Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-28637

[node-proxy] powershell proxy http/https request bypass proxy settings

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 4.14, 4.15, 4.16
    • Windows Containers
    • None
    • No
    • 3
    • WINC - Sprint 252, WINC - Sprint 253
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      *Cause*: Lack of documentation of the scope and expectations for the WMCO's cluster-wide proxy.
      *Consequence*: Bug describe an not supported scenario
      *Fix*: Update documentation and provide recomendations
      *Result*: Traffic in Powershell sessions uses with HTTP proxy
      Show
      *Cause*: Lack of documentation of the scope and expectations for the WMCO's cluster-wide proxy. *Consequence*: Bug describe an not supported scenario *Fix*: Update documentation and provide recomendations *Result*: Traffic in Powershell sessions uses with HTTP proxy
    • Bug Fix

      Description of problem:

          Accessing http/https endpoints do not pass through proxy settings using powershell

      Version-Release number of selected component (if applicable):

          9.0.1-8cb2ffb

      How reproducible:

          100%

      Steps to Reproduce:

          1. Install IPI Windows containers cluster with proxy enabled
    2. Login to Windows worker by SSH
    3. invoke web request to external endpoint: Invoke-WebRequest  http://raw.githubusercontent.com/openshift/windows-machine-config-operator/master/README.md -UseBasicParsing    

      Actual results:

          Request should pass through configured proxy
    Clear port 80:
    tcpdump -ttttnnr trace.pcapng port 80
reading from PCAP-NG file trace.pcapng
2024-01-30 16:18:44.605349 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [SEW], seq 2477283850, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:18:44.605427 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [SEW], seq 2477283850, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:18:44.605604 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [S.E], seq 1694099473, ack 2477283851, win 63280, options [mss 9040,nop,nop,sackOK,nop,wscale 7], length 0
2024-01-30 16:18:44.605729 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [S.E], seq 1694099473, ack 2477283851, win 63280, options [mss 9040,nop,nop,sackOK,nop,wscale 7], length 0
2024-01-30 16:18:44.605799 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:18:44.605816 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:18:44.606510 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [P.], seq 1:192, ack 1, win 1024, length 191: HTTP: GET /latest/meta-data/local-hostname HTTP/1.1
2024-01-30 16:18:44.606531 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [P.], seq 1:192, ack 1, win 1024, length 191: HTTP: GET /latest/meta-data/local-hostname HTTP/1.1
2024-01-30 16:18:44.606607 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [.], ack 192, win 493, length 0
2024-01-30 16:18:44.606674 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [.], ack 192, win 493, length 0
2024-01-30 16:18:44.606861 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [P.], seq 1:245, ack 192, win 493, length 244: HTTP: HTTP/1.1 200 OK
2024-01-30 16:18:44.606909 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [P.], seq 1:245, ack 192, win 493, length 244: HTTP: HTTP/1.1 200 OK
2024-01-30 16:18:44.606953 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [F.], seq 245, ack 192, win 493, length 0
2024-01-30 16:18:44.606994 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [F.], seq 245, ack 192, win 493, length 0
2024-01-30 16:18:44.607013 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [.], ack 246, win 1023, length 0
2024-01-30 16:18:44.607026 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [.], ack 246, win 1023, length 0
2024-01-30 16:18:44.607808 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [F.], seq 192, ack 246, win 1023, length 0
2024-01-30 16:18:44.607831 IP 10.0.64.189.51012 > 169.254.169.254.80: Flags [F.], seq 192, ack 246, win 1023, length 0
2024-01-30 16:18:44.607938 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [.], ack 193, win 493, length 0
2024-01-30 16:18:44.608006 IP 169.254.169.254.80 > 10.0.64.189.51012: Flags [.], ack 193, win 493, length 0
2024-01-30 16:19:22.865723 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [SEW], seq 282208634, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:19:22.865757 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [SEW], seq 282208634, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:19:22.866680 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [S.], seq 318398462, ack 282208635, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
2024-01-30 16:19:22.866762 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [S.], seq 318398462, ack 282208635, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
2024-01-30 16:19:22.866823 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:19:22.866838 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:19:22.867136 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [P.], seq 1:229, ack 1, win 1024, length 228: HTTP: GET /openshift/windows-machine-config-operator/master/README.md HTTP/1.1
2024-01-30 16:19:22.867153 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [P.], seq 1:229, ack 1, win 1024, length 228: HTTP: GET /openshift/windows-machine-config-operator/master/README.md HTTP/1.1
2024-01-30 16:19:22.867891 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [.], ack 229, win 288, length 0
2024-01-30 16:19:22.867963 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [.], ack 229, win 288, length 0
2024-01-30 16:19:22.871603 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [P.], seq 1:543, ack 229, win 288, length 542: HTTP: HTTP/1.1 301 Moved Permanently
2024-01-30 16:19:22.871682 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [P.], seq 1:543, ack 229, win 288, length 542: HTTP: HTTP/1.1 301 Moved Permanently
2024-01-30 16:19:22.871739 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [F.], seq 543, ack 229, win 288, length 0
2024-01-30 16:19:22.871780 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [F.], seq 543, ack 229, win 288, length 0
2024-01-30 16:19:22.871802 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [.], ack 544, win 1022, length 0
2024-01-30 16:19:22.871819 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [.], ack 544, win 1022, length 0
2024-01-30 16:19:22.872034 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [F.], seq 229, ack 544, win 1022, length 0
2024-01-30 16:19:22.872054 IP 10.0.64.189.51013 > 185.199.111.133.80: Flags [F.], seq 229, ack 544, win 1022, length 0
2024-01-30 16:19:22.872685 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [.], ack 230, win 288, length 0
2024-01-30 16:19:22.872758 IP 185.199.111.133.80 > 10.0.64.189.51013: Flags [.], ack 230, win 288, length 0
2024-01-30 16:19:36.011388 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [SEW], seq 1744195223, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:19:36.011453 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [SEW], seq 1744195223, win 64860, options [mss 1410,nop,wscale 8,nop,nop,sackOK], length 0
2024-01-30 16:19:36.012701 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [S.], seq 1056032842, ack 1744195224, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
2024-01-30 16:19:36.012813 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [S.], seq 1056032842, ack 1744195224, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
2024-01-30 16:19:36.012879 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:19:36.012895 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [.], ack 1, win 1024, length 0
2024-01-30 16:19:36.013064 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [P.], seq 1:205, ack 1, win 1024, length 204: HTTP: GET /openshift/windows-machine-config-operator/master/README.md HTTP/1.1
2024-01-30 16:19:36.013081 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [P.], seq 1:205, ack 1, win 1024, length 204: HTTP: GET /openshift/windows-machine-config-operator/master/README.md HTTP/1.1
2024-01-30 16:19:36.013863 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [.], ack 205, win 288, length 0
2024-01-30 16:19:36.013929 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [.], ack 205, win 288, length 0
2024-01-30 16:19:36.017761 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [P.], seq 1:543, ack 205, win 288, length 542: HTTP: HTTP/1.1 301 Moved Permanently
2024-01-30 16:19:36.017796 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [P.], seq 1:543, ack 205, win 288, length 542: HTTP: HTTP/1.1 301 Moved Permanently
2024-01-30 16:19:36.017956 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [F.], seq 543, ack 205, win 288, length 0
2024-01-30 16:19:36.017961 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [F.], seq 205, ack 543, win 1022, length 0
2024-01-30 16:19:36.017975 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [F.], seq 205, ack 543, win 1022, length 0
2024-01-30 16:19:36.018007 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [F.], seq 543, ack 205, win 288, length 0
2024-01-30 16:19:36.018039 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [.], ack 544, win 1022, length 0
2024-01-30 16:19:36.018053 IP 10.0.64.189.51015 > 185.199.111.133.80: Flags [.], ack 544, win 1022, length 0
2024-01-30 16:19:36.018525 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [.], ack 206, win 288, length 0
2024-01-30 16:19:36.018566 IP 185.199.111.133.80 > 10.0.64.189.51015: Flags [.], ack 206, win 288, length 0

empty results filtered proxy port: 
tcpdump -ttttnnr trace.pcapng port 3128
reading from PCAP-NG file trace.pcapng

oc get proxies  -o=jsonpath="{.items[0].status}"
{"httpProxy":"http://proxy-user1:********@**-**-**-**.us-east-2.compute.amazonaws.com:3128","httpsProxy":"http://proxy-user1:********@**-**-**-**.us-east-2.compute.amazonaws.com:3128","noProxy":".cluster.local,.svc,.us-east-2.compute.internal,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.rrasouli-1093.qe.devcluster.openshift.com,localhost,test.no-proxy.com"}%

      Expected results:

      Additional info:

        1. kubelet-log.txt
          30 kB
        2. pod-win-webserver-7476c977c8-brz7v.yaml
          7 kB
        3. wicd-log.txt
          15 kB
        4. windows-machine-config-operator-559bcdfddf-hdfkz-manager.log
          9 kB
        5. windows-machine-config-operator-56778db986-rj56c-manager.log
          119 kB

              jvaldes@redhat.com Jose Valdes
              rrasouli Aharon Rasouli
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: