cephadm/services/ingress: configure security user in keepalived template

author Bernard Landon <bernard@lndn.ch>

Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)

committer Bernard Landon <bernard@lndn.ch>

Wed, 5 Jun 2024 20:49:37 +0000 (22:49 +0200)
author Bernard Landon <bernard@lndn.ch>
Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer Bernard Landon <bernard@lndn.ch>
Wed, 5 Jun 2024 20:49:37 +0000 (22:49 +0200)
diff --git a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2 b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2

index e19f556c6f42727247600466ffdd7097df9b80a5..4a8237a4f2bbabce6b487be6d9e12a0505dbf734 100644 (file)
--- a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
@@ -1,4 +1,9 @@
  # {{ cephadm_managed }}
+global_defs {
+    enable_script_security
+    script_user root
+}
+
  vrrp_script check_backend {
      script "{{ script }}"
      weight -20
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py

index f0b5360e6e30e202bc76a44caee06e4586f0e583..3440a575402cbba67f8a928530bcb9f3622c05b1 100644 (file)
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -1738,6 +1738,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -1861,6 +1865,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://[1::4]:8999/health"\n    '
                                  'weight -20\n    '
@@ -1987,6 +1995,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -2121,6 +2133,10 @@ class TestIngressService:
                              {
                                  'keepalived.conf':
                                      '# This file is generated by cephadm.\n'
+                                    'global_defs {\n    '
+                                    'enable_script_security\n    '
+                                    'script_user root\n'
+                                    '}\n\n'
                                      'vrrp_script check_backend {\n    '
                                      'script "/usr/bin/curl http://1.2.3.1:8999/health"\n    '
                                      'weight -20\n    '
@@ -2312,6 +2328,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/false"\n    '
                                  'weight -20\n    '
author	Bernard Landon <bernard@lndn.ch>
	Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer	Bernard Landon <bernard@lndn.ch>
	Wed, 5 Jun 2024 20:49:37 +0000 (22:49 +0200)
src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2		patch \| blob \| history
src/pybind/mgr/cephadm/tests/test_services.py		patch \| blob \| history