Bug 1477563 - Keepalived complains always about default script username (even if set)
Keepalived complains always about default script username (even if set)
Status: MODIFIED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: keepalived (Show other bugs)
7.4
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Ryan O'Hara
Brandon Perkins
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-02 07:49 EDT by Robert Scheck
Modified: 2017-08-04 02:25 EDT (History)
3 users (show)

See Also:
Fixed In Version: keepalived-1.3.5-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2017-08-02 07:49:47 EDT
Description of problem:
Since updating to keepalived 1.3.x, we see the following in our logs:

Aug  2 13:46:55 tux1 Keepalived[6580]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script username 'keepalived_script' - ignoring
Aug  2 13:46:55 tux1 Keepalived[6580]: Opening file '/etc/keepalived/keepalived.conf'.

And this is, even we explicitly set

  script_user root root

in the global_defs section. Setting an invalid user leads to another error,
which makes me believing this is a bug in keepalived.

Version-Release number of selected component (if applicable):
keepalived-1.3.5-1.el7.x86_64

How reproducible:
Everytime, see above.

Actual results:
Keepalived complains always about default script username (even if set)

Expected results:
No complains by keepalived :)
Comment 2 Robert Scheck 2017-08-02 07:51:10 EDT
By the way, when having no "script_user" line, the message

Aug  2 13:50:08 tux1 Keepalived[6650]: Unable to resolve default script username 'keepalived_script' - ignoring

is still confusing or misleading to administrators, because it makes them
assuming this is a configuration mistake - which is not, just bad logging.
Comment 3 Robert Scheck 2017-08-02 09:32:18 EDT
Cross-filed ticket 01903060 on the Red Hat customer portal.
Comment 4 Ryan O'Hara 2017-08-02 11:55:32 EDT
Please attached a scrubbed config file when reporting bugs such as this one.
Comment 7 Robert Scheck 2017-08-02 16:22:24 EDT
Sorry, here we go (IMHO our situation is slighly different than your
referenced commit/fix):

--- snipp ---
global_defs {
    router_id tux1
    enable_script_security  # Keepalived yells about scripts?!
#    script_user root root  # Keepalived yells anyway?! RHBZ#1477563
    vrrp_iptables  # Empty to avoid iptables rules
#    vrrp_ipset  # Empty to avoid ipsets; does not work, RHBZ#1477572
}

vrrp_sync_group VRRP_GROUP {
    group {
        VRRP_INSTANCE
    }
    notify_master "/etc/conntrackd/primary-backup.sh primary"
    notify_backup "/etc/conntrackd/primary-backup.sh backup"
    notify_fault "/etc/conntrackd/primary-backup.sh fault"
}

vrrp_instance VRRP_INSTANCE {
    interface em2
    state BACKUP
    virtual_router_id 51
    priority 150
    track_interface {
        bond0
        bond1
    }
    native_ipv6
    unicast_src_ip 2001:db8::1
    unicast_peer {
        2001:db8::2
    }
    virtual_ipaddress {
        192.0.2.1/30 dev bond1.1000
        fe80::1/64 dev bond1.1000
        2001:db8:0:1000::1/64 dev bond1.1000
        192.0.2.250/29 dev bond0
        2001:db8:0:4003::2/64 dev bond0
    }
    virtual_routes {
        blackhole 192.0.2.0/24
        blackhole 2001:db8::/32
    }
    advert_int 1
    nopreempt
    garp_master_delay 0
    dont_track_primary
}
--- snapp ---
Comment 8 Ryan O'Hara 2017-08-02 19:15:52 EDT
You posted a confif but you failed to post any logs and/or error messages, so I have no idea what the problem is.
Comment 9 Robert Scheck 2017-08-02 19:27:44 EDT
The following log line is always thrown, no matter if "script_user" is
there or not:

Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script username 'keepalived_script' - ignoring
Comment 10 Ryan O'Hara 2017-08-02 19:43:32 EDT
(In reply to Robert Scheck from comment #9)
> The following log line is always thrown, no matter if "script_user" is
> there or not:
> 
> Aug  2 13:46:55 tux1 Keepalived[6580]: Unable to resolve default script
> username 'keepalived_script' - ignoring

Sorry, I'm not sure how you can make this comment when the build it not yet available. What exactly were you testing?
Comment 11 Robert Scheck 2017-08-02 20:06:05 EDT
(In reply to Ryan O'Hara from comment #10)
> Sorry, I'm not sure how you can make this comment when the build it not yet
> available. What exactly were you testing?

Sorry, misunderstanding. I indeed can only use keepalived-1.3.5-1.el7.x86_64
and report results from that. But I'm happy to test a newer package, if e.g.
GSS provides one.

Note You need to log in before you can comment on or make changes to this bug.