cephadm/services/ingress: configure security user in keepalived template

author Bernard Landon <bernard@lndn.ch>

Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)

committer Pierre Riteau <pierre@stackhpc.com>

Thu, 19 Dec 2024 20:02:58 +0000 (21:02 +0100)
author Bernard Landon <bernard@lndn.ch>
Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer Pierre Riteau <pierre@stackhpc.com>
Thu, 19 Dec 2024 20:02:58 +0000 (21:02 +0100)
diff --git a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2 b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2

index e19f556c6f42727247600466ffdd7097df9b80a5..4a8237a4f2bbabce6b487be6d9e12a0505dbf734 100644 (file)
--- a/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2
@@ -1,4 +1,9 @@
  # {{ cephadm_managed }}
+global_defs {
+    enable_script_security
+    script_user root
+}
+
  vrrp_script check_backend {
      script "{{ script }}"
      weight -20
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py

index 71776a8e16a93720af2fdea2c3e856626869e2b6..a2858bb16a3f4094aa7c77524fab4aebdacb51b6 100644 (file)
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -1774,6 +1774,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -1897,6 +1901,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://[1::4]:8999/health"\n    '
                                  'weight -20\n    '
@@ -2023,6 +2031,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                  'weight -20\n    '
@@ -2195,6 +2207,10 @@ class TestIngressService:
                              {
                                  'keepalived.conf':
                                      '# This file is generated by cephadm.\n'
+                                    'global_defs {\n    '
+                                    'enable_script_security\n    '
+                                    'script_user root\n'
+                                    '}\n\n'
                                      'vrrp_script check_backend {\n    '
                                      'script "/usr/bin/curl http://1.2.3.1:8999/health"\n    '
                                      'weight -20\n    '
@@ -2348,6 +2364,10 @@ class TestIngressService:
                          {
                              'keepalived.conf':
                                  '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                  'vrrp_script check_backend {\n    '
                                  'script "/usr/bin/false"\n    '
                                  'weight -20\n    '
author	Bernard Landon <bernard@lndn.ch>
	Tue, 4 Jun 2024 21:29:54 +0000 (23:29 +0200)
committer	Pierre Riteau <pierre@stackhpc.com>
	Thu, 19 Dec 2024 20:02:58 +0000 (21:02 +0100)
src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2		patch \| blob \| history
src/pybind/mgr/cephadm/tests/test_services.py		patch \| blob \| history