Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added dockerfiles #174

Closed
wants to merge 5 commits into from
Closed

added dockerfiles #174

wants to merge 5 commits into from

Conversation

mr-sour
Copy link
Contributor

@mr-sour mr-sour commented Sep 21, 2020

Description

fixes
#11 sorta

These are a set of docker files to build and run this inside a docker container. With chrome sandboxing. X11 forwarding instructions will soon follow if people want that. Sorta fixes issue 11 but its really meant as a easy way to get it up and running on a server to get notifications and can't do the automated browser workflow. (yet)

discord
mrsour#2727

Testing

New dependencies

@mr-sour mr-sour requested a review from jef as a code owner September 21, 2020 19:51
@ethanspitz
Copy link

ethanspitz commented Sep 22, 2020

This doesn't work for me. Maybe I'm doing it wrong. I'd recommend adding instructions at the very least before this gets merged in.

I built with:

docker build --tag nvidiasnatcher:1.0 .
# Update docker-compose to reference nvidiasnatcher:1.0
docker-compose up

This resulted in

Starting nvidiasnatcher_nvidia-snatcher_1 ... error                                                                                                                           
ERROR: for nvidiasnatcher_nvidia-snatcher_1  Cannot start service nvidia-snatcher: Decoding seccomp profile failed: invalid character 'c' looking for beginning of value

ERROR: for nvidia-snatcher  Cannot start service nvidia-snatcher: Decoding seccomp profile failed: invalid character 'c' looking for beginning of value
ERROR: Encountered errors while bringing up the project.

docker-compose.yml Outdated Show resolved Hide resolved
@ethanspitz
Copy link

This doesn't work for me. Maybe I'm doing it wrong. I'd recommend adding instructions at the very least before this gets merged in.

I built with:

docker build --tag nvidiasnatcher:1.0 .
# Update docker-compose to reference nvidiasnatcher:1.0
docker-compose up

This resulted in

Starting nvidiasnatcher_nvidia-snatcher_1 ... error                                                                                                                           
ERROR: for nvidiasnatcher_nvidia-snatcher_1  Cannot start service nvidia-snatcher: Decoding seccomp profile failed: invalid character 'c' looking for beginning of value

ERROR: for nvidia-snatcher  Cannot start service nvidia-snatcher: Decoding seccomp profile failed: invalid character 'c' looking for beginning of value
ERROR: Encountered errors while bringing up the project.

Updated docker-compose to a newer version that supported seccomp. It starts up now, but fails to run and it exits.

WARNING: Found orphan containers (nvidiasnatcher_nvidia-snacher_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Removing nvidiasnatcher_nvidia-snatcher_1
Recreating 4dbac5b61ac6_nvidiasnatcher_nvidia-snatcher_1 ... done                                                                                                             Attaching to nvidia-snatcher_nvidia-snatcher_1
nvidia-snatcher_1  | (node:6) UnhandledPromiseRejectionWarning: Error: Failed to launch the browser process!
nvidia-snatcher_1  | Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
nvidia-snatcher_1  | [0922/055014.437055:FATAL:zygote_host_impl_linux.cc(190)] Check failed: ReceiveFixedMessage(fds[0], kZygoteBootMessage, sizeof(kZygoteBootMessage), &boot_pid).
nvidia-snatcher_1  | Received signal 6
nvidia-snatcher_1  |   r8: 00007fffa4596c34  r9: 00000000000000a2 r10: 0000000000000008 r11: 0000000000000246
nvidia-snatcher_1  |  r12: 00007fffa4597270 r13: 00007fffa45971ac r14: 00007f99332c6aa0 r15: 00000000000000a0
nvidia-snatcher_1  |   di: 0000000000000002  si: 00007fffa4596b00  bp: 00007fffa4596b00  bx: 0000000000000000
nvidia-snatcher_1  |   dx: 0000000000000000  ax: 0000000000000000  cx: ffffffffffffffff  sp: 00007fffa4596af8
nvidia-snatcher_1  |   ip: 00007f99341e86e2 efl: 0000000000000246 cgf: aaaa000000000033 erf: 0000000000000000
nvidia-snatcher_1  |  trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
nvidia-snatcher_1  | [end of stack trace]
nvidia-snatcher_1  | Calling _exit(1). Core file will not be generated.
nvidia-snatcher_1  |
nvidia-snatcher_1  |
nvidia-snatcher_1  | TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md
nvidia-snatcher_1  |
nvidia-snatcher_1  |     at onClose (/usr/src/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:193:20)
nvidia-snatcher_1  |     at ChildProcess.<anonymous> (/usr/src/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:184:79)
nvidia-snatcher_1  |     at ChildProcess.emit (events.js:327:22)
nvidia-snatcher_1  |     at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
nvidia-snatcher_1  | (node:6) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
nvidia-snatcher_1  | (node:6) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
nvidia-snatcher_nvidia-snatcher_1 exited with code 0```

@mr-sour
Copy link
Contributor Author

mr-sour commented Sep 22, 2020

That error you have is because of how chrome does sandboxing - seccomp:chrome.json is what supposed to fix that. Docker version and platform?

