Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37613

WICD does not use 'ExecutionPolicy Bypass' when running powershell commands

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 4.12.z
    • 4.16.0
    • Windows Containers
    • None
    • No
    • 0
    • WINC - Sprint 257, WINC - Sprint 258, WINC - Sprint 259, WINC - Sprint 260
    • 4
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, when configuring a Windows VM on which the default Powershell execution policy was set to `Restricted`, the WMCO was unable to execute the necessary commands As a consequence, the Windows node would not be properly configured. With this fix, the WMCO bypasses the execution policy when running Powershell commands on a Windows VM. (link:https://issues.redhat.com/browse/OCPBUGS-37613[*OCPBUGS-37613])
      Show
      * Previously, when configuring a Windows VM on which the default Powershell execution policy was set to `Restricted`, the WMCO was unable to execute the necessary commands As a consequence, the Windows node would not be properly configured. With this fix, the WMCO bypasses the execution policy when running Powershell commands on a Windows VM. (link: https://issues.redhat.com/browse/OCPBUGS-37613 [* OCPBUGS-37613 ])
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-37612. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-37611. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-37610. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-37609. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-30995. The following is the description of the original issue:

      Description of problem:

      There is a discrepency in how [WMCO runs powershell commands|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/windows/windows.go#L1021], and how [WICD runs them|https://github.com/openshift/windows-machine-config-operator/blob/7a814dc7360430226e82957795342d405b1f81ca/pkg/daemon/powershell/powershell.go#L18]. WMCO explicity sets ExecutionPolicy Bypass, while WICD uses the default on the Windows VM.

      Version-Release number of selected component (if applicable):

      4.16

      How reproducible:

      Unknown

      Steps to Reproduce:

          1. On a BYOH node set the execution policy to restricted by running: `Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Restricted`
    2. Attempt to configure the Node with WMCO

      Actual results:

      Node is not properly configured:
Error message in WICD log:

    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1
E0509 15:57:30.691935     656 controller.go:247] could not resolve PowerShell variable ENDPOINT_IP: error running command with output C:\Temp\network-conf.ps1 : File C:\Temp\network-conf.ps1 cannot be loaded. The file C:\Temp\network-conf.ps1 is not
digitally signed. You cannot run this script on the current system. For more information about running scripts and
setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ C:\Temp\network-conf.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
: exit status 1

      Expected results:

      Node joins the cluster as expected

      Additional info:

              rh-ee-ssoto Sebastian Soto
              openshift-crt-jira-prow OpenShift Prow Bot
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: