Debian should be consulted about this issue, to see if they have particular druthers regarding the addition of the user, or if they'd prefer to see this issue fixed some other way (or left as-is for users to configure themselves). That way we can continue to avoid having a ubuntu delta for this package.
-- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to keepalived in Ubuntu. https://bugs.launchpad.net/bugs/1806004 Title: Keepalived scripts are not getting executed Status in openstack-ansible: Fix Released Status in keepalived package in Ubuntu: Triaged Bug description: After deploying OpenStack Ansible 18.1.0 on Ubuntu 18.04, I noticed the following Keepalived logs: root@controller-dc1r02n01:~# journalctl -eu keepalived.service Nov 28 11:11:39 controller-dc1r02n01 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)... Nov 28 11:11:39 controller-dc1r02n01 Keepalived[24979]: Starting Keepalived v1.3.9 (10/21,2017) Nov 28 11:11:39 controller-dc1r02n01 Keepalived[24979]: Opening file '/etc/keepalived/keepalived.conf'. Nov 28 11:11:39 controller-dc1r02n01 systemd[1]: Started Keepalive Daemon (LVS and VRRP). Nov 28 11:11:39 controller-dc1r02n01 Keepalived[24980]: Starting Healthcheck child process, pid=24981 Nov 28 11:11:39 controller-dc1r02n01 Keepalived_healthcheckers[24981]: Opening file '/etc/keepalived/keepalived.conf'. Nov 28 11:11:39 controller-dc1r02n01 Keepalived[24980]: Starting VRRP child process, pid=24982 Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Registering Kernel netlink reflector Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Registering Kernel netlink command channel Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Registering gratuitous ARP shared channel Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Opening file '/etc/keepalived/keepalived.conf'. Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: WARNING - default user 'keepalived_script' for script execution does not exist - please create. Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Failed to set default user for notify script /etc/keepalived/haproxy_notify.sh - ignoring Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Unable to set default user for vrrp script haproxy_check_script - removing Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Unable to set default user for vrrp script pingable_check_script - removing Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Truncating auth_pass to 8 characters Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: (internal): track script haproxy_check_script not found, ignoring... Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: (internal): track script pingable_check_script not found, ignoring... Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: Truncating auth_pass to 8 characters Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: (external): track script haproxy_check_script not found, ignoring... Nov 28 11:11:39 controller-dc1r02n01 Keepalived_vrrp[24982]: (external): track script pingable_check_script not found, ignoring... None of the check scripts are getting executed because the keepalived_script user doesn't exist on the system, and in any case, the haproxy_check_script (which is "/bin/kill -0 `cat /var/run/haproxy.pid`") needs to run as root. The keepalived.conf man page says that "If [script_user] is not specified, the user defaults to keepalived_script if that user exists, otherwise root", but it doesn't seem to fallback to root in this case (maybe because of enable_script_security, but it's only supposed to prevent scripts from running as root if part of the path is writable by non-root, which isn't the case here). Anyway, setting keepalived_global_defs: - enable_script_security - script_user root in user_variables.yml fixes the issue: root@controller-dc1r02n01:~# journalctl -eu keepalived.service Nov 30 09:07:13 controller-dc1r02n01 systemd[1]: Starting Keepalive Daemon (LVS and VRRP)... Nov 30 09:07:14 controller-dc1r02n01 Keepalived[17543]: Starting Keepalived v1.3.9 (10/21,2017) Nov 30 09:07:14 controller-dc1r02n01 Keepalived[17543]: Opening file '/etc/keepalived/keepalived.conf'. Nov 30 09:07:14 controller-dc1r02n01 Keepalived[17544]: Starting Healthcheck child process, pid=17546 Nov 30 09:07:14 controller-dc1r02n01 Keepalived_healthcheckers[17546]: Opening file '/etc/keepalived/keepalived.conf'. Nov 30 09:07:14 controller-dc1r02n01 systemd[1]: Started Keepalive Daemon (LVS and VRRP). Nov 30 09:07:14 controller-dc1r02n01 Keepalived[17544]: Starting VRRP child process, pid=17549 Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Registering Kernel netlink reflector Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Registering Kernel netlink command channel Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Registering gratuitous ARP shared channel Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Opening file '/etc/keepalived/keepalived.conf'. Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Truncating auth_pass to 8 characters Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Truncating auth_pass to 8 characters Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: Using LinkWatch kernel netlink reflector... Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Script(pingable_check_script) succeeded Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Script(haproxy_check_script) succeeded Nov 30 09:07:14 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Instance(internal) Transition to MASTER STATE Nov 30 09:07:15 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Instance(external) Transition to MASTER STATE Nov 30 09:07:15 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Instance(internal) Entering MASTER STATE Nov 30 09:07:15 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Group(haproxy) Syncing instances to MASTER state Nov 30 09:07:15 controller-dc1r02n01 Keepalived_vrrp[17549]: Opening script file /etc/keepalived/haproxy_notify.sh Nov 30 09:07:16 controller-dc1r02n01 Keepalived_vrrp[17549]: VRRP_Instance(external) Entering MASTER STATE I'll submit a patch to set "script_user root" by default. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1806004/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-ha Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
