Skip to content

Install FerrumPDF browser dependencies#1060

Merged
mkllnk merged 2 commits into
openfoodfoundation:masterfrom
chahmedejaz:task/1059-install-ferrum-pdf-browser-dependencies
May 13, 2026
Merged

Install FerrumPDF browser dependencies#1060
mkllnk merged 2 commits into
openfoodfoundation:masterfrom
chahmedejaz:task/1059-install-ferrum-pdf-browser-dependencies

Conversation

@chahmedejaz

@chahmedejaz chahmedejaz commented May 10, 2026

Copy link
Copy Markdown
Contributor

What changed and why

Ferrum/FerrumPDF requires a Chrome browser binary for headless PDF rendering, unlike wkhtmltopdf which bundled its own rendering engine.

This PR adds a dedicated Ansible chrome role to install Google Chrome and required runtime libraries on provisioned environments. This ensures Ferrum-based PDF rendering works consistently outside CI, including staging and production servers.

Changes

  • Added new chrome Ansible role
  • Installed google-chrome-stable from the official Google repository
  • Added required headless Chrome runtime dependencies:
    • libgbm1
    • libxshmfence1
  • Wired the role into playbooks/provision.yml

Required By

@github-project-automation github-project-automation Bot moved this to All the things 💤 in OFN Delivery board May 10, 2026
@sigmundpetersen sigmundpetersen moved this from All the things 💤 to In Progress ⚙ in OFN Delivery board May 10, 2026
@chahmedejaz chahmedejaz moved this from In Progress ⚙ to Code review 🔎 in OFN Delivery board May 10, 2026
@chahmedejaz chahmedejaz marked this pull request as ready for review May 10, 2026 18:50
@chahmedejaz chahmedejaz self-assigned this May 10, 2026
@chahmedejaz chahmedejaz changed the title Add Chrome role for Ferrum PDF rendering dependencies Install FerrumPDF browser dependencies May 10, 2026

@rioug rioug left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@dacook dacook self-requested a review May 11, 2026 01:48

@dacook dacook left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work, thanks for sorting this out.
I wondered if Chromium would be a better option because it is open-source, but I don't know that it would make much difference.

I also wonder if this will consume more resources for PDF generation than before, but have no idea. We will see!

I would just like to also get @mkllnk's review so he is aware of it.

Comment thread roles/chrome/tasks/main.yml Outdated
- libgbm1 # GPU buffer management, required even in headless mode
- libxshmfence1 # Shared memory fences for X11 shm rendering
state: present
become: yes

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have thought that the chrome package would have published these dependencies so that apt could automatically install them.
Oh well, thanks for making this work 👍

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess that these dependencies are only needed when you try to run it without a desktop.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly 👍

@dacook dacook requested a review from mkllnk May 11, 2026 01:57
Comment thread roles/chrome/tasks/main.yml Outdated
Comment on lines +7 to +23
- name: add google chrome signing key
apt_key:
url: https://dl-ssl.google.com/linux/linux_signing_key.pub
become: yes

- name: add google chrome repository
apt_repository:
repo: "deb http://dl.google.com/linux/chrome/deb/ stable main"
filename: google-chrome
become: yes

- name: install google chrome stable
apt:
name: google-chrome-stable
state: present
update_cache: yes
become: yes

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we use Chromium? Then we don't need an additional repository.

@chahmedejaz

chahmedejaz commented May 11, 2026

Copy link
Copy Markdown
Contributor Author

@mkllnk @dacook - I think we should be able to use Chromium as well. I added Chrome here because it was already present on my machine, so I tested with it, and FerrumPDF worked as expected with it. Moreover, I thought it's well maintained and would be more stable for production. 😅

Please let me know if you'd like me to try Chromium instead and update the PR accordingly. Thanks.

@mkllnk

mkllnk commented May 12, 2026

Copy link
Copy Markdown
Member

I've got only Chromium installed on my machine and I can generate PDFs with FerrumPdf. Chromium and Chrome share the same code and therefore I would expect similar quality. I think that we should go for completely open source when it's easy and in this case it seems even easier than installing Chrome.

@chahmedejaz

Copy link
Copy Markdown
Contributor Author

Sure, makes sense @mkllnk. I'll update the PR and get back. Thanks 👍🏻

@rioug rioug moved this from Code review 🔎 to In Progress ⚙ in OFN Delivery board May 13, 2026
@chahmedejaz chahmedejaz moved this from In Progress ⚙ to Code review 🔎 in OFN Delivery board May 13, 2026
@mkllnk mkllnk merged commit de9b72e into openfoodfoundation:master May 13, 2026
5 of 8 checks passed
@github-project-automation github-project-automation Bot moved this from Code review 🔎 to Done in OFN Delivery board May 13, 2026
@mkllnk

mkllnk commented May 21, 2026

Copy link
Copy Markdown
Member

@chahmedejaz, I wanted to apply this to all production servers now because the FerrumPDF PR is tested and ready for merging. First I tried to run this against the staging servers but it failed on some, e.g. uk_staging. It looks like there's another PPS for ffmpeg4 on au_staging that is needed but not installed by this role. And on fr_staging that PPA wasn't needed as libpipewire-0.3 is supplied by the Ubuntu sources.

It looks like uk_staging has Ubuntu's extended security support enabled and those servers don't serve the newer version of libpipewire. I thought you installed it on all staging servers? Did I get that wrong?

Now looking at au_prod, it doesn't have ESM but it also doesn't have the new libpipewire available.

By the way, I didn't need secrets to run only this role because it doesn't use any secrets:

ansible-playbook -l uk_staging -t chromium playbooks/provision.yml

In order to resolve this quickly, I added the ppa that was on au-staging and I'm applying it to production servers. Several failed at first:

  • fr
  • be
  • in
  • nz

Now working through them. ... The common problem seems to be outdated apt sources. I deactivated the ones that didn't work. We need to replace our servers soon anyway.

@chahmedejaz

chahmedejaz commented May 21, 2026

Copy link
Copy Markdown
Contributor Author

Thanks @mkllnk for picking this up and going through this.

I think we had a discussion on it in recent delivery circle that it's not installed on UK. Ref meeting notes: https://community.openfoodnetwork.org/t/delivery-circle-20th-may-2026/3958

I'm about to work on it hopefully today. I'll add the missing ppa in the role as well for consistency.

Anyway, thank you so much for going through this. ♥️

Edit: Just saw, you have already addressed this in the role. Thanks 👍🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

Install FerrumPDF browser dependencies

5 participants