-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https client timeout error on native image #2335
Comments
Thanks for reporting the issue. We're aware of it and we're working with the Amazon team to fix it. Hopefully we will have a solution soon. |
Good to know. Thanks! |
I've been trying to deploy a Micronaut app that uses the HttpClient to call an external HTTPS API as a Graal app in Lambda for a while. I've done a lot of tests and I still not sure where is the problem or who is the culprit. I've been doing a lot of tests and trying different things and I still don't know where is the problem or who is the culprit. I used Graal One final thing I've tried is to deploy the Micronaut application but in create another action in the controller that doesn't use HTTP Client (ilopmar/chuck-norris-facts-mn-graal-function@560a7b7):
That works, so the issue is something related to Netty SSL and Graal (or Micronaut), but not sure exactly where it is. It works in a Micronaut app compiled as native-image, it works deployed to sam local, but it fails when deployed to Lambda...Is it a Netty SSL issue in GraalVM? Is it a Netty issue because of how we use it in Micronaut? Is it something related to Netty and AWS Lambda? And also why did it work with the dev version once and now it doesn't work anymore?... I'm attaching 4 log files:
In all the logs (even the one that works) there are errors regarding Netty |
The following log aws-lambda-ok-20.0.0.log is for the only execution that worked with Graal
Between all those lines there are a lot of Netty and Micronaut HttpClient
Maybe the actual root cause is because of |
I've set the log level to trace for both Netty and Micronaut and I see the same errors in the standalone application. It works, but the errors are still there log-standalone.txt. @graemerocher do you think it's worth it opening a issue in GraalVM tracker or is it better to take a look first in Micronaut? I ask because the following errors are because of
|
those are debug level errors and are a Netty optimization that is not required for Netty to operate normally so are unrelated. Since it only fails in the lambda environment the issue is almost certainly to do with how security services are setup for the amazon linux image. |
HI all, I ran some tests with the example code. Based on my tests, it looks like is going wrong with Netty and GraalVM. I'm not sure whether it's the native image tool or substrate VM itself. I have not yet tested with a GraalVM custom runtime. List of tests and outcome below. Few notes:
... I'll keep digging, just wanted to give an update in case you have seen this type of issue before |
@sapessi Thanks for the update. Is there anything we can do to help you with this? |
I think I figured out what the issue is. The Netty class Because Netty is defaulting to On a local environment the values are consistent, which explains why local testing works fine, whereas the opposite is true for Lambda where the runtime is fresh on every function update, so Lambda would be more susceptible to the problem even though there doesn't appear to be anything Lambda specific to it. There is a straightforward fix to over-ride the initialization phase for this class (and two dependent classes) in the
if you can update your test to verify? |
I have updated example with options However it seems to have no effect, the same timeout exception is raised. I also think that if these options would be the reason, then these timeouts would reproducable for I tested it on graal 2.1. Exception trace is the same as in description. |
@mkairys-tru That is unfortunate, is it possible that there are multiple issues at play here? I altered the to
and instead of
i now get
as expected (I did have to make some additional changes to deserialize the activity correctly) - does that match what you tried? Hopefully @ilopmar will be able to verify which behavior he sees with this change also, and we can solve the second issue. |
@petermd Thanks for digging into this, we will take a look at verifying what you are seeing on our side |
Sorry for the delay testing this. I can confirm that it works! Kudos @petermd 🎉 I've updated my test application (https://github.com/ilopmar/chuck-norris-facts-mn-graal-function) to include the configuration you mentioned and I've also upgraded it to GraalVM 19.3.1 and Micronaut 1.2.10 and everything works as expected when deployed to AWS Lambda :-) Regarding the configuration you pass to
You don't need to add Line 2 in 9ac3e40
The option --enable-all-security-services is already enabled when using https according to https://github.com/oracle/graal/blob/master/substratevm/JCA-SECURITY-SERVICES.md#jca-security-services-on-substrate-vm
Finally I'm not really sure about |
I've also submitted a PR to Netty to include that options: netty/netty#9963 |
Glad that worked @ilopmar, and thanks for the info on the other native-image options, these were the original ones in the demo app and I had not audited them. FYI I had already opened an issue with Netty (netty/netty#9928) with a similar proposed change, but based on the comment on your PR there is at least one more usage of |
Motivation: Deploying a Micronaut application as GraalVM native image to AWS Lambda with custom runtime fails when using Micronaut Http Client. This PR initializes at runtime some classes needed to fix the issue. There is more information in our original issue in Micronaut micronaut-projects/micronaut-core#2335 (comment) At this moment I've added those classes into Micronaut (micronaut-projects/micronaut-core@b383d3a) as a workaround but this should be included in Netty so it's available for everyone. Modification: Mark 3 classes to be initialized at runtime for GraalVM. Result: Mark 3 classes to be initialized at runtime for GraalVM.
Motivation: Deploying a Micronaut application as GraalVM native image to AWS Lambda with custom runtime fails when using Micronaut Http Client. This PR initializes at runtime some classes needed to fix the issue. There is more information in our original issue in Micronaut micronaut-projects/micronaut-core#2335 (comment) At this moment I've added those classes into Micronaut (micronaut-projects/micronaut-core@b383d3a) as a workaround but this should be included in Netty so it's available for everyone. Modification: Mark 3 classes to be initialized at runtime for GraalVM. Result: Mark 3 classes to be initialized at runtime for GraalVM.
@petermd I didn't see your issue and PR, sorry about that. The Netty team already merged my PR. The fix on Micronaut is included in 1.3.0.RC1 and once Netty 4.1.46 is released I'll upgrade Micronaut to use it and remove my fix. Thanks for your help! 💯 |
…9963) Motivation: Deploying a Micronaut application as GraalVM native image to AWS Lambda with custom runtime fails when using Micronaut Http Client. This PR initializes at runtime some classes needed to fix the issue. There is more information in our original issue in Micronaut micronaut-projects/micronaut-core#2335 (comment) At this moment I've added those classes into Micronaut (micronaut-projects/micronaut-core@b383d3a) as a workaround but this should be included in Netty so it's available for everyone. Modification: Mark 3 classes to be initialized at runtime for GraalVM. Result: Mark 3 classes to be initialized at runtime for GraalVM.
Declarative http client calls fails on any
https
url's when built on native image with exception:io.micronaut.http.client.exceptions.HttpClientException: Connect Error: connection timed out
There is no such problem with
http
urls.I am providing link to example application build from template
mn create-app my-app --features aws-api-gateway-graal
and following extensions:ExampleController
extended to callhttps
API by using declarative http clientnative-image
options -H:EnableURLProtocols=http,https --enable-all-security-services -H:+JNITask List
Steps to Reproduce
mn create-app my-app --features aws-api-gateway-graal
(found in docs underCustom GraalVM Native Runtimes
in https://micronaut-projects.github.io/micronaut-aws/latest/guide/#customRuntimes)ExampleController
to use declarative http client for calling anyhttps
API/URLExpected Behaviour
No error should happen
Actual Behaviour
ExampleController
https call results in error:Environment Information
Example Application
The text was updated successfully, but these errors were encountered: