for linux support, I'm not sure we have a great solution; we could add some sort of chromiumSandbox: false task input to let users opt into disabling sandboxing to enable running on containers with prerequisites installed, but I'm not convinced we should allow users to do that, it carries risks that users are likely to dismiss.

@dbjorge
Copy link
Contributor

dbjorge commented May 1, 2023

Updated internal documentation per above comment's short-term recommendations.

@DaveTryon DaveTryon added status: blocked This issue is blocked. and removed status: ready for work This issue is ready to be worked on. labels May 2, 2023
@dbjorge dbjorge added status: ready for triage This issue is ready to be triaged by the Accessibility Insights team. and removed status: blocked This issue is blocked. labels May 22, 2023
@microsoft-github-policy-service
Copy link
Contributor

This issue has been marked as ready for team triage; we will triage it in our weekly review and update the issue. Thank you for contributing to Accessibility Insights!

@dbjorge
Copy link
Contributor

dbjorge commented May 22, 2023

The remaining work for this is the paragraph starting with "Medium-term" in the above comment, discussing making the error message more clear. Marking as ready for triage for us to discuss if/when to do that.

@DaveTryon
Copy link
Contributor

We want to do this if it's fairly easy

@DaveTryon DaveTryon added the status: ready for work This issue is ready to be worked on. label Jun 1, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot removed the status: ready for triage This issue is ready to be triaged by the Accessibility Insights team. label Jun 1, 2023
@DaveTryon DaveTryon moved this to Old backlog in Accessibility Insights Jun 28, 2023
@DaveTryon DaveTryon moved this from Old backlog to Accepted in Accessibility Insights Jun 29, 2023
@DaveTryon DaveTryon added the needs Dev This issue is ready for dev to perform the work. label Jul 4, 2023
@codeofdusk codeofdusk self-assigned this Aug 4, 2023
@codeofdusk codeofdusk added active (Dev) The assigned dev is working to perform the work. status: active This issue is currently being worked on by someone. and removed needs Dev This issue is ready for dev to perform the work. status: ready for work This issue is ready to be worked on. labels Aug 4, 2023
codeofdusk added a commit that referenced this issue Sep 1, 2023
Some Windows Server versions (Nano Server and Server Core) lack the
needed dependencies to run Chrome. This commit adds a check for this case
(based on the information in
#1575 (comment)),
displaying a warning in the console when it occurs. Specifically, it
checks for the availability of the `Server-Media-Foundation` feature
(only available on server editions, not client) with non-installed
state.

This commit adds a new dependency
([wmi-client](https://www.npmjs.com/package/wmi-client)) to
`package.json`. In order to use this package and pass linting, we needed
to create a declaration file for its types. This is
`packages/ado-extension/src/wmic.d.ts`, which declares the
`"wmi-client"` `module` and its `wmic` `class`.

Addresses #1575.

Co-authored-by: madalynrose <[email protected]>
@lamaks
Copy link
Member

lamaks commented Sep 8, 2023

Investigated this a bit further and confirmed that this does seem to be a result of trying to run in Windows Server Core without having installed the prerequisite Server-Media-Foundation Windows Feature required to run Chromium in that Windows SKU.

Apparently missing Server-Media-Foundation Windows feature has nothing to do with this issue. To run Chrome or Chromium in Windows Server container there is no requirement to install it.

To successfully run Chrome or Chromium in Windows/Linux container install required Fonts.

In Ubuntu you can install required fonts using following script:

apt-get update \
&& apt-get install -y wget gnupg \
&& wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
&& apt-get update \
&& apt-get install -y google-chrome-stable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst fonts-freefont-ttf libxss1 libxtst6 procps \
--no-install-recommends \

In Windows Server core enable following optional Windows features and register fonts using Win32 GDI API function. Detailed solution can be found here.

[DllImport("gdi32.dll")]
static extern int AddFontResource(string lpFilename);
ServerCoreFonts-NonCritical-Fonts-MinConsoleFonts
ServerCoreFonts-NonCritical-Fonts-Support
ServerCoreFonts-NonCritical-Fonts-BitmapFonts
ServerCoreFonts-NonCritical-Fonts-TrueType
ServerCoreFonts-NonCritical-Fonts-UAPFonts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
active (Dev) The assigned dev is working to perform the work. bug Something isn't working status: active This issue is currently being worked on by someone.
Projects
Status: Accepted - vendor
Development

No branches or pull requests

9 participants