agent: set https_proxy/no_proxy before initializing agent policy

When the https_proxy/no_proxy settings are configured alongside agent-policy enabled, the process of pulling image in the guest will hang. This issue could stem from the instantiation of `reqwest`’s HTTP client at the time of agent-policy initialization, potentially impacting the effectiveness of the proxy settings during image guest pulling. Given that both functionalities use `reqwest`, it is advisable to set https_proxy/no_proxy prior to the initialization of agent-policy. Fixes: #9212 Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
2025-07-30 23:06:27 +00:00 · 2024-03-18 17:41:54 +08:00 · 2024-03-18 17:41:54 +08:00 · 5bad18f9c9
commit 5bad18f9c9
parent db9f18029c
2 changed files with 30 additions and 17 deletions
--- a/src/agent/src/image.rs
+++ b/src/agent/src/image.rs
@ -70,22 +70,6 @@ impl ImageService {
        self.images.lock().await.insert(image, cid);
    }

-    /// Set proxy environment from AGENT_CONFIG
-    fn set_proxy_env_vars() {
-        if env::var("HTTPS_PROXY").is_err() {
-            let https_proxy = &AGENT_CONFIG.https_proxy;
-            if !https_proxy.is_empty() {
-                env::set_var("HTTPS_PROXY", https_proxy);
-            }
-        }
-        if env::var("NO_PROXY").is_err() {
-            let no_proxy = &AGENT_CONFIG.no_proxy;
-            if !no_proxy.is_empty() {
-                env::set_var("NO_PROXY", no_proxy);
-            }
-        }
-    }
-
    /// pause image is packaged in rootfs
    fn unpack_pause_image(cid: &str, target_subpath: &str) -> Result<String> {
        verify_id(cid).context("The guest pause image cid contains invalid characters.")?;
@ -133,7 +117,6 @@ impl ImageService {
        image_metadata: &HashMap<String, String>,
    ) -> Result<String> {
        info!(sl(), "image metadata: {image_metadata:?}");
-        Self::set_proxy_env_vars();

        //Check whether the image is for sandbox or for container.
        let mut is_sandbox = false;
@ -257,6 +240,33 @@ impl ImageService {
        }
    }
 }
+
+/// Set proxy environment from AGENT_CONFIG
+pub async fn set_proxy_env_vars() {
+    if env::var("HTTPS_PROXY").is_err() {
+        let https_proxy = &AGENT_CONFIG.https_proxy;
+        if !https_proxy.is_empty() {
+            env::set_var("HTTPS_PROXY", https_proxy);
+        }
+    }
+
+    match env::var("HTTPS_PROXY") {
+        Ok(val) => info!(sl(), "https_proxy is set to: {}", val),
+        Err(e) => info!(sl(), "https_proxy is not set ({})", e),
+    };
+
+    if env::var("NO_PROXY").is_err() {
+        let no_proxy = &AGENT_CONFIG.no_proxy;
+        if !no_proxy.is_empty() {
+            env::set_var("NO_PROXY", no_proxy);
+        }
+    }
+    match env::var("NO_PROXY") {
+        Ok(val) => info!(sl(), "no_proxy is set to: {}", val),
+        Err(e) => info!(sl(), "no_proxy is not set ({})", e),
+    };
+}
+
 #[cfg(test)]
 mod tests {
    use super::ImageService;
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@ -351,6 +351,9 @@ async fn start_sandbox(
        s.rtnl.handle_localhost().await?;
    }

+    #[cfg(feature = "guest-pull")]
+    image::set_proxy_env_vars().await;
+
    // - When init_mode is true, enabling the localhost link during the
    //   handle_localhost call above is required before starting OPA with the
    //   initialize_policy call below.