Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chromium/Chrome does not work in an OpenVZ container #938

Closed
gildegoma opened this issue Feb 16, 2013 · 71 comments
Closed

Chromium/Chrome does not work in an OpenVZ container #938

gildegoma opened this issue Feb 16, 2013 · 71 comments

Comments

@gildegoma
Copy link

Problem initially reported in https://groups.google.com/forum/m/?fromgroups#!topic/travis-ci/YG9j5wN4YeE

See attempts to install chrome browser and test driver on the fly here: https://travis-ci.org/freedomsponsors/www.freedomsponsors.org/builds

As pointed out below, this a well-known integration problem: Chrome cannot be executed in a OpenVZ container/guest, because of suid binaries. Details there:

//cc @tonylampada

@tonylampada
Copy link

@gildegoma Thanks for opening this.
I may have made a new discovery today.
I tried just running chromium-browser and got this error:

Failed to move to new PID namespace: Operation not permitted

Googling for it, I found this chromium issue, marked as won't fix --> http://code.google.com/p/chromium/issues/detail?id=31077

Apparently, the partition where /opt lives should be mounted without an option called nosuid

Hope this helps

@tonylampada
Copy link

I'm placing a 20 bucks bounty for this issue on FreedomSponsors.
http://www.freedomsponsors.org/core/offer/203/chromium-browser-is-preinstalled-on-32bit-worker-vm-but-not-on-64bit-bluebox-workers?alert=SPONSOR

If there's anyone out there who's suffering from this as well, please feel free to chip in :-)

@rkh
Copy link
Contributor

rkh commented Feb 21, 2013

ping @joshk

@gildegoma
Copy link
Author

All travis boxes are now 64-bit and chromium-browser package should be preinstalled on all linux boxes.

@gildegoma
Copy link
Author

I verified: this problem is still present (issue renamed) and sounds very hard to fix.
as expected, both chrome flavours ('chromium-broswer' and 'google-chrome') are impacted.

@tonylampada
Copy link

Thanks for verifying. Looking forward to see my tests running again :-)

@gildegoma
Copy link
Author

According to chromium bug reports above, Chrome does not support OpenVZ integration. @joshk could you double check with bluebox support, if no 🌟 magical workaround exists (very little hope, but who knows...)

@joshk
Copy link
Contributor

joshk commented Mar 11, 2013

I will check with BlueBox about this.

@gildegoma
Copy link
Author

At the moment, the best workaround consists in running the client tests from SauceLabs. See:

(or use other Selenium Drivers, like WebDriver or Firefox)

@mithro
Copy link

mithro commented Apr 13, 2013

From looking at the bug linked above I found;

This just started happening to my OpenVZ containers, too:
linux-image-openvz-amd64 2.6.32+28 from Debian testing
chromium-browser 6.0.472.36~r55963-0ubuntu1~ucd1~hardy (from beta PPA: http://ppa.launchpad.net/chromium-daily/beta/ubuntu)

I have upgraded the kernel from 2.6.24.28.30 (Ubuntu Hardy) a few days ago, and chromium-browser from 5.0.375.125~r53311-0ubuntu2~ucd2~hardy.

Passing "--no-sandbox" works around this, but it adds a warning during startup because of the unsupported nature of this option, which I'd like to avoid (I'm using Chromium in OpenVZ for creating browser screenshots automatically).

See also https://bugs.launchpad.net/chromium-browser/+bug/577919

Working if --no-sandbox might allow chrome to run?

@mithro
Copy link

mithro commented Apr 13, 2013

Yeap, that seems to work for me!

    driver_arguments = {}
    driver_arguments['chrome_options'] = webdriver.ChromeOptions()

....

    # Travis-CI uses OpenVZ containers which are incompatible with the sandbox
    # technology.
    # See https://code.google.com/p/chromium/issues/detail?id=31077 for more
    # information.
    if 'TRAVIS' in os.environ:
        driver_arguments['chrome_options'].add_argument('--no-sandbox')

...

    webdriver.Chrome(**driver_arguments)

https://travis-ci.org/mithro/web-animations-js/jobs/6310912

@mithro
Copy link

mithro commented Apr 14, 2013

Oh, you also need to fix the permissions of /dev/shm

# Make sure /dev/shm has correct permissions.
ls -l /dev/shm
sudo chmod 1777 /dev/shm
ls -l /dev/shm

@tonylampada
Copy link

@mithro, I tried using this workaround, but still no luck.
I'm getting this error:

WebDriverException: Message: u'session not created exception: unknown error: unable to discover open pages'

Any idea what I might be doing wrong?
https://travis-ci.org/freedomsponsors/www.freedomsponsors.org/builds/6809583

@mithro
Copy link

mithro commented May 2, 2013

Not sure, but we are using a different chrome driver / chrome version I
think...

export CHROME=google-chrome-${VERSION}_current_amd64.deb
 wget https://dl.google.com/linux/direct/$CHROME

(Version is stable/beta/unstable)

                chromedriver_url = "
https://chromedriver.googlecode.com/files/chromedriver2_linux64_0.6.zip"
            else:

@joshk
Copy link
Contributor

joshk commented May 2, 2013

Is there anything we (Travis) can do to fix this issue? (apart from moving off OpenVZ)

On 2/05/2013, at 7:43 AM, Tim Ansell notifications@github.com wrote:

Not sure, but we are using a different chrome driver / chrome version I
think...

export CHROME=google-chrome-${VERSION}_current_amd64.deb
wget https://dl.google.com/linux/direct/$CHROME

(Version is stable/beta/unstable)

chromedriver_url = "
https://chromedriver.googlecode.com/files/chromedriver2_linux64_0.6.zip"
else:

On 2 May 2013 15:35, tonylampada notifications@github.com wrote:

@mithro https://github.com/mithro, I tried using this workaround, but
still no luck.
I'm getting this error:

WebDriverException: Message: u'session not created exception: unknown error: unable to discover open pages'

Any idea what I might be doing wrong?

https://travis-ci.org/freedomsponsors/www.freedomsponsors.org/builds/6809583


Reply to this email directly or view it on GitHubhttps://github.com//issues/938#issuecomment-17321268
.


Reply to this email directly or view it on GitHub.

@mithro
Copy link

mithro commented May 6, 2013

Sadly, I can't see anyway that Travis can fix this problem at the moment.

It looks like they are trying to fix this limitation in the kernel which
would then mean just a kernel upgrade.

On 2 May 2013 21:30, Josh Kalderimis notifications@github.com wrote:

Is there anything we (Travis) can do to fix this issue? (apart from moving
off OpenVZ)

On 2/05/2013, at 7:43 AM, Tim Ansell notifications@github.com wrote:

Not sure, but we are using a different chrome driver / chrome version I
think...

export CHROME=google-chrome-${VERSION}_current_amd64.deb
wget https://dl.google.com/linux/direct/$CHROME

(Version is stable/beta/unstable)

chromedriver_url = "
https://chromedriver.googlecode.com/files/chromedriver2_linux64_0.6.zip"

else:

On 2 May 2013 15:35, tonylampada notifications@github.com wrote:

@mithro https://github.com/mithro, I tried using this workaround,
but
still no luck.
I'm getting this error:

WebDriverException: Message: u'session not created exception: unknown
error: unable to discover open pages'

Any idea what I might be doing wrong?

https://travis-ci.org/freedomsponsors/www.freedomsponsors.org/builds/6809583


Reply to this email directly or view it on GitHub<
https://github.com/travis-ci/travis-ci/issues/938#issuecomment-17321268>
.


Reply to this email directly or view it on GitHub.


Reply to this email directly or view it on GitHubhttps://github.com//issues/938#issuecomment-17332752
.

niklas added a commit to niklas/cataract that referenced this issue Jun 2, 2013
@ghost
Copy link

ghost commented Jun 25, 2013

Wasn't getting anywhere with the --no-sandbox and misc hacks on linux. Sorted by simply switching to OSX VMs.

