Closed rmi1974 closed 1 week ago
Hello @proudier, do you think this issue might be related to your PR https://github.com/Tecnativa/docker-socket-proxy/pull/130?
I can reproduce the described behavior on my machine.
I think the problem lies with the connection hijacking that takes place in some parts of the API.
With docker-socket-proxy v0.1.2 (HAproxy 2), the connection is successfully upgraded to tcp
and the server can stream back the necessary information. With docker-socket-proxy v0.2.0 (HAproxy 3), the connection upgrade is refused. Im unsure yet why the upgrade is refused. As Im no HAproxy wizard, I need to dig in more. I'll keep you updated.
Also, all docker commands that rely on the hijacking are probably also affected (eg. attach
) but I haven't tested.
The call to start an exec instance (/v1.46/exec/{id}/start
) returns HTTP 200 with v0.2.0 but HTTP 101 with v0.1.2.
When the docker exec
command succeeds (with v0.1.2), the Docker client asks for a connection upgrade to tcp (note the Connection
& Upgrade
headers and HTTP 101 response code)
Hypertext Transfer Protocol
POST /v1.46/exec/b847952920a39598283d724f25b50854a1192820f49fddabbb2f4960176a4b81/start HTTP/1.1\r\n
Host: localhost:2375\r\n
User-Agent: Docker-Client/27.1.1 (linux)\r\n
Content-Length: 29\r\n
Connection: Upgrade\r\n
Content-Type: application/json\r\n
Upgrade: tcp\r\n
\r\n
[Full request URI: http://localhost:2375/v1.46/exec/b847952920a39598283d724f25b50854a1192820f49fddabbb2f4960176a4b81/start]
[HTTP request 1/1]
[Response in frame: 194]
File Data: 29 bytes
Hypertext Transfer Protocol
HTTP/1.1 101 UPGRADED\r\n
content-type: application/vnd.docker.multiplexed-stream\r\n
connection: Upgrade\r\n
upgrade: tcp\r\n
api-version: 1.46\r\n
docker-experimental: false\r\n
ostype: linux\r\n
server: Docker/27.1.1 (linux)\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.000265220 seconds]
[Request in frame: 192]
[Request URI: http://localhost:2375/v1.46/exec/b847952920a39598283d724f25b50854a1192820f49fddabbb2f4960176a4b81/start]
Then the server streams some data, which correspond to the output of the command invoked via docker exec
.
When the docker exec
command fails (with v0.2.0), the connection upgrade is refused (ie. response is HTTP 200)
Hypertext Transfer Protocol
POST /v1.46/exec/82f2bb8c4de5657d287e2adcc723d18dadcda03ff4eada162512fbf43759c04b/start HTTP/1.1\r\n
Host: localhost:2375\r\n
User-Agent: Docker-Client/27.1.1 (linux)\r\n
Content-Length: 29\r\n
Connection: Upgrade\r\n
Content-Type: application/json\r\n
Upgrade: tcp\r\n
\r\n
[Full request URI: http://localhost:2375/v1.46/exec/82f2bb8c4de5657d287e2adcc723d18dadcda03ff4eada162512fbf43759c04b/start]
[HTTP request 1/1]
[Response in frame: 32]
File Data: 29 bytes
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
content-type: application/vnd.docker.raw-stream\r\n
api-version: 1.46\r\n
docker-experimental: false\r\n
ostype: linux\r\n
server: Docker/27.1.1 (linux)\r\n
connection: close\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.027070572 seconds]
[Request in frame: 24]
[Request URI: http://localhost:2375/v1.46/exec/82f2bb8c4de5657d287e2adcc723d18dadcda03ff4eada162512fbf43759c04b/start]
Same problem here. If I change image: tecnativa/docker-socket-proxy:latest
to image: tecnativa/docker-socket-proxy:0.1.2
in my Docker Compose file it suddenly works again. Otherwise, I get the mentioned error.
Revert to the previous HAProxy version is in progress in #136, so it should reset the situation to the original one.
We have reverted to previous version of HAProxy, so this problem shouldn't be anymore.
FYI, the HAProxy team fixed the issue and it should be available in HAProxy 3.1. I gave it a quick look and it seem to work! :tada:
Thanks for the follow up. You can propose the upgrade when it's released.
Hello folks,
I've noticed that 'docker exec' is broken after upgrade from v0.1.2 to v0.2.0.
I use scripts to remotely execute commands on different docker hosts hence having this basic functionality working is important for me.
v0.1.2 working:
Container log:
With upgrade to v0.2.0 (or edge/latest) image it broke:
Container log:
From my limited testing it seems to only affect 'exec'. Other docker commands still work. Still it's a breaking regression for me, forcing me to downgrade.
Regards