@mr-sour
Copy link
Contributor Author

mr-sour commented Sep 22, 2020

I can't reproduce the error on my machine which is why I suspect maybe its the docker version or platform your running on https://github.com/Zenika/alpine-chrome#3-ways-to-securely-use-chrome-headless-with-this-image Heres the docs on the chrome image this uses. I included the seccomp profile because otherwise you have to turn the sand box off or run the container as admin neither of which seemed very appealing to me.

Sending build context to Docker daemon  830.5kB
Step 1/17 : FROM node:14-alpine AS builder
 ---> b85fc218c00b
Step 2/17 : WORKDIR /usr/src/app
 ---> Using cache
 ---> 338126af2d2e
Step 3/17 : COPY package*.json ./
 ---> Using cache
 ---> a1f4f50817be
Step 4/17 : RUN npm ci
 ---> Using cache
 ---> bf6975c1c519
Step 5/17 : COPY tsconfig*.json ./
 ---> Using cache
 ---> 8a5063501283
Step 6/17 : COPY src src
 ---> a6fd781c813a
Step 7/17 : RUN npm run build
 ---> Running in 208d9403e090

> nvidia-snatcher@1.4.0 build /usr/src/app
> rimraf ./build && tsc

Removing intermediate container 208d9403e090
 ---> 26a9f9fa7c3f
Step 8/17 : FROM zenika/alpine-chrome:with-node
 ---> 36ddb624eb97
Step 9/17 : USER chrome
 ---> Using cache
 ---> 606b522cfb1a
Step 10/17 : ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD 1
 ---> Using cache
 ---> 64a246b886d2
Step 11/17 : ENV PUPPETEER_EXECUTABLE_PATH /usr/bin/chromium-browser
 ---> Using cache
 ---> d37c503a4216
Step 12/17 : WORKDIR /usr/src/app
 ---> Using cache
 ---> e44101c0e3b6
Step 13/17 : COPY --chown=chrome package.json package-lock.json ./
 ---> Using cache
 ---> d37879cc2919
Step 14/17 : COPY --chown=chrome tsconfig*.json ./
 ---> Using cache
 ---> 848d43e224eb
Step 15/17 : RUN npm install
 ---> Using cache
 ---> 648b7173bd4f
Step 16/17 : COPY --from=builder --chown=chrome /usr/src/app/build/ build/
 ---> 7a2d82f71f20
Step 17/17 : ENTRYPOINT [ "tini","--", "node", "build/index.js" ]
 ---> Running in 9904d9b7171e
Removing intermediate container 9904d9b7171e
 ---> b1751b40c27f
Successfully built b1751b40c27f
➜  nvidia-snatcher git:(main) vim docker-compose.yml 
➜  nvidia-snatcher git:(main) ✗ docker-compose up
Recreating nvidia-snatcher_nvidia-snacher_1 ... done
Attaching to nvidia-snatcher_nvidia-snacher_1
nvidia-snacher_1  | [3:47:26 PM] info :: ✖ [bestbuy] still out of stock: evga xc3 black```

@mr-sour
Copy link
Contributor Author

mr-sour commented Sep 22, 2020

I think I see your issue Cannot start service nvidia-snatcher: Decoding seccomp profile failed: invalid character 'c' looking for beginning of value Pretty sure you accidentally added a c maybe while you were looking at the seccomp profile ^c accident maybe? If you repull that file you should be good.

@ethanspitz
Copy link

ethanspitz commented Sep 22, 2020 via email

@mr-sour
Copy link
Contributor Author

mr-sour commented Sep 23, 2020

docker info and i'll try to see whats up. This was the worst part to figure out as I also had a bunch of issues. I even had to reset docker at one point. you can also look at running the container as admin with SYS_ADMIN but I would bet if its not working with the seccomp profile adding the admin flag wont do much. We can also maybe add a .env option to the code to pass in --no-sandbox which would then just disable it.

@andrewmackrodt
Copy link
Contributor

@mr-sour the --no-sandbox arg will be supported when #209 is merged. I'm running a headless container with this setup and it's working well. One feature which would be nice to have in this PR or another one would be a customizable screenshots directory. At the moment they're written to whatever the current working directory is, which can often be expected to be the app directory itself.

@ethanspitz
Copy link

ethanspitz commented Sep 24, 2020

docker info and i'll try to see whats up. This was the worst part to figure out as I also had a bunch of issues. I even had to reset docker at one point. you can also look at running the container as admin with SYS_ADMIN but I would bet if its not working with the seccomp profile adding the admin flag wont do much. We can also maybe add a .env option to the code to pass in --no-sandbox which would then just disable it.

Sorry for the delay, been super busy!

 Debug Mode: false

Server:
 Containers: 2
  Running: 1
  Paused: 0
  Stopped: 1
 Images: 18
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: btrfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1127.18.2.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 31.06GiB
 Name: MediaServer
 ID: JIEF:RRVJ:ZTVZ:AVB3:UMJN:TK55:4O6V:M2UL:UKL6:7ZWE:OHF2:OE4Y
 Docker Root Dir: /Media/data/docker-data
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false```

@kaysond
Copy link
Contributor

kaysond commented Oct 6, 2020

bump. this gonna get merged?

@jef
Copy link
Owner

jef commented Oct 6, 2020

Most likely not, I think #411 will supercede this, although I want a few more changes in there before this goes.

@jef jef closed this Oct 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants