Bug 1682970
| Summary: | [RFE] Default location of setting up HTTP_Proxy for podman | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Suhaas Bhat <subhat> |
| Component: | podman | Assignee: | Jindrich Novy <jnovy> |
| Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | bsawyers, bward, dornelas, dwalsh, dwoodruf, fedoraproject, fkluknav, igreen, jhunsaker, jligon, jnovy, lsm5, mheon, subhat, tsweeney, vrothber, ypu |
| Target Milestone: | rc | Keywords: | FutureFeature, Reopened |
| Target Release: | 8.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 03:05:10 UTC | Type: | Enhancement |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1186913, 1804543 | ||
|
Description
Suhaas Bhat
2019-02-26 01:08:46 UTC
Where do you think they should be added? These needed to be added to the environment of the user running podman. /etc/profiles.d Might be the location? Do you think we should document this in the man pages? Suhaas, Ideas on /etc/profiles.d? We have talked about this internally and have discussed creating a containers.conf that could be shared between all container engines. The other choice would be to extend registries.conf to include proxy settings. For pulling, we should use `registries.conf`. For injecting it into containers, we should use another config. Containers.conf seems the logical spot for this. In crio.conf we currently have It is still being worked on under https://github.com/containers/common/tree/master/pkg/config And https://github.com/containers/buildah/pull/1858 I don't think it will show up until RHEL8.2.1 release. We are holding off for 8.2 because it is a big change, and 8.2 is going to be a stable release. Which means we would need to back port for 2 years. Once we have it in, we should iterate quickly. We are hoping to finalize on the format for the config file next week. So you want these environment variables set not for the containers but for Podman itself to use. I think we should still use this through containers_conf. Something like: # Set Proxy environment variables to be used by container runtimes when working with the registries. # http_proxy_env=[ "HTTP_PROXY=proxy.company.com", "https_proxy=proxy.company.com" ] It may be confusing that "http_proxy" doesn't actually take a proxy location. Maybe something like "pass_proxy_env = true" or "pass_http_proxy_env = true" instead would be more user-friendly? Then they can fill out this http_proxy_env list, if needed. Also, will a non-root user get their own $HOME/.config/containers/containers.conf by default, or will it just be an optional file that a user can create for overrides? All containers.conf files are optional and really we are just merging them together. So you only need to replace the one or two options you want. I thought customers wanted to specify environment variables that apply to the container engine. Something like # # Additional environment variables to apply to the container engine. For example "http_proxy=internal.proxy.company.com" # # container_engine_env [] Then when the container engine starts up it modifies it's environment to include these environment variables. The question then would be should these environment variables leak through to the containers. I would guess no, but this would mean that the callers would need to set them twice, it they wanted them in both places. This is in podman2.0 Dan, could you confirm where this change was made? From https://github.com/containers/libpod/tree/v2.0.0-rc4/vendor/github.com/containers/common/pkg/config I still don't see where we can define the proxy variables themselves. You would set them in the Env block.
# Environment variable list for the conmon process; used for passing necessary
# environment variables to conmon or the runtime.
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
# ]
man containers.conf
...
env=["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
Environment variable list for the container process, used for passing environment variables to the container.
Got it, thanks! Fixed in https://github.com/containers/buildah/pull/2011 and possibly other PR's. Assigning to Jindrich in case there's any packaging needs. Tom, I'm confused, the bug is reported against podman but PR you refer to is against buildah? Dan, is the support for this already in podman-2.0.0-rc4 so I can switch this to MODIFIED? Yes this is supported in podman 2.0 Jindrich, My bad, that was the Buildah one, I'm not sure exactly which one for Podman but certainly with this one: https://github.com/containers/libpod/pull/6428 and probably with https://github.com/containers/libpod/pull/6333. Regardless, in v2.0 of Podman for sure. Test with podman-2.0.0-0.9.rc7.module+el8.3.0+7084+c16098dd.x86_64, and seems it works as expect. So set this to verified. Details: in /usr/share/containers/containers.conf: ... env = [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "http_proxy=fake.check.value", "https_proxy=fake.check.value", ] ... # podman run -it busybox / # echo $http_proxy fake.check.value / # echo $https_proxy fake.check.value / # exit Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4694 |