weixin_39684898
weixin_39684898
2020-12-02 14:50

respect proxy settings on KDE (RHEL7)

Describe the bug /etc/profile.d/proxy.sh has global proxy settings for every user. And export shows, that root and my user have the same proxy settings.

az login with root works, but az login with a non-root user fails with message:

Open browser with url: xxxxxx Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code" kioclient(32627)/kio (KRun): KRun(0x2241db0) ERROR (stat): 114 "Unknown host login.microsoftonline.com: Host not found"

To Reproduce export HTTP_PROXY="http://my.proxy.com" export HTTPS_PROXY="http://my.proxy.com" az login # fails sudo az login # works

Expected behavior az login should work not not print: Unknown host login.microsoftonline.com: Host not found All users can access the site using curl or firefox.

Environment summary FTP_PROXY="http://1.2.3.4:8080" HTTPS_PROXY="http://1.2.3.4:8080" HTTP_PROXY="http://1.2.3.4:8080" NO_PROXY="localhost,127.0.0.1"

azure-cli 2.0.61

acr 2.2.3 acs 2.3.20 advisor 2.0.0 ams 0.4.3 appservice 0.2.16 backup 1.2.2 batch 4.0.0 batchai 0.4.8 billing 0.2.1 botservice 0.1.9 cdn 0.2.1 cloud 2.1.1 cognitiveservices 0.2.5 command-modules-nspkg 2.0.2 configure 2.0.20 consumption 0.4.2 container 0.3.15 core 2.0.61 cosmosdb 0.2.9 dla 0.2.5 dls 0.1.8 dms 0.1.3 eventgrid 0.2.2 eventhubs 0.3.4 extension 0.2.4 feedback 2.1.4 find 0.3.1 hdinsight 0.3.2 interactive 0.4.2 iot 0.3.7 iotcentral 0.1.6 keyvault 2.2.13 kusto 0.2.1 lab 0.1.6 maps 0.3.4 monitor 0.2.11 network 2.3.5 nspkg 3.0.3 policyinsights 0.1.2 profile 2.1.4 rdbms 0.3.9 redis 0.4.2 relay 0.1.4 reservations 0.4.2 resource 2.1.12 role 2.4.3 search 0.1.1 security 0.1.1 servicebus 0.3.4 servicefabric 0.1.15 signalr 1.0.0 sql 2.2.0 sqlvm 0.1.1 storage 2.3.2 telemetry 1.0.2 vm 2.2.17

Python location '/usr/lib64/az/bin/python' Extensions directory '/export/home/vbwbm/.azure/cliextensions'

Python (Linux) 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

该提问来源于开源项目:Azure/azure-cli

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

14条回答

  • weixin_39684898 weixin_39684898 4月前

    i think, i am using Gnome. (Standard RHEL Desktop should be gnome) But let me verify this after Easter on Tuesday.

    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    The problem just occurs only in KDE Desktop (on RHEL7). Gnome Desktop on RHEL7 is not affected. Our default seems to be KDE, but gnome can be used as well.

    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    To summarize: when using KDE on RHEL7, the following workaround helps:

    
    export KDE_SESSION_VERSION=""
    export KDE_SESSION_UID=""
    export KDE_MULTIHEAD=""
    export KDE_FULL_SESSION=""
    export KDE_SESSION_VERSION=""
    export XDG_CURRENT_DESKTOP=""
    export XDG_DATA_DIRS=""
    export XDG_MENU_PREFIX=""
    export XDG_RUNTIME_DIR=""
    export XDG_SESSION_ID=""
    

    feel free to close this issue in case you do not plan to support KDE.

    点赞 评论 复制链接分享
  • weixin_39562197 weixin_39562197 4月前

    Thanks for getting back to me on this, ! I think I will close it out, but thanks for providing this work around for anybody impacted in the future.

    点赞 评论 复制链接分享
  • weixin_39999536 weixin_39999536 4月前

    Thanks for your bug report ! -msft, I wonder if this is an internal permission issue on their side like in #4905? Could you please share instructions as you did in that issue if you think this is related? Might be good to place those instructions in this bug so that others can benefit from the same.

    Thanks, Arun

    点赞 评论 复制链接分享
  • weixin_39603217 weixin_39603217 4月前

    , would be possible to use az login --debug, capture 2 traces and compare, one under root and one w/o? This doesn't appear an Azure CLI specific issue.

    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    Not Working Sample with normal user:

    
    az_command_data_logger : command args: login --debug
    metadata file logging enabled - writing logs to '/export/home/vbwbm/.azure/commands'.
    Event: CommandInvoker.OnPostCommandTableCreate [<function add_subscription_parameter at>, <function add_ids_arguments at>]
    Event: CommandInvoker.OnCommandTableLoaded []
    Event: CommandInvoker.OnPreParseArgs [<function _documentdb_deprecate at>]
    Event: CommandInvoker.OnPostParseArgs [<function handle_output_argument at>, <function handle_query_parameter at>, <function parse_ids_arguments at>, <function handler at>]
    Open browser with url: https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&redirect_uri=http://localhost:8400&state=0xm8z5qyxj3yumz7x441&resource=https://management.core.windows.net/&prompt=select_account
    Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
    kioclient(37034)/kio (KRun): KRun(0x2128850) ERROR (stat): 114   "Unknown host login.microsoftonline.com: Host not found" 
    </function></function></function></function></function></function></function>

    Working Sample with root user:

    
    az_command_data_logger : command args: login --debug
    metadata file logging enabled - writing logs to '/root/.azure/commands'.
    Event: CommandInvoker.OnPostCommandTableCreate [<function add_subscription_parameter at>, <function add_ids_arguments at>]
    Event: CommandInvoker.OnCommandTableLoaded []
    Event: CommandInvoker.OnPreParseArgs [<function _documentdb_deprecate at>]
    Event: CommandInvoker.OnPostParseArgs [<function handle_output_argument at>, <function handle_query_parameter at>, <function parse_ids_arguments at>, <function handler at>]
    attempting to read file /root/.azure/accessTokens.json as utf-8-sig
    Open browser with url: https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&redirect_uri=http://localhost:8400&state=138i2bkfu3m5k09rsr9g&resource=https://management.core.windows.net/&prompt=select_account
    Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
    START /bin/exo-open --launch WebBrowser "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&redirect_uri=http://localhost:8400&state=138i2bkfu3m5k09rsr9g&resource=https://management.core.windows.net/&prompt=select_account"
    Running without a11y support!
    </function></function></function></function></function></function></function>
    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    Our current workaround for this issue is:

    
    sudo rm -rf /root/.azure
    sudo az login
    sudo rm -rf "$HOME/.azure"
    sudo cp -r /root/.azure "$HOME"
    sudo chown -R "$USER" "$HOME/.azure"
    
    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    The issue seems to come from DNS queries. Our internal DNS do not resolve public names such as login.microsoftonline.com (The http Proxy can resolve the domain names.). I see dns queries that fail with NXDOMAIN, when logging in a normal user.

    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    the problem are the environment variables with azure login.

    unset the following variables, so that the host can be resolved using proxy

    
    export KDE_SESSION_VERSION=""
    export KDE_SESSION_UID=""
    export KDE_MULTIHEAD=""
    export KDE_FULL_SESSION=""
    export KDE_SESSION_VERSION=""
    export XDG_CURRENT_DESKTOP=""
    export XDG_DATA_DIRS=""
    export XDG_MENU_PREFIX=""
    export XDG_RUNTIME_DIR=""
    export XDG_SESSION_ID=""
    

    See full example:

    
    [vbwbm-desktop ~]$ az login
    Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
    kioclient(19023)/kio (KRun): KRun(0x228b860) ERROR (stat): 114   "Unknown host login.microsoftonline.com: Host not found" 
    ^C[vbwbm-desktop ~]$ export KDE_SESSION_VERSION=""
    [vbwbm-desktop ~]$ export KDE_SESSION_UID=""
    [vbwbm-desktop ~]$ export KDE_MULTIHEAD=""
    [vbwbm-desktop ~]$ export KDE_FULL_SESSION=""
    [vbwbm-desktop ~]$ export KDE_SESSION_VERSION=""
    [vbwbm-desktop ~]$ export XDG_CURRENT_DESKTOP=""
    [vbwbm-desktop ~]$ export XDG_DATA_DIRS=""
    [vbwbm-desktop ~]$ export XDG_MENU_PREFIX=""
    [vbwbm-desktop ~]$ export XDG_RUNTIME_DIR=""
    [vbwbm-desktop ~]$ export XDG_SESSION_ID=""
    [vbwbm-desktop ~]$ az login
    Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
    START /bin/exo-open --launch WebBrowser "https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&redirect_uri=http://localhost:8400&state=ppiihpywrk49551u34ml&resource=https://management.core.windows.net/&prompt=select_account"
    
    (firefox:19355): Gtk-WARNING **: 10:26:07.536: Could not load a pixbuf from icon theme.
    This may indicate that pixbuf loaders or the mime database could not be found.
    
    ###!!! [Parent][MessageChannel] Error: (msgtype=0x160080,name=PBrowser::Msg_Destroy) Closed channel: cannot send/recv
    
    点赞 评论 复制链接分享
  • weixin_39583521 weixin_39583521 4月前

    for triage

    点赞 评论 复制链接分享
  • weixin_39562197 weixin_39562197 4月前

    Seems like this is a KDE specific bug, and I'm not sure how large our audience of KDE users working behind a corporate proxy is. Seems like a good thing to fix, but I'm afraid it isn't at the top of the list right now.

    点赞 评论 复制链接分享
  • weixin_39684898 weixin_39684898 4月前

    RHEL is very common in enterprises and proxies as well. So I guess the user base is not that little.

    点赞 评论 复制链接分享
  • weixin_39562197 weixin_39562197 4月前

    Sorry, my understanding may not be quite right here, . Do you think this bug repros even outside of KDE? Most notably, do you think it's impacting Gnome users as well?

    点赞 评论 复制链接分享