search

VictoriaMetrics / VictoriaMetrics

VictoriaMetrics: fast, cost-effective monitoring solution and time series database
https://victoriametrics.com/
Apache License 2.0
10.96k stars 1.1k forks source link

vmbackup httpAuth 401 #6174

Closed RKO1337 closed 3 weeks ago

RKO1337 commented 3 weeks ago

Describe the bug

When creating a snapshot with vmbackup and victoriametrics single node using httpAuth a http 401 error is returned.

To Reproduce

Create a snapshot with httpAuth enabled.

vmbackup-prod -storageDataPath=/data/victoriametrics-server -snapshot.createURL=https://vm.fqdn:8428/snapshot/create -httpAuth.username=xxxx-httpAuth.password=file:///etc/victoriametrics/httpauth.password -dst=fs:///data/snapshots/victoriametrics-server

Version

vmbackup-prod -version vmbackup-20240411-145841-tags-v1.100.1-0-g9ee51e34

victoria-metrics-prod -version victoria-metrics-20240411-145756-tags-v1.100.1-0-g9ee51e34c

Logs

vmbackup-prod -storageDataPath=/data/victoriametrics-server -snapshot.createURL=https://vm.fqdn:8428/snapshot/create -httpAuth.username=xxxx-httpAuth.password=file:///etc/victoriametrics/httpauth.password -dst=fs:///data/snapshots/victoriametrics-server
2024-04-23T12:37:49.440Z        info    VictoriaMetrics/lib/logger/flag.go:12   build version: vmbackup-20240411-145841-tags-v1.100.1-0-g9ee51e34c
2024-04-23T12:37:49.441Z        info    VictoriaMetrics/lib/logger/flag.go:13   command-line flags
2024-04-23T12:37:49.441Z        info    VictoriaMetrics/lib/logger/flag.go:20     -dst="fs:///data/snapshots/victoriametrics-server"
2024-04-23T12:37:49.442Z        info    VictoriaMetrics/lib/logger/flag.go:20     -httpAuth.password="secret"
2024-04-23T12:37:49.442Z        info    VictoriaMetrics/lib/logger/flag.go:20     -httpAuth.username="xxxx"
2024-04-23T12:37:49.443Z        info    VictoriaMetrics/lib/logger/flag.go:20     -snapshot.createURL="secret"
2024-04-23T12:37:49.443Z        info    VictoriaMetrics/lib/logger/flag.go:20     -storageDataPath="/data/victoriametrics-server"
2024-04-23T12:37:49.444Z        info    VictoriaMetrics/app/vmbackup/main.go:67 Snapshot create url https://vm.fqdn:8428/snapshot/create
2024-04-23T12:37:49.444Z        info    VictoriaMetrics/app/vmbackup/main.go:78 Snapshot delete url https://vm.fqdn:8428/snapshot/delete
2024-04-23T12:37:49.445Z        info    VictoriaMetrics/lib/snapshot/snapshot.go:32     Creating snapshot
2024-04-23T12:37:49.499Z        fatal   VictoriaMetrics/app/vmbackup/main.go:82 cannot create snapshot: unexpected status code returned from "https://vm.fqdn:8428/snapshot/create": 401; expecting 200; response body: "\n

Screenshots

No response

Used command-line flags

/usr/local/bin/victoria-metrics-prod -httpListenAddr=:8428 -storageDataPath /data/victoriametrics-server -retentionPeriod 720 -selfScrapeInterval 60s -promscrape.config /etc/victoriametrics/promscrape-server.yaml -promscrape.fileSDCheckInterval=10s -tls=true -tlsCertFile=/etc/ssl/private/wildcard.combo -tlsKeyFile=/etc/ssl/private/wildcard.key -tlsMinVersion=TLS13 -httpAuth.username=xxxx -httpAuth.password=file:///etc/victoriametrics/httpauth.password

Additional information

No response

dmitryk-dk commented 3 weeks ago

Hi @RKO1337! As far as I can see, you have specified tls in the storage, but you didn't provide that specification for the VM backup. When vmbackup tried to create a snapshot without tls flags, it got a 401 response code. 

// create Transport
    tr, err := httputils.Transport(createSnapshotURL, *tlsCertFile, *tlsKeyFile, *tlsCAFile, *tlsServerName, *tlsInsecureSkipVerify)
    if err != nil {
        return "", err
    }
    hc := &http.Client{Transport: tr}

You need to specify the tls flags in your vmbackup service https://docs.victoriametrics.com/vmbackup/#command-line-flags

RKO1337 commented 3 weeks ago

Thanks for your reply @dmitryk-dk. Yes, storage is configured with tls and httpAuth.

But vmbackup should be able to connect with with the supplied httpAuth.password and httpAuth.username.

For example a curl with username and password works as expected.

curl -u 'xxxx:xxxx'  https://vm.fqdn:8428/snapshot/create
{"status":"ok","snapshot":"20240424095325-17C8E8A10D930F2D"}
dmitryk-dk commented 3 weeks ago

Thanks for your replay @dmitryk-dk. Yes, storage is configured with tls and httpAuth.

But vmbackup should be able to connect with with the supplied httpAuth.password and httpAuth.username.

For example a curl with username and password works as expected.

curl -u 'xxxx:xxxx'  https://vm.fqdn:8428/snapshot/create
{"status":"ok","snapshot":"20240424095325-17C8E8A10D930F2D"}

If you want to use httpAuth from the vmbackup, you should specify user and password in the snapshot.createURL flag

RKO1337 commented 3 weeks ago

Thanks, I was able to create the snapshot vmbackup-prod -storageDataPath=/data/victoriametrics-server -snapshot.createURL='https://<user>:<password>@vm.fqdn:8428/snapshot/create' -dst=fs:///data/snapshots/victoriametrics-server