github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-08 03:24:15 +00:00
Code Issues Projects Releases Wiki Activity

agent: set https_proxy/no_proxy before initializing agent policy

Browse Source 
When the https_proxy/no_proxy settings are configured alongside agent-policy enabled, the process of pulling image in the guest will hang.
This issue could stem from the instantiation of `reqwest`’s HTTP client at the time of agent-policy initialization,
potentially impacting the effectiveness of the proxy settings during image guest pulling.
Given that both functionalities use `reqwest`, it is advisable to set https_proxy/no_proxy prior to the initialization of agent-policy.

Fixes: #9212

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
This commit is contained in:
ChengyuZhu6 2024-03-18 17:41:54 +08:00 committed by Fabiano Fidêncio
parent db9f18029c
commit 5bad18f9c9
No known key found for this signature in database
GPG Key ID: EE926C2BDACC177B
2 changed files with 30 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/agent/src/image.rs
View File

@ -70,22 +70,6 @@ impl ImageService {
self.images.lock().await.insert(image, cid); self.images.lock().await.insert(image, cid);
} }
/// Set proxy environment from AGENT_CONFIG
fn set_proxy_env_vars() {
if env::var("HTTPS_PROXY").is_err() {
let https_proxy = &AGENT_CONFIG.https_proxy;
if !https_proxy.is_empty() {
env::set_var("HTTPS_PROXY", https_proxy);
}
}
if env::var("NO_PROXY").is_err() {
let no_proxy = &AGENT_CONFIG.no_proxy;
if !no_proxy.is_empty() {
env::set_var("NO_PROXY", no_proxy);
}
}
}
/// pause image is packaged in rootfs /// pause image is packaged in rootfs
fn unpack_pause_image(cid: &str, target_subpath: &str) -> Result<String> { fn unpack_pause_image(cid: &str, target_subpath: &str) -> Result<String> {
verify_id(cid).context("The guest pause image cid contains invalid characters.")?; verify_id(cid).context("The guest pause image cid contains invalid characters.")?;
@ -133,7 +117,6 @@ impl ImageService {
image_metadata: &HashMap<String, String>, image_metadata: &HashMap<String, String>,
) -> Result<String> { ) -> Result<String> {
info!(sl(), "image metadata: {image_metadata:?}"); info!(sl(), "image metadata: {image_metadata:?}");
Self::set_proxy_env_vars();
//Check whether the image is for sandbox or for container. //Check whether the image is for sandbox or for container.
let mut is_sandbox = false; let mut is_sandbox = false;
@ -257,6 +240,33 @@ impl ImageService {
} }
} }
} }
/// Set proxy environment from AGENT_CONFIG
pub async fn set_proxy_env_vars() {
if env::var("HTTPS_PROXY").is_err() {
let https_proxy = &AGENT_CONFIG.https_proxy;
if !https_proxy.is_empty() {
env::set_var("HTTPS_PROXY", https_proxy);
}
}
match env::var("HTTPS_PROXY") {
Ok(val) => info!(sl(), "https_proxy is set to: {}", val),
Err(e) => info!(sl(), "https_proxy is not set ({})", e),
};
if env::var("NO_PROXY").is_err() {
let no_proxy = &AGENT_CONFIG.no_proxy;
if !no_proxy.is_empty() {
env::set_var("NO_PROXY", no_proxy);
}
}
match env::var("NO_PROXY") {
Ok(val) => info!(sl(), "no_proxy is set to: {}", val),
Err(e) => info!(sl(), "no_proxy is not set ({})", e),
};
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::ImageService; use super::ImageService;

3
src/agent/src/main.rs
View File

@ -351,6 +351,9 @@ async fn start_sandbox(
s.rtnl.handle_localhost().await?; s.rtnl.handle_localhost().await?;
} }
#[cfg(feature = "guest-pull")]
image::set_proxy_env_vars().await;
// - When init_mode is true, enabling the localhost link during the // - When init_mode is true, enabling the localhost link during the
// handle_localhost call above is required before starting OPA with the // handle_localhost call above is required before starting OPA with the
// initialize_policy call below. // initialize_policy call below.