cephadm/services/ingress: configure security user in keepalived template

author Bernard Landon <bernard@lndn.ch>

Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)

committer Adam King <adking@redhat.com>

Tue, 11 Jun 2024 16:39:41 +0000 (12:39 -0400)
author Bernard Landon <bernard@lndn.ch>
Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer Adam King <adking@redhat.com>
Tue, 11 Jun 2024 16:39:41 +0000 (12:39 -0400)
diff --git a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2 b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2

index e19f556c6f42727247600466ffdd7097df9b80a5..4a8237a4f2bbabce6b487be6d9e12a0505dbf734 100644 (file)
--- a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
@@ -1,4 +1,9 @@
  # {{ cephadm_managed }}
+global_defs {
+    enable_script_security
+    script_user root
+}
+
  vrrp_script check_backend {
      script "{{ script }}"
      weight -20
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py

index a6edf1b0d852202f6d28d66159e0e3f8f796c497..440b20d59c427debe1da83b56882f4d3d241eded 100644 (file)
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -1860,6 +1860,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -1983,6 +1987,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://[1::4]:8999/health"\n    '
                                  'weight -20\n    '
@@ -2109,6 +2117,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -2243,6 +2255,10 @@ class TestIngressService:
                              {
                                  'keepalived.conf':
                                      '# This file is generated by cephadm.\n'
+                                    'global_defs {\n    '
+                                    'enable_script_security\n    '
+                                    'script_user root\n'
+                                    '}\n\n'
                                      'vrrp_script check_backend {\n    '
                                      'script "/usr/bin/curl http://1.2.3.1:8999/health"\n    '
                                      'weight -20\n    '
@@ -2434,6 +2450,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/false"\n    '
                                  'weight -20\n    '
author	Bernard Landon <bernard@lndn.ch>
	Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer	Adam King <adking@redhat.com>
	Tue, 11 Jun 2024 16:39:41 +0000 (12:39 -0400)
src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2		patch \| blob \| history
src/pybind/mgr/cephadm/tests/test_services.py		patch \| blob \| history