mirror of
https://github.com/trailofbits/algo.git
synced 2025-08-04 11:53:02 +02:00
fix: Add timeouts to curl commands in install.sh with retry logic (#14788)
Added configurable timeouts and retry logic to all curl commands in publicIpFromMetadata():
- --connect-timeout 5: 5 seconds to establish connection
- --max-time ${METADATA_TIMEOUT:-20}: Configurable timeout (default 20 seconds)
- Retry logic: Try up to 2 times with 2-second delay between attempts
- Environment variable: METADATA_TIMEOUT can override default timeout
This prevents the installation script from hanging indefinitely when:
- Metadata services are slow or unresponsive
- Network issues cause connections to stall
- Script is run in non-cloud environments where metadata IPs don't respond
The increased timeout (20s) and retry logic ensure compatibility with:
- Azure deployments in secondary regions (known to be slower)
- High-latency environments (satellite, rural connections)
- Corporate environments with proxies or deep packet inspection
- Temporary network glitches or cloud provider maintenance
The existing fallback to publicIpFromInterface() will handle cases where
metadata endpoints are unavailable after all retry attempts.
Fixes #14350
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Dan Guido
GitHub
parent
554121f0fc
commit
9a7a930895
1 changed files with 39 additions and 7 deletions
46
install.sh
46
install.sh
|
|
@ -45,15 +45,47 @@ publicIpFromInterface() {
|
||||||
echo "Using ${ENDPOINT} as the endpoint"
|
echo "Using ${ENDPOINT} as the endpoint"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tryGetMetadata() {
|
||||||
|
# Helper function to fetch metadata with retry
|
||||||
|
local url="$1"
|
||||||
|
local headers="$2"
|
||||||
|
local response=""
|
||||||
|
|
||||||
|
# Try up to 2 times
|
||||||
|
for attempt in 1 2; do
|
||||||
|
if [ -n "$headers" ]; then
|
||||||
|
response="$(curl -s --connect-timeout 5 --max-time "${METADATA_TIMEOUT}" -H "$headers" "$url" || true)"
|
||||||
|
else
|
||||||
|
response="$(curl -s --connect-timeout 5 --max-time "${METADATA_TIMEOUT}" "$url" || true)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If we got a response, return it
|
||||||
|
if [ -n "$response" ]; then
|
||||||
|
echo "$response"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Wait before retry (only on first attempt)
|
||||||
|
[ $attempt -eq 1 ] && sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
# Return empty string if all attempts failed
|
||||||
|
echo ""
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
publicIpFromMetadata() {
|
publicIpFromMetadata() {
|
||||||
if curl -s http://169.254.169.254/metadata/v1/vendor-data | grep DigitalOcean >/dev/null; then
|
# Set default timeout from environment or use 20 seconds
|
||||||
ENDPOINT="$(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)"
|
METADATA_TIMEOUT="${METADATA_TIMEOUT:-20}"
|
||||||
elif test "$(curl -s http://169.254.169.254/latest/meta-data/services/domain)" = "amazonaws.com"; then
|
|
||||||
ENDPOINT="$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)"
|
if tryGetMetadata "http://169.254.169.254/metadata/v1/vendor-data" "" | grep DigitalOcean >/dev/null; then
|
||||||
|
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address" "")"
|
||||||
|
elif test "$(tryGetMetadata "http://169.254.169.254/latest/meta-data/services/domain" "")" = "amazonaws.com"; then
|
||||||
|
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/latest/meta-data/public-ipv4" "")"
|
||||||
elif host -t A -W 10 metadata.google.internal 127.0.0.53 >/dev/null; then
|
elif host -t A -W 10 metadata.google.internal 127.0.0.53 >/dev/null; then
|
||||||
ENDPOINT="$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip")"
|
ENDPOINT="$(tryGetMetadata "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" "Metadata-Flavor: Google")"
|
||||||
elif test "$(curl -s -H Metadata:true 'http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text')" = "Canonical"; then
|
elif test "$(tryGetMetadata "http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text" "Metadata:true")" = "Canonical"; then
|
||||||
ENDPOINT="$(curl -H Metadata:true 'http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text')"
|
ENDPOINT="$(tryGetMetadata "http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text" "Metadata:true")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if echo "${ENDPOINT}" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"; then
|
if echo "${ENDPOINT}" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"; then
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue