Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37609

WICD does not use 'ExecutionPolicy Bypass' when running powershell commands

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • 4.16.z
    • 4.16.0
    • Windows Containers
    • None
    • No
    • 0
    • WINC - Sprint 257, WINC - Sprint 258
    • 2
    • False
    • Hide

      None

      Show
      None
    • Fixes a bug which would cause issues configuring a Windows VM which had it's default Powershell `ExecutionPolicy` set to `Restricted`. This has been resolved by bypassing the executionpolicy when running powershell commands on the VM.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-30995. The following is the description of the original issue:

      Description of problem:

      There is a discrepency in how [WMCO runs powershell commands|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/windows/windows.go#L1021], and how [WICD runs them|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/daemon/powershell/powershell.go#L18]. WMCO explicity sets ExecutionPolicy Bypass, while WICD uses the default on the Windows VM.

      Version-Release number of selected component (if applicable):

      4.16

      How reproducible:

      Unknown

      Steps to Reproduce:

          1. On a BYOH node set the execution policy to restricted by running: `Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Restricted`
    2. Attempt to configure the Node with WMCO

      Actual results:

      Node is not properly configured:
Error message in WICD log:

    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1
E0509 15:57:30.691935     656 controller.go:247] could not resolve PowerShell variable ENDPOINT_IP: error running command with output C:\Temp\network-conf.ps1 : File C:\Temp\network-conf.ps1 cannot be loaded. The file C:\Temp\network-conf.ps1 is not
digitally signed. You cannot run this script on the current system. For more information about running scripts and
setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ C:\Temp\network-conf.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1

      Expected results:

      Node joins the cluster as expected

      Additional info:

              rh-ee-ssoto Sebastian Soto
              openshift-crt-jira-prow OpenShift Prow Bot
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: