From 5bad18f9c96d2676a5f5353f699e752fbf4ef3b6 Mon Sep 17 00:00:00 2001 From: ChengyuZhu6 Date: Mon, 18 Mar 2024 17:41:54 +0800 Subject: [PATCH] agent: set https_proxy/no_proxy before initializing agent policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the https_proxy/no_proxy settings are configured alongside agent-policy enabled, the process of pulling image in the guest will hang. This issue could stem from the instantiation of `reqwest`’s HTTP client at the time of agent-policy initialization, potentially impacting the effectiveness of the proxy settings during image guest pulling. Given that both functionalities use `reqwest`, it is advisable to set https_proxy/no_proxy prior to the initialization of agent-policy. Fixes: #9212 Signed-off-by: ChengyuZhu6 --- src/agent/src/image.rs | 44 ++++++++++++++++++++++++++---------------- src/agent/src/main.rs | 3 +++ 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/agent/src/image.rs b/src/agent/src/image.rs index a186f4b653..4ca37af70c 100644 --- a/src/agent/src/image.rs +++ b/src/agent/src/image.rs @@ -70,22 +70,6 @@ impl ImageService { self.images.lock().await.insert(image, cid); } - /// Set proxy environment from AGENT_CONFIG - fn set_proxy_env_vars() { - if env::var("HTTPS_PROXY").is_err() { - let https_proxy = &AGENT_CONFIG.https_proxy; - if !https_proxy.is_empty() { - env::set_var("HTTPS_PROXY", https_proxy); - } - } - if env::var("NO_PROXY").is_err() { - let no_proxy = &AGENT_CONFIG.no_proxy; - if !no_proxy.is_empty() { - env::set_var("NO_PROXY", no_proxy); - } - } - } - /// pause image is packaged in rootfs fn unpack_pause_image(cid: &str, target_subpath: &str) -> Result { verify_id(cid).context("The guest pause image cid contains invalid characters.")?; @@ -133,7 +117,6 @@ impl ImageService { image_metadata: &HashMap, ) -> Result { info!(sl(), "image metadata: {image_metadata:?}"); - Self::set_proxy_env_vars(); //Check whether the image is for sandbox or for container. let mut is_sandbox = false; @@ -257,6 +240,33 @@ impl ImageService { } } } + +/// Set proxy environment from AGENT_CONFIG +pub async fn set_proxy_env_vars() { + if env::var("HTTPS_PROXY").is_err() { + let https_proxy = &AGENT_CONFIG.https_proxy; + if !https_proxy.is_empty() { + env::set_var("HTTPS_PROXY", https_proxy); + } + } + + match env::var("HTTPS_PROXY") { + Ok(val) => info!(sl(), "https_proxy is set to: {}", val), + Err(e) => info!(sl(), "https_proxy is not set ({})", e), + }; + + if env::var("NO_PROXY").is_err() { + let no_proxy = &AGENT_CONFIG.no_proxy; + if !no_proxy.is_empty() { + env::set_var("NO_PROXY", no_proxy); + } + } + match env::var("NO_PROXY") { + Ok(val) => info!(sl(), "no_proxy is set to: {}", val), + Err(e) => info!(sl(), "no_proxy is not set ({})", e), + }; +} + #[cfg(test)] mod tests { use super::ImageService; diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs index 468efaa226..e79ec6fb35 100644 --- a/src/agent/src/main.rs +++ b/src/agent/src/main.rs @@ -351,6 +351,9 @@ async fn start_sandbox( s.rtnl.handle_localhost().await?; } + #[cfg(feature = "guest-pull")] + image::set_proxy_env_vars().await; + // - When init_mode is true, enabling the localhost link during the // handle_localhost call above is required before starting OPA with the // initialize_policy call below.