colima icon indicating copy to clipboard operation
colima copied to clipboard

Published 20 hours ago verified publisher icon abiosoft

colima x86_64 daemon.json file has incorrect proxy

Open dragonfriend0013 opened this issue 1 year ago • 8 comments

Description

I use zscaler on my machine (M2 Mac), so my local proxy is set to 127.0.0.1:9000. during the colima start, it set the proxy variable to a 192.* address, but the daemon.json file still shows as the original 127 address. this should be updates with the updated address. i can manually update this through ssh, but it would be better if this is done when colima starts.

docker build does not have this issue, only docker compose and docker-compose

Version

colima version 0.6.7 git commit: ba1be00e9aec47f2c1ffdacfb7e428e465f0b58a

runtime: docker arch: x86_64 client: v24.0.7 server: v24.0.7 limactl version 0.19.1 qemu-img version 8.2.0 Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers

Operating System

  • [ ] macOS Intel <= 13 (Ventura)
  • [ ] macOS Intel >= 14 (Sonoma)
  • [ ] Apple Silicon <= 13 (Ventura)
  • [X] Apple Silicon >= 14 (Sonoma)
  • [ ] Linux

Output of colima status

INFO[0000] colima is running using QEMU INFO[0000] arch: x86_64 INFO[0000] runtime: docker INFO[0000] mountType: sshfs INFO[0000] socket: unix:///Users/jamurphy/.colima/default/docker.sock

Reproduction Steps

  1. colima delete
  2. colima start --arch x86_64
  3. docker compose up --detach (have an external image that must be pulled through proxy)

Expected behaviour

docker compose works

Additional context

env variable on Mac: http_proxy=http://127.0.0.1:9000 https_proxy=http://127.0.0.1:9000

env variable on colima https_proxy=http://192.168.5.2:9000 http_proxy=http://192.168.5.2:9000

daemon.json on colima cat daemon.json { "exec-opts": [ "native.cgroupdriver=cgroupfs" ], "features": { "buildkit": true }, "proxies": { "http-proxy": "http://127.0.0.1:9000", "https-proxy": "http://127.0.0.1:9000" } } No response

dragonfriend0013 avatar Jan 12 '24 16:01 dragonfriend0013

I have the same issue with colima 0.6.7. This was working properly until version 0.5.x.

I notice that in the feature list of release 0.6.0 there is this statement:

  • Proxy variables HTTP_PROXY, HTTPS_PROXY, NO_PROXY and their lowercase variants are now forwarded to the Docker daemon.

Proxy variables should be taken from inside Qemu and not from the Host, so to get the remapped values (that is 192.168.5.2 instead of 127.0.0.1).

For now I must stay on colima 0.5.6, where I do not have this issue.

fralken avatar Jan 22 '24 13:01 fralken

It is an oversight. 127.0.0.1 proxy host address should be auto-translated to 192.168.5.2.

abiosoft avatar Jan 22 '24 14:01 abiosoft

Is it necessary to set the proxies in daemon.json? In colima 0.5.6 they are not set but docker info shows the values from the env variables.

HTTP Proxy: http://192.168.5.2:8128 HTTPS Proxy: http://192.168.5.2:8128

fralken avatar Jan 22 '24 15:01 fralken

Any update on getting this corrected?

dragonfriend0013 avatar Feb 12 '24 20:02 dragonfriend0013

This approach worked for me.

Using the provision key in ~/.colima/default/colima.yml:

provision:
  - mode: system
    script: |
      GLOBAL_PROXY='127.0.0.1:9000'
      COLIMA_PROXY=$(echo $http_proxy | sed -e 's/http:\/\///')
      sed -i "s/$GLOBAL_PROXY/$COLIMA_PROXY/" /etc/docker/daemon.json
      systemctl daemon-reload
      systemctl restart docker

First, this sets $GLOBAL_PROXY to 127.0.0.1:9000 (NOTE: If the correct proxy setting for your host OS differs from this, set this value accordingly.)

Then, it gets the value of $http_proxy from inside the vm (equivalent to colima ssh), strips the leading protocol identifier, and stores it as $COLIMA_PROXY.

Then it finds $GLOBAL_PROXY in /etc/docker/daemon.json and updates that value to match $COLIMA_PROXY.

Finally, it reloads the changes and restarts the Docker daemon. (If the provisioning script were run as a user instead of as mode: system, these last two commands would require sudo.)

hotwebmatter avatar Feb 19 '24 23:02 hotwebmatter

This approach worked for me.

Using the provision key in ~/.colima/default/colima.yml:

provision:
  - mode: system
    script: |
      GLOBAL_PROXY='127.0.0.1:9000'
      COLIMA_PROXY=$(echo $http_proxy | sed -e 's/http:\/\///')
      sed -i "s/$GLOBAL_PROXY/$COLIMA_PROXY/" /etc/docker/daemon.json
      systemctl daemon-reload
      systemctl restart docker

First, this sets $GLOBAL_PROXY to 127.0.0.1:9000 (NOTE: If the correct proxy setting for your host OS differs from this, set this value accordingly.)

Then, it gets the value of $http_proxy from inside the vm (equivalent to colima ssh), strips the leading protocol identifier, and stores it as $COLIMA_PROXY.

Then it finds $GLOBAL_PROXY in /etc/docker/daemon.json and updates that value to match $COLIMA_PROXY.

Finally, it reloads the changes and restarts the Docker daemon. (If the provisioning script were run as a user instead of as mode: system, these last two commands would require sudo.)

Nice!

rteeling-evernorth avatar Feb 21 '24 15:02 rteeling-evernorth

I'm wondering if you have solved the problem of configuring the proxy in the daemon.json file when you start docker in colima? Every time I modify the daemon.json file to configure proxies, the proxy is not implemented.

magicgopher avatar Jun 12 '24 16:06 magicgopher