@mithro
Copy link

mithro commented Jun 26, 2013

--no-sandbox definitely works because we are using it daily :)

Tim

On 26 June 2013 00:20, Luis Abreu notifications@github.com wrote:

Wasn't getting anywhere with the --no-sandbox and misc hacks on linux.
Sorted by simply switching to OSX VMs.


Reply to this email directly or view it on GitHubhttps://github.com//issues/938#issuecomment-19979133
.

@ghost
Copy link

ghost commented Jun 29, 2013

Humm, alright, guess I need to try again :) ( wonder if being on Pro makes any diff )

@mithro
Copy link

mithro commented Dec 5, 2013

If you are using the latest Chrome unstable you will now get a "Failed to move to new PID namespace: Operation not permitted" error even when running with --no-sandbox (none of the --no-sandbox related flags seem to work any more).

I have created a custom version of the sandbox which doesn't fail with this error. You can install it the following way;

        # If we don't have PID namespace support, download a custom
        # chrome-sandbox which works even without it.
        if [ -f /opt/google/chrome/chrome-sandbox ]; then
            export CHROME_SANDBOX=/opt/google/chrome/chrome-sandbox
        else
            export CHROME_SANDBOX=$(ls /opt/google/chrome*/chrome-sandbox)
        fi

        sudo rm -f $CHROME_SANDBOX
        sudo wget https://googledrive.com/host/0B5VlNZ_Rvdw6NTJoZDBSVy1ZdkE -O $CHROME_SANDBOX
        sudo chown root:root $CHROME_SANDBOX; sudo chmod 4755 $CHROME_SANDBOX
        sudo md5sum $CHROME_SANDBOX

@jsdevel
Copy link

jsdevel commented Dec 21, 2013

I'm now getting this:

Error: Error creating class
org.openqa.selenium.WebDriverException: chrome not reachable
  (Driver info: chromedriver=2.8.240825,platform=Linux 2.6.32-042stab079.5 x86_64) (WARNING: The server did not provide any stacktrace information)
Command duration or timeout: 20.25 seconds
Build info: version: '2.39.0', revision: 'ff23eac', time: '2013-12-16 16:11:15'
System info: host: 'testing-worker-linux-2-2-5645-linux-8-15825418', ip: '127.0.0.1', os.name: 'Linux', os.arch: 'amd64', os.version: '2.6.32-042stab079.5', java.version: '1.7.0_45'
Driver info: org.openqa.selenium.chrome.ChromeDriver
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at org.openqa.selenium.remote.ErrorHandler.createThrowable(ErrorHandler.java:193)
    at org.openqa.selenium.remote.ErrorHandler.throwIfResponseFailed(ErrorHandler.java:145)
    at org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:554)
    at org.openqa.selenium.remote.RemoteWebDriver.startSession(RemoteWebDriver.java:216)
    at org.openqa.selenium.chrome.ChromeDriver.startSession(ChromeDriver.java:182)
    at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:111)
    at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:115)
    at org.openqa.selenium.chrome.ChromeDriver.<init>(ChromeDriver.java:161)
    at org.openqa.selenium.chrome.ChromeDriver.<init>(ChromeDriver.java:150)
    at org.openqa.selenium.chrome.ChromeDriver.<init>(ChromeDriver.java:118)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

Here's my .travis.yml

language: node_js
node_js:
  - "0.10"
before_install:
  - "Xvfb :99 > /dev/null &"
install: "npm install"
cache:
  directories:
    - node_modules

@mithro
Copy link

mithro commented Dec 22, 2013

Even with my custom sandbox binary installed?

jsdevel added a commit to jsdevel/webdriver-sync that referenced this issue Dec 22, 2013
@jsdevel
Copy link

jsdevel commented Dec 22, 2013

@mithro I wasn't able to install your sandbox binary. Checkout the output here: https://travis-ci.org/jsdevel/webdriver-sync/builds/15840074

I added your script as a fixChrome bash script in my project root and added a before_install line to run it.

@jsdevel
Copy link

jsdevel commented Dec 22, 2013

@mithro I think I've found a smoking gun. My VM doesn't have google chrome, it has chromium! Adding ' - "find / -maxdepth 5"' to my before_install yielded the following:

....
/usr/bin/mysqld_safe
/usr/bin/ppmtowinicon
/usr/bin/chromium-browser
/usr/bin/unzipsfx
/usr/bin/troff
....

No sign of google-chrome anywhere. This is a problem for ChromeDriver, as it expects to find the binary at /usr/bin/google-chrome (see https://code.google.com/p/selenium/wiki/ChromeDriver#Overriding_the_Chrome_binary_location)

I'm going to investigate creating a symlink that points to chromium, and / or removing chromium and installing google-chrome before_install.

@jsdevel
Copy link

jsdevel commented Dec 23, 2013

@mithro I was finally able to get chrome to load, but it sure isn't elegant. Using your and others suggestions in this thread, my .travis.yml file now looks like this:

language: node_js
node_js:
  - "0.10"
before_install:
  - "sudo apt-get remove chromium-browser"
  - "echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | sudo debconf-set-selections"
  - "sudo apt-get install ttf-mscorefonts-installer"
  - "sudo apt-get install x-ttcidfont-conf"
  - "sudo mkfontdir"
  - "sudo apt-get install defoma libgl1-mesa-dri xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic"
  - "wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb"
  - "sudo mkdir -p /usr/share/desktop-directories"
  - "sudo dpkg -i google-chrome-stable_current_amd64.deb"
  - "sudo apt-get install -f"
  - "sudo dpkg -i google-chrome-stable_current_amd64.deb"
  - "export CHROME_SANDBOX=/opt/google/chrome/chrome-sandbox"
  - "sudo rm -f $CHROME_SANDBOX"
  - "sudo wget https://googledrive.com/host/0B5VlNZ_Rvdw6NTJoZDBSVy1ZdkE -O $CHROME_SANDBOX"
  - "sudo chown root:root $CHROME_SANDBOX; sudo chmod 4755 $CHROME_SANDBOX"
  - "sudo md5sum $CHROME_SANDBOX"
  - "export DISPLAY=:99.0"
  - "Xvfb :99.0 -extension RANDR > /dev/null &"
  - "sudo chmod 1777 /dev/shm"
install: "npm install"
cache:
  directories:
    - node_modules

I'm still getting strange error output in my builds, namely:

[dix] Could not init font path element /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType, removing from list!

However, this is more related to fonts than anything.

Is there a way to get stuff like this baked into the VMs?

@lookfirst
Copy link

Ok, without installing chrome, no-sandbox and DISPLAY commented out, chrome still crashes on the new arch:

https://travis-ci.org/lookfirst/systemjs-seed/jobs/53600350

uncommented no-sandbox and i get this:

https://travis-ci.org/lookfirst/systemjs-seed/jobs/53600788

and uncommenting DISPLAY, i get this:

https://travis-ci.org/lookfirst/systemjs-seed/jobs/53601000

Note that I added env before I set DISPLAY by hand:

https://travis-ci.org/lookfirst/systemjs-seed/jobs/53601000#L99

So, I guess we are back to square one, but with a faster server now. 👍

@lookfirst
Copy link

So now that I can't sudo, how do I install stuff with apt?

@lookfirst
Copy link

@joshk Any more thoughts?

@joshk
Copy link
Contributor

joshk commented Mar 10, 2015

Not sure right now sorry, Can you please open a new ticket with the information you posted above summerizing the issue and I can escalated this within the team.

Thanks :)

@lookfirst
Copy link

Due to the recent change over to docker by default and the fact that it has an ancient version of chrome, this is what I'm using now...

before_install:
- export DISPLAY=:99.0
- sh -e /etc/init.d/xvfb start
- curl -Lo chrome.zip https://download-chromium.appspot.com/dl/Linux_x64 && unzip chrome.zip

@ghost
Copy link

ghost commented May 24, 2015

Thanks @lookfirst -- google-chrome (launched via python/selenium/chromedriver) is working for me with your bash script, sudo: required, and the --no-sandbox flag activated.

@lookfirst
Copy link

@andy11 I found that installing chrome via apt takes an inordinate amount of time because of all the dependencies. The comment above where I just download the .zip file and use that binary works much better.

@dtracers
Copy link

dtracers commented Apr 5, 2016

I am installing chrome driver via grunt and as of this build it had errors with the chrome driver:

https://travis-ci.org/dtracers/coursesketch/builds/120990028
I have not tried any of the scripts yet but I did not know if anything has changed in the past year that is worth noting.

kvz added a commit to transloadit/uppy that referenced this issue Apr 6, 2016
It seems we are currently trying to run Chrome on Travis. Which is a
bit hard (travis-ci/travis-ci#938). Firefox
is recommended:
https://docs.travis-ci.com/user/gui-and-headless-browsers/#Using-xvfb-to
-Run-Tests-That-Require-a-GUI

But it's still only Firefox.

We can keep the chrome work for local tests, but I think Travis should
ping Sauce Labs:
https://docs.travis-ci.com/user/gui-and-headless-browsers/#Using-Sauce-L
abs

So they can spin up 180 real browsers and test on those.
@fulls1z3
Copy link

fulls1z3 commented Dec 9, 2016

Hope it helps:

sudo: required
dist: trusty
addons:
  apt:
    sources:
      - google-chrome
    packages:
      - google-chrome-stable

language: node_js
node_js:
  - "6"
cache:
  directories: node_modules
branches:
  only: master

before_script:
  - export DISPLAY=:99.0
  - sh -e /etc/init.d/xvfb start
  - npm i -g npm@^3
  - sleep 3

@jugglinmike
Copy link

This appears to no longer be an issue for the "Trusty Tahr" (e.g. 14.04) release of Ubuntu and onward. If you are able to upgrade to that release in your .travis.yml file, then you should be able to run Google Chrome without disabling the sandbox.

(I just spoke with some folks on the Chromium team in the #chromium IRC channel on Freenode. Chrome only uses a "setuid sandbox" as a fallback when the kernel does not support more advanced features. It seems likely that Ubuntu 14.04 has the namespace features that allow it to use other technologies--ones that are compatible with the environment provided by TravisCI.)

lutostag added a commit to lutostag/webextension-formsave that referenced this issue Apr 21, 2017
nbeyer added a commit to cerner/cerner-oauth1a that referenced this issue Apr 20, 2018
nbeyer added a commit to cerner/cerner-oauth1a that referenced this issue Apr 20, 2018
* Expand and refactor AccessToken to allow for parsing OAuth requests
  and authenticating them.
* Expand AccessTokenAgent with methods for getting the keys from the
  Access Token Service, which are required for authentication of OAuth
  requests.
* Add a Protocol utility model for encapsulating common OAuth protocol
  needs.
* Add oauth_parameters to OAuthError
* Add explicit parameter checking to AccessToken#from_authorization_header
* Add signature_method massage to AccessToken#initialize
* Correct some typos and documentation issues
* Clean up RuboCop configuration
* Add lightweight caching of AccessToken and Key instances in AccessTokenAgent
* Remove ruby-2.3 from Trave CI config to match gemspec
* Add utility for converting oauth_problem to HTTP Status for service providers
* Add more HTTP response helpers to Protocol and misc cleanup
* correct rubygems link in README
* Set version to 2.0.0.rc1
* Clean up lint
* use binstub for rspec in travis config
* Update README to use binstubs
* Try workaround for Travis CI, per travis-ci/travis-ci#938
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests