offen/docker-volume-backup

Hard to understand error message during exec

pixxon opened this issue · 3 comments

Describe the bug

Fatal error running backup: withLabeledCommands: archive: error running pre commands: runLabeledCommands: error from errgroup: runLabeledCommands: error executing command: exec: error demultiplexing output: Unrecognized input header: 60

To Reproduce
Steps to reproduce the behavior:

volumes:
  postgresql_db:

services:
  postgres:
    image: postgres:12.16-alpine3.18
    volumes:
      - type: volume
        source: postgresql_db
        target: /var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: something
      POSTGRES_USER: postgres
      POSTGRES_DB: postgres
    labels:
      docker-volume-backup.exec-label: database
      docker-volume-backup.archive-pre: /bin/sh -c 'pg_dumpall -U postgres > /var/lib/postgresql/data/backup.sql'
      docker-volume-backup.archive-post: /bin/sh -c 'rm /var/lib/postgresql/data/backup.sql'

  minio_backup:
    image: offen/docker-volume-backup:v2.36.1
    environment:
      EXEC_LABEL: database
      DOCKER_HOST: tcp://docker_socket_proxy:2375
    volumes:
      - type: volume
        source: postgresql_db
        target: /backup
        read_only: true

  docker_socket_proxy:
    image: tecnativa/docker-socket-proxy:0.1
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
    environment:
      CONTAINERS: 1
      SERVICES: 1
      INFO: 1
      POST: 1
      TASKS: 1
      NODES: 1
#      EXEC: 1

Expected behavior
Clear error message that EXEC permission is missing.

Version (please complete the following information):

  • Image Version: v2.36.1
  • Docker Version: 25.0.1

Additional context
This is mostly just to help out other people if they run into the given error above. With the missing EXEC permission, the socket proxy returns <html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html> and to no surprise < has the ASCII value of 60, see in the error above.

@m90 I think you can just close this issue as "Works by Design". The documentation clearly states to add EXEC permissions. I just opened it so there are at least some hits regarding the Unrecognized input header: 60, as it was quite hard to diagnose the issue once I made the copy paste mistake of not adding EXEC.

Alternativaly it could be possible to read the entire stream and only demux it later. And if the demux fails, print the content of the stream, so the error message would clearly show the forbidden request.

m90 commented

I've also had similar problems with the exec output before, so maybe looking into if this can be improved is worth it. The current code that does it is mostly just copied over from the Moby test suite without thinking about it too much.

I'll leave the issue open and see if I can go on a spelunking excursion in the relevant parts soon.

m90 commented

I improved this in #379. I don't think this warrants a new release, but I'll definitely include it in the next one. Thanks for pointing it out.