Make daemon proxy settings configurable through daemon.json#42647
Make daemon proxy settings configurable through daemon.json#42647aiordache wants to merge 1 commit intomoby:masterfrom
Conversation
There was a problem hiding this comment.
Hm.. but this only changes what's shown in docker info, but not actually configures the daemon to use these proxies? 🤔
FWIW, default behavior; https://github.com/golang/go/blob/912f0750472dd4f674b69ca1616bfaf377af1805/src/net/http/transport.go#L422-L441 / https://github.com/golang/go/blob/912f0750472dd4f674b69ca1616bfaf377af1805/src/net/http/transport.go#L43-L54
(and we are using https://github.com/docker/go-connections for some central/default configuration, which may be relevant)
There was a problem hiding this comment.
Ah, right. Guess this is the "magic" bit
There was a problem hiding this comment.
Looking at this again, I think we should do this explicitly. Currently, setting the option relies on a side-effect of getEnvOrConfig() (and thus a side effect of daemon.SystemInfo(). I think it will be clearer to perform this step in the code that starts the daemon (after we did the initial validation of the daemon's configuration).
aiordache
force-pushed
the
proxy_daemon_config
branch
from
e12b75b to
05e3527
Compare
Signed-off-by: Anca Iordache <[email protected]>
|
Honestly having a really hard time understanding the justification here -- why not use the frankly pretty well standardized environment variables instead? |
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
Thanks! Sorry for the late reply on this one. I started a review, and had a branch with changes, but didn't post it, and had to rebase my branch to still work against master. Let me know if you want to take my branch or if I should push it as a separate PR (I left some commits un-squashed to explain the steps, and should probably squash those); https://github.com/moby/moby/compare/master...thaJeztah:proxy_daemon_config_carry?expand=1
| HTTPProxy: maskCredentials(getEnvOrConfig(daemon.configStore.HTTPProxy, "HTTP_PROXY", "http_proxy")), | ||
| HTTPSProxy: maskCredentials(getEnvOrConfig(daemon.configStore.HTTPSProxy, "HTTPS_PROXY", "https_proxy")), |
There was a problem hiding this comment.
We should make sure that these values are sanitised in other places as well;
- the daemon prints an error message when it finds conflicting options (options passed both on the command-line and in the daemon.json), which contains the values for both.
- when reloading the daemon configuration (
kill -s HUP ..), the daemon's active configuration is printed.
Unfortunately it's a bit more involved to do so;
- the
maskCredentials()utility is not exported, so can't be used in some of those locations - in the
SIGHUP/ reload case, we marshal the whole config as JSON; sanitising the value will alter the actual config, so we need to either do a deep copy of the config, or we can extract the proxy-configuration fields to an embedded struct, and override.
| func getEnvOrConfig(config string, env ...string) string { | ||
| val := getEnvAny(env...) | ||
| if val != "" { | ||
| return val | ||
| } |
There was a problem hiding this comment.
The order in which we consider these options looks to be incorrect. I think the order of precedence is; (daemon.json | daemon flags) > env-vars. In other words; if a proxy is configured either as a command-line flag (--https-proxy) or through the daemon.json, it should override any env-var that's set.
There was a problem hiding this comment.
Looking at this again, I think we should do this explicitly. Currently, setting the option relies on a side-effect of getEnvOrConfig() (and thus a side effect of daemon.SystemInfo(). I think it will be clearer to perform this step in the code that starts the daemon (after we did the initial validation of the daemon's configuration).
thaJeztah
added
area/daemon
To follow up on this thought, the answer is Windows, where adding a variable to a service is anything but straightforward. 😬 |
|
Carrying these changes with my review suggestions in #42835 |
4 participants
fixes #24758
Added proxy properties to daemon configuration (config file and dockerd flags).
- How to verify it