From 87c622141b4d8a536ab23484abd6ac474d89a3e8 Mon Sep 17 00:00:00 2001
From: Jesse Hu <huh@vmware.com>
Date: Wed, 28 Mar 2018 18:49:40 +0800
Subject: [PATCH] Add http_proxy configuration for Clair service

Clair needs Internet access to download vulnerabilities data.

Fix issue https://github.com/vmware/harbor/issues/4272
---
 make/common/templates/clair/clair_env | 3 +++
 make/docker-compose.clair.tpl         | 2 ++
 make/harbor.cfg                       | 6 ++++++
 make/prepare                          | 9 +++++++++
 4 files changed, 20 insertions(+)
 create mode 100644 make/common/templates/clair/clair_env

diff --git a/make/common/templates/clair/clair_env b/make/common/templates/clair/clair_env
new file mode 100644
index 000000000..62991299b
--- /dev/null
+++ b/make/common/templates/clair/clair_env
@@ -0,0 +1,3 @@
+http_proxy=$http_proxy
+https_proxy=$https_proxy
+no_proxy=$no_proxy
diff --git a/make/docker-compose.clair.tpl b/make/docker-compose.clair.tpl
index e5e4d7bfe..4c652f115 100644
--- a/make/docker-compose.clair.tpl
+++ b/make/docker-compose.clair.tpl
@@ -47,6 +47,8 @@ services:
       options:  
         syslog-address: "tcp://127.0.0.1:1514"
         tag: "clair"
+    env_file:
+      ./common/config/clair/clair_env
 networks:
   harbor-clair:
     external: false
diff --git a/make/harbor.cfg b/make/harbor.cfg
index 738fccdca..c618bedee 100644
--- a/make/harbor.cfg
+++ b/make/harbor.cfg
@@ -36,6 +36,12 @@ log_rotate_count = 50
 #are all valid.
 log_rotate_size = 200M
 
+#Config http proxy for Clair, e.g. http://my.proxy.com:3128
+#Clair doesn't need to connect to harbor ui container via http proxy.
+http_proxy =
+https_proxy =
+no_proxy = 127.0.0.1,localhost,ui
+
 #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
 #only take effect in the first boot, the subsequent changes of these properties 
 #should be performed on web ui
diff --git a/make/prepare b/make/prepare
index 73addcc16..493efabd4 100755
--- a/make/prepare
+++ b/make/prepare
@@ -550,6 +550,15 @@ if args.clair_mode:
             username = clair_db_username,
             host = clair_db_host,
             port = clair_db_port)
+    # config http proxy for Clair
+    http_proxy = rcp.get("configuration", "http_proxy").strip()
+    https_proxy = rcp.get("configuration", "https_proxy").strip()
+    no_proxy = rcp.get("configuration", "no_proxy").strip()
+    clair_env = os.path.join(clair_config_dir, "clair_env")
+    render(os.path.join(clair_temp_dir, "clair_env"), clair_env,
+           http_proxy = http_proxy,
+           https_proxy = https_proxy,
+           no_proxy = no_proxy)
 
 if args.ha_mode:
     prepare_ha(rcp, args)