Bug 1477563

Summary:	Keepalived complains always about default script username (even if set)
Product:	Red Hat Enterprise Linux 7	Reporter:	Robert Scheck <redhat-bugzilla>
Component:	keepalived	Assignee:	Ryan O'Hara <rohara>
Status:	CLOSED ERRATA	QA Contact:	Brandon Perkins <bperkins>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	7.4	CC:	cluster-maint, grant.loch, mlinden, redhat-bugzilla, robert.scheck
Target Milestone:	rc
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	keepalived-1.3.5-3.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-04-10 18:15:45 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Robert Scheck 2017-08-02 11:49:47 UTC

Description of problem:
Since updating to keepalived 1.3.x, we see the following in our logs:

Aug  2 13:46:55 tux1 Keepalived[6580]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script username 'keepalived_script' - ignoring
Aug  2 13:46:55 tux1 Keepalived[6580]: Opening file '/etc/keepalived/keepalived.conf'.

And this is, even we explicitly set

  script_user root root

in the global_defs section. Setting an invalid user leads to another error,
which makes me believing this is a bug in keepalived.

Version-Release number of selected component (if applicable):
keepalived-1.3.5-1.el7.x86_64

How reproducible:
Everytime, see above.

Actual results:
Keepalived complains always about default script username (even if set)

Expected results:
No complains by keepalived :)

Comment 2 Robert Scheck 2017-08-02 11:51:10 UTC

By the way, when having no "script_user" line, the message

Aug  2 13:50:08 tux1 Keepalived[6650]: Unable to resolve default script username 'keepalived_script' - ignoring

is still confusing or misleading to administrators, because it makes them
assuming this is a configuration mistake - which is not, just bad logging.

Comment 3 Robert Scheck 2017-08-02 13:32:18 UTC

Cross-filed ticket 01903060 on the Red Hat customer portal.

Comment 4 Ryan O'Hara 2017-08-02 15:55:32 UTC

Please attached a scrubbed config file when reporting bugs such as this one.

Comment 5 Ryan O'Hara 2017-08-02 16:08:51 UTC

https://github.com/acassen/keepalived/commit/1c5bfa293a0827fbfb7d70e499129676fbdf1d09

Comment 7 Robert Scheck 2017-08-02 20:22:24 UTC

Sorry, here we go (IMHO our situation is slighly different than your
referenced commit/fix):

--- snipp ---
global_defs {
    router_id tux1
    enable_script_security  # Keepalived yells about scripts?!
#    script_user root root  # Keepalived yells anyway?! RHBZ#1477563
    vrrp_iptables  # Empty to avoid iptables rules
#    vrrp_ipset  # Empty to avoid ipsets; does not work, RHBZ#1477572
}

vrrp_sync_group VRRP_GROUP {
    group {
        VRRP_INSTANCE
    }
    notify_master "/etc/conntrackd/primary-backup.sh primary"
    notify_backup "/etc/conntrackd/primary-backup.sh backup"
    notify_fault "/etc/conntrackd/primary-backup.sh fault"
}

vrrp_instance VRRP_INSTANCE {
    interface em2
    state BACKUP
    virtual_router_id 51
    priority 150
    track_interface {
        bond0
        bond1
    }
    native_ipv6
    unicast_src_ip 2001:db8::1
    unicast_peer {
        2001:db8::2
    }
    virtual_ipaddress {
        192.0.2.1/30 dev bond1.1000
        fe80::1/64 dev bond1.1000
        2001:db8:0:1000::1/64 dev bond1.1000
        192.0.2.250/29 dev bond0
        2001:db8:0:4003::2/64 dev bond0
    }
    virtual_routes {
        blackhole 192.0.2.0/24
        blackhole 2001:db8::/32
    }
    advert_int 1
    nopreempt
    garp_master_delay 0
    dont_track_primary
}
--- snapp ---

Comment 8 Ryan O'Hara 2017-08-02 23:15:52 UTC

You posted a confif but you failed to post any logs and/or error messages, so I have no idea what the problem is.

Comment 9 Robert Scheck 2017-08-02 23:27:44 UTC

The following log line is always thrown, no matter if "script_user" is
there or not:

Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script username 'keepalived_script' - ignoring

Comment 10 Ryan O'Hara 2017-08-02 23:43:32 UTC

(In reply to Robert Scheck from comment #9)
> The following log line is always thrown, no matter if "script_user" is
> there or not:
> 
> Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script
> username 'keepalived_script' - ignoring

Sorry, I'm not sure how you can make this comment when the build it not yet available. What exactly were you testing?

Comment 11 Robert Scheck 2017-08-03 00:06:05 UTC

(In reply to Ryan O'Hara from comment #10)
> Sorry, I'm not sure how you can make this comment when the build it not yet
> available. What exactly were you testing?

Sorry, misunderstanding. I indeed can only use keepalived-1.3.5-1.el7.x86_64
and report results from that. But I'm happy to test a newer package, if e.g.
GSS provides one.

Comment 15 Ryan O'Hara 2018-04-05 13:48:05 UTC

*** Bug 1564047 has been marked as a duplicate of this bug. ***

Comment 17 errata-xmlrpc 2018-04-10 18:15:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0972