cephadm/services/ingress: configure security user in keepalived template

It is cleaner to enable script security and define a script user for keepalived.

Signed-off-by: Bernard Landon <[email protected]>

Author: thegreenbear

src/pybind/mgr/cephadm/templates/services/ingress/keepalived.conf.j2

@@ -1,4 +1,9 @@
 # {{ cephadm_managed }}
+global_defs {
+    enable_script_security
+    script_user root
+}
+
 vrrp_script check_backend {
     script "{{ script }}"
     weight -20

src/pybind/mgr/cephadm/tests/test_services.py

@@ -1738,6 +1738,10 @@ def test_ingress_config(self, _run_cephadm, cephadm_module: CephadmOrchestrator)
                         {
                             'keepalived.conf':
                                 '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                 'vrrp_script check_backend {\n    '
                                 'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                 'weight -20\n    '
@@ -1861,6 +1865,10 @@ def test_ingress_config_ssl_rgw(self, _run_cephadm, cephadm_module: CephadmOrche
                         {
                             'keepalived.conf':
                                 '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                 'vrrp_script check_backend {\n    '
                                 'script "/usr/bin/curl http://[1::4]:8999/health"\n    '
                                 'weight -20\n    '
@@ -1987,6 +1995,10 @@ def test_ingress_config_multi_vips(self, _run_cephadm, cephadm_module: CephadmOr
                         {
                             'keepalived.conf':
                                 '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                 'vrrp_script check_backend {\n    '
                                 'script "/usr/bin/curl http://1.2.3.7:8999/health"\n    '
                                 'weight -20\n    '
@@ -2121,6 +2133,10 @@ def test_keepalive_config_multi_interface_vips(self, _run_cephadm, cephadm_modul
                             {
                                 'keepalived.conf':
                                     '# This file is generated by cephadm.\n'
+                                    'global_defs {\n    '
+                                    'enable_script_security\n    '
+                                    'script_user root\n'
+                                    '}\n\n'
                                     'vrrp_script check_backend {\n    '
                                     'script "/usr/bin/curl http://1.2.3.1:8999/health"\n    '
                                     'weight -20\n    '
@@ -2312,6 +2328,10 @@ def test_keepalive_only_nfs_config(self, _run_cephadm, cephadm_module: CephadmOr
                         {
                             'keepalived.conf':
                                 '# This file is generated by cephadm.\n'
+                                'global_defs {\n    '
+                                'enable_script_security\n    '
+                                'script_user root\n'
+                                '}\n\n'
                                 'vrrp_script check_backend {\n    '
                                 'script "/usr/bin/false"\n    '
                                 'weight -20\n    '