Azure / azure-functions-python-worker

Python worker for Azure Functions.
http://aka.ms/azurefunctions
MIT License
337 stars 104 forks source link

Function apps with headless chrome works in consumption plan but not in premium plan #852

Open lalalsara opened 3 years ago

lalalsara commented 3 years ago

We can't run headless Chrome in a function app hosted in a premium plan, but it works in consumption plan.

We have two function apps running on an elastic premium plan (EP1:1). One is using dotnet and Puppeteer Sharp library, and the other one Python and Pyppeteer library. Both are located in West Europe.

- C# dotnet function app

Throw the following error: _2021-05-19T07:26:42.342176771Z Executed (Failed, Id=5687ac18-143f-4faf-a4e7-160b567a9a0c, Duration=103ms) 2021-05-19T07:26:42.342947961Z ---> PuppeteerSharp.ProcessException: Failed to launch Base! [0519/072642.021600:ERROR:zygote_host_impllinux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

- Python function app

Throws the following error: 2021-05-19T07:16:10.624 [Error] Executed (Failed, Id=9f65d621-67bd-4529-a877-059ebb87f1b9, Duration=30046ms)Result: FailureException: BrowserError: Browser closed unexpectedly

We learned that the base images were not updated with the right dependencies for launching headless Chrome and tried to change the property linusFxVersion in the function apps to these base images, which are supposed to have the dependencies needed, using az CLI:

We are still getting the same error as shown above.

We also tried running the dotnet function app as a custom container and adding the dependencies manually there but still got issues. These are the steps we tried and their outcome:

#####################################################################

When running with the Visual Studio auto generated Dockerfile + adding installed dependencies, function app itself is running but the function throws this error:

2021-05-06T16:34:11.404380645Z ---> PuppeteerSharp.ProcessException: Failed to launch Base! [0506/163411.280771:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

#####################################################################

When adding a new non-root user:

"Failed to launch Base! [0506/181428.176134:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox."

####################################################################

When adding this line at the end of the Dockerfile to enable namespace cloning as per suggested in the link above:

CMD["sudo sysctl -w kernel.unprivileged_userns_clone=1"]

The container logs shows this error:

"Docker API responded with status code=BadRequest, response={"message":"OCI runtime create failed: container_linux.go:370: starting container process caused: exec: \"sudo sysctl -w kernel.unprivileged_userns_clone=1\": executable file not found in $PATH: unknown"}"

Found this in a Stackoverflow thread related to this command:

"Since Docker containers share the host system's kernel and its settings, a Docker container usually can't run sysctl at all."

We have an open ticket with Microsoft with TrackingID#2104220050002234 and they suggested that we open a public issue here on GitHub.

v-anvari commented 3 years ago

Hi @lalalsara , Thank you for your feedback! We will investigate and update as appropriate.

v-anvari commented 3 years ago

Transferring this issue to Python worker repository for further investigation

lalalsara commented 3 years ago

Thank you! Our prior is to get the dotnet function app working though - the Python function app was only created as a plan B since it didn't work with dotnet.