sitespeed.io
sitespeed.io copied to clipboard
sitespeedio
docker uses root user
Docker as non root user
In most kubernetes cluster, working with docker images that use root user are forbidden and rejected. I tried to create another Dockerfile and create a user, but the sitespeed.io command inside the docker doesn't work properly. Do you have a solution for not running docker as root?
Isn't the current user working? https://github.com/sitespeedio/sitespeed.io/blob/main/docker/scripts/start.sh#L31-L42
Thank you for your answer, the user sitespeedio is created within the groupid 0 and same as root (script start.sh), and then the chroot command is used (that can be executed just by root) to execute sitespeed.js command. I made some simple tests inside the docker:
- As root, I executed /usr/src/app/bin/sitespeed.js https://www.google.com --> Works OK
- As user sitespeedio(created by the script start.sh), I executed /usr/src/app/bin/sitespeed.js https://www.google.com --> got errors
- I create another user toto (with sudo privileges), I executed (with our without sudo) /usr/src/app/bin/sitespeed.js https://www.google.com --> got errors
The errors are:
_[2020-08-14 08:00:24] INFO: Versions OS: linux 4.19.76-linuxkit nodejs: v12.18.2 sitespeed.io: 14.2.3 browsertime: 9.2.1 coach: 5.1.0
[2020-08-14 08:00:24] INFO: Running tests using Chrome - 3 iteration(s)
[2020-08-14 08:00:25] INFO: Browser failed to start, trying 2 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:27] INFO: Browser failed to start, trying 1 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:28] INFO: Browser failed to start, trying 0 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:28] ERROR: BrowserError: Could not start the browser with 3 tries
at SeleniumRunner.start (/usr/src/app/node_modules/browsertime/lib/core/seleniumRunner.js:86:13)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
[2020-08-14 08:00:28] ERROR: No data to collect
[2020-08-14 08:00:29] INFO: Browser failed to start, trying 2 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:30] INFO: Browser failed to start, trying 1 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:31] INFO: Browser failed to start, trying 0 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:31] ERROR: BrowserError: Could not start the browser with 3 tries
at SeleniumRunner.start (/usr/src/app/node_modules/browsertime/lib/core/seleniumRunner.js:86:13)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
[2020-08-14 08:00:31] ERROR: No data to collect
[2020-08-14 08:00:32] INFO: Browser failed to start, trying 2 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:33] INFO: Browser failed to start, trying 1 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:34] INFO: Browser failed to start, trying 0 more time(s): unknown error: Chrome failed to start: exited abnormally.
(chrome not reachable)
(The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)
[2020-08-14 08:00:34] ERROR: BrowserError: Could not start the browser with 3 tries
at SeleniumRunner.start (/usr/src/app/node_modules/browsertime/lib/core/seleniumRunner.js:86:13)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
[2020-08-14 08:00:34] ERROR: No data to collect
[2020-08-14 08:00:34] ERROR: TypeError: Cannot read property 'alias' of undefined
at Object.processMessage (/usr/src/app/lib/plugins/browsertime/index.js:148:50)
at processTicksAndRejections (internal/process/task_queues.js:97:5)_
Do you have any suggestion?.It seems that the problem is with the chrome driver, but I got the same problem using firefox inside de docker, i tried to modified folder permissions, but I still have the same errors.
Thank you in advance,
Aracely
I have a very similar error, which I don't think is the user being run in docker, but the command on install not properly installing the chrome driver. After running npm install inside of my Dockerfile, this is the log output I get
> @sitespeed.io/[email protected] install /usr/lib/node_modules/sitespeed.io/node_modules/@sitespeed.io/chromedriver
> node install.js
(node:60) UnhandledPromiseRejectionWarning: Error: Destination Folder must exist
at b.d (/usr/lib/node_modules/sitespeed.io/node_modules/node-downloader-helper/dist/index.js:1:14198)
at new b (/usr/lib/node_modules/sitespeed.io/node_modules/node-downloader-helper/dist/index.js:1:2158)
at download (/usr/lib/node_modules/sitespeed.io/node_modules/@sitespeed.io/chromedriver/install.js:71:18)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:60) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:60) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
This doesn't fail the docker build and my container on starting has a similar output of errors as @apache23 . Just some thoughts that for some reason, in an Ubuntu Focal image., its not able to fully build.
Hi @squibbleFish can you share your Dockerfile so I can reproduce? Thanks!
The base docker file runs Ubuntu Focal and NodeJS 14.17
FROM ***BASE DOCKER FILE***
ARG CHROME_VERSION=96.0.4664.35
ARG EDGE_VERSION
ARG GECKO_VERSION
ARG GECKO_SKIP=true
ARG EDGE_SKIP=true
RUN apt-get update -y && \
apt-get install -y \
sudo \
wget \
python-is-python3 \
python3-dev \
python3-pip \
imagemagick \
ffmpeg \
xvfb \
net-tools \
iproute2
RUN python -m pip install pyssim
RUN GECKODRIVER_SKIP_DOWNLOAD=${GECKO_SKIP} \
EDGEDRIVER_SKIP_DOWNLOAD=${EDGE_SKIP} \
npm install sitespeed.io -g
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub \
| apt-key add - \
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list \
&& apt-get update \
&& apt-get -y install google-chrome-stable
ENTRYPOINT ["sitespeed.io", "-n", "1", "-b", "chrome", "https://www.sitespeed.io", "--video", "--visualMetrics", "--xvfb"]
Thanks for sharing @squibbleFish let me have a try tonight and see if I can reproduce and fix it,
@squibbleFish I had a go and it worked for me but I added a work dir WORKDIR /usr/app else NoseJS will install in roots folder I think, can you try if that helps? I haven't tried without yet, my machine is slow and it takes a long time to build :)
Also I used ubuntu:focal-20211006 and then installed NodeJS as in https://github.com/sitespeedio/docker-node/blob/main/Dockerfile
My full Dockerfile for test looks like:
FROM ubuntu:focal-20211006
ARG CHROME_VERSION=96.0.4664.35
ARG EDGE_VERSION
ARG GECKO_VERSION
ARG GECKO_SKIP=true
ARG EDGE_SKIP=true
ARG DEBIAN_FRONTEND=noninteractive
ARG TARGETPLATFORM=linux/amd64
ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 16.3.0
WORKDIR /usr/app
RUN export PLATFORM=$(if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then echo "x64"; else echo "arm64"; fi) \
buildDeps='xz-utils curl ca-certificates gnupg2 dirmngr' \
&& set -x \
&& apt-get update && apt-get upgrade -y && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& set -ex \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$PLATFORM.tar.xz" \
&& curl -SLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION-linux-$PLATFORM.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$PLATFORM.tar.xz" -C /usr/local --strip-components=1 \
&& rm "node-v$NODE_VERSION-linux-$PLATFORM.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
&& apt-get purge -y --auto-remove $buildDeps \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs
RUN apt-get update -y && \
apt-get install -y \
sudo \
wget \
python-is-python3 \
python3-dev \
python3-pip \
imagemagick \
ffmpeg \
xvfb \
net-tools \
iproute2
RUN python -m pip install pyssim
RUN npm install sitespeed.io -g --production
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub \
| apt-key add - \
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list \
&& apt-get update \
&& apt-get -y install google-chrome-stable
ENTRYPOINT ["sitespeed.io", "-n", "1", "-b", "chrome", "https://www.sitespeed.io", "--video", "--visualMetrics", "--xvfb", "--browsertime.docker"]
Ah I see now, the installation gives no error but it fails when you try to start Chrome, let me try again.
@squibbleFish Ok, running works for me, the thing is that to run Chrome inside docker, there's a couple of different hacks you can do. If you add the flag --browsertime.docker (="knowing" that we run in Docker) the Chrome flags --no-sandbox --disable-setuid-sandbox is used.
@soulgalore apologize for the length of time to get back to you. Been away with the holiday and stuff. Is that flag set as part of the sitespeed ENTRYPOINT? Also, is the error thrown during npm i sitespeed.io -g just a red herring?
The root thing is still an issue, if more people need it, I can have a go next year fixing it. Until then I'm closing most of those issues.