Add dial timeout field to hosts toml configuration

Signed-off-by: Philip Laine <philip.laine@gmail.com>

core/remotes/docker/config/hosts.go

@@ -28,6 +28,7 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+	"time"
 
 	"github.com/containerd/errdefs"
 	"github.com/containerd/log"
@@ -51,6 +52,8 @@ type hostConfig struct {
 	clientPairs [][2]string
 	skipVerify  *bool
 
+	dialTimeout *time.Duration
+
 	header http.Header
 
 	// TODO: Add credential configuration (domain alias, username)
@@ -166,7 +169,7 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
 			// Allow setting for each host as well
 			explicitTLS := tlsConfigured
 
-			if host.caCerts != nil || host.clientPairs != nil || host.skipVerify != nil {
+			if host.caCerts != nil || host.clientPairs != nil || host.skipVerify != nil || host.dialTimeout != nil {
 				explicitTLS = true
 				tr := defaultTransport.Clone()
 				tlsConfig := tr.TLSClientConfig
@@ -215,6 +218,14 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
 					tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
 				}
 
+				if host.dialTimeout != nil {
+					tr.DialContext = (&net.Dialer{
+						Timeout:       *host.dialTimeout,
+						KeepAlive:     30 * time.Second,
+						FallbackDelay: 300 * time.Millisecond,
+					}).DialContext
+				}
+
 				c := *client
 				c.Transport = tr
 				if options.UpdateClient != nil {
@@ -339,6 +350,10 @@ type hostFileConfig struct {
 	// API root endpoint.
 	OverridePath bool `toml:"override_path"`
 
+	// DialTimeout is the maximum amount of time a dial will wait for
+	// a connect to complete.
+	DialTimeout string `toml:"dial_timeout"`
+
 	// TODO: Credentials: helper? name? username? alternate domain? token?
 }
 
@@ -499,6 +514,14 @@ func parseHostConfig(server string, baseDir string, config hostFileConfig) (host
 		result.header = header
 	}
 
+	if config.DialTimeout != "" {
+		dialTimeout, err := time.ParseDuration(config.DialTimeout)
+		if err != nil {
+			return hostConfig{}, err
+		}
+		result.dialTimeout = &dialTimeout
+	}
+
 	return result, nil
 }
 

core/remotes/docker/config/hosts_test.go

@@ -25,6 +25,7 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 
 	"github.com/containerd/log/logtest"
 
@@ -115,8 +116,13 @@ ca = "/etc/path/default"
 
 [host."https://onlyheader.registry".header]
   x-custom-1 = "justaheader"
+
+[host."https://dial-timeout.registry"]
+  dial_timeout = "3s"
 `
+
 	var tb, fb = true, false
+	var dialTimeout = 3 * time.Second
 	expected := []hostConfig{
 		{
 			scheme:       "https",
@@ -188,6 +194,13 @@ ca = "/etc/path/default"
 			capabilities: allCaps,
 			header:       http.Header{"x-custom-1": {"justaheader"}},
 		},
+		{
+			scheme:       "https",
+			host:         "dial-timeout.registry",
+			path:         "/v2",
+			capabilities: allCaps,
+			dialTimeout:  &dialTimeout,
+		},
 		{
 			scheme:       "https",
 			host:         "test-default.registry",
@@ -555,6 +568,14 @@ func compareHostConfig(j, k hostConfig) bool {
 		}
 	}
 
+	if j.dialTimeout != nil && k.dialTimeout != nil {
+		if *j.dialTimeout != *k.dialTimeout {
+			return false
+		}
+	} else if j.dialTimeout != nil || k.dialTimeout != nil {
+		return false
+	}
+
 	return true
 }
 
@@ -573,6 +594,9 @@ func printHostConfig(hc []hostConfig) string {
 			fmt.Fprintf(b, "\t\tskip-verify: %t\n", *hc[i].skipVerify)
 		}
 		fmt.Fprintf(b, "\t\theader: %#v\n", hc[i].header)
+		if hc[i].dialTimeout != nil {
+			fmt.Fprintf(b, "\t\tdial-timeout: %v\n", hc[i].dialTimeout)
+		}
 	}
 	return b.String()
 }

docs/hosts.md

@@ -363,6 +363,16 @@ non-compliant OCI registries which are missing the `/v2` prefix.
 override_path = true
 ```
 
+## dial_timeout field
+
+`dial_timeout` specifies the maximum time allowed for a connection attempt to complete.
+A shorter timeout helps reduce delays when falling back to the original registry if the mirror is unreachable.
+(Defaults to `30s`)
+
+```
+dial_timeout = "1s"
+```
+
 ## host field(s) (in the toml table format)
 
 `[host]."https://namespace"` and `[host]."http://namespace"` entries